AIS Final Exam

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Which of the following is not an example of how an AIS adds value to an organization? Patient information at a hospital are encrypted and made only available on the hospital's network to healthcare professional with an access code. Patient information at a hospital are encrypted and made only available on the hospital's network to the patient with an access code. Patient billing information at a hospital are encrypted and made only available on the hospital's network to insurance companies with an access code. Patient information at a hospital are encrypted and made only available on the hospital's webpage to anyone with access to a search engine

Patient information at a hospital are encrypted and made only available on the hospital's webpage to anyone with access to a search engine

Which of the following data entry controls would not be useful if you are recording the checkout of library books by members? Validity check. Prompting. Sequence check. Concurrent update control.

Sequence check.

Error logs and review are an example of data entry controls. data transmission controls. processing controls. output controls.

data entry controls.

All of the following are benefits of the database approach except cross-functional analysis and reporting. minimal data redundancy. decentralized management of data. data integration and sharing.

decentralized management of data.

The possibility that a material error will occur even though auditors are following audit procedures and using good judgment is referred to as inherent risk. investigating risk. control risk. detection risk.

detection risk.

Information encrypted with the creator's private key that is used to authenticate the sender is called digital signature. digital certificate. asymmetric encryption. public key.

digital signature.

A process that takes plaintext of any length and transforms it into a short code is called asymmetric encryption. encryption. hashing. symmetric encryption.

hashing.

According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for hiring and firing the external auditors. performing tests of the company's internal control structure. certifying the accuracy of the company's financial reporting process. overseeing day-to-day operations of the internal audit department.

hiring and firing the external auditors.

The logical view of a database system refers to how master files store data values used by more than one application program. how and where the data are physically arranged and stored. how a user or programmer conceptually organizes and understands the data. how the DBMS accesses data for a certain application program.

how a user or programmer conceptually organizes and understands the data.

The physical view of a database system refers to how a user or programmer conceptually organizes and understands the data. how the DBMS accesses data for a certain application program. how and where the data are physically arranged and stored. how master files store data values used by more than one application program.

how and where the data are physically arranged and stored.

Sequentially prenumbered forms are an example of a(n) processing control. data entry control. input control. data transmission control.

input control.

Turnaround documents are an example of a(n) data entry control. processing control. input control. output control.

input control.

The ________ audit is concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives. financial operational information systems informational

operational

The REA data model approach facilitates efficient operations by all the following except storing financial and nonfinancial data in the same database. standardizing source document format. organizing data to simplify data retrieval and analysis. identifying non-value added activities.

standardizing source document format.

Relationships that affect the quantity of a resource are sometimes referred to as ________ relationships. stockflow commitment exchange duality

stockflow

A disaster recovery plan typically does not include a system upgrade due to operating system software changes. scheduled electronic vaulting of files. uninterruptible power systems installed for key system components. backup computer and telecommunication facilities.

system upgrade due to operating system software changes.

Identify one potential outcome of the delete anomaly. unintentional loss of data inability to add new data inconsistent data None of these

unintentional loss of data

The ________ occurs when more than one occurrence of a specific data item in a database exists. delete anomaly inconsistency anomaly update anomaly insert anomaly

update anomaly

________ is a data entry input control that involves summing the first four digits of a customer number to calculate the value of the fifth digit, then comparing the calculated number to the number entered during data entry. Validity check Duplicate data check Closed-loop verification Check digit verification

Check digit verification

Identify the notation often used to represent cardinality information. Greek characters. Color coding. Dotted lines. Crow's feet.

Crow's feet.

very person in the world has a birthdate, but no person has more than one birthdate. Thus, the cardinality that exists between birthdate and people is one-to-many. many-to-none. many-to-many. one-to-one.

one-to-many.

Every citizen in the United States has one social security number, but no two citizens have the same social security number. Thus, the cardinality that exists between social security numbers and citizens is one-to-one. many-to-none. many-to-many. one-to-many.

one-to-one.

Which of the following transactions is represented by the diagram below? Sale ||-------*| Receive Cash A lumber yard where customers may pay with cash for all purchases. A consulting firm that offers a variety of consulting services to other businesses. A buy-here-pay-here auto dealer where a car buyer sends monthly cash payments to the dealer. A department store that allows customers to carry a balance and to make installment payments, if they choose.

A lumber yard where customers may pay with cash for all purchases.

Which of the following transactions is represented by the diagram below? Sale >*----- |< Inventory A shoe store sells products to consumers. A stay-at-home mom creates furniture for doll houses. When one piece is finished, she sells it on Amazon.com. A junkyard holds weekly sales where it sells its entire inventory. Netflix sells movies to consumers through its online downloading service

A shoe store sells products to consumers.

Which of the following transactions is represented by the diagram below? Sale ||------|| Inventory A shoe store sells products to consumers. A stay-at-home mom creates furniture for doll houses. When one piece is finished, she sells it on Amazon.com. A junkyard holds weekly sales where it sells its entire inventory. Netflix sells movies to consumers through its online downloading service.

A stay-at-home mom creates furniture for doll houses. When one piece is finished, she sells it on Amazon.com.

You are assisting a manager from your company's headquarters in New York. The manager needs to interact online in real time with one of your company's affiliate overseas. The manager wants to make sure that her communications with the overseas affiliate won't be intercepted. What should you suggest to the manager? A private cloud network connection. An asymmetric encryption system with digital signatures connection. A multifactor authentication network connection. A virtual private network connection.

A virtual private network connection.

Which of the following is not one of the rules in creating an REA data model? Each event is linked to at least one resource that it affects. Each event is linked to at least one other event. All of these are important rules. Each event is linked to at least two participating agents.

All of these are important rules.

Identify the type of information below that is least likely to be considered confidential by an organization. Top executives' salaries. Legal documents. Audited financial statements. New product development plans.

Audited financial statements.

An audit software program that generates programs that perform certain audit functions, based on auditor specifications, is referred to as a(n) input controls matrix. mapping program. embedded audit module. CAATS.

CAATS.

Identify the notation below that is not used to represent cardinality information. (Min, Max). Maximums only. DFD. UML.

DFD.

Encryption is a necessary part of which information security approach? Synthetic based defense. Continuous monitoring. Time based defense. Defense in depth.

Defense in depth.

Duplicate checking of calculations and preparing bank reconciliations and monthly trial balances are examples of what type of control? Preventive control Detective control Corrective control Authorization control

Detective control

Identify the activity below that the external auditor should not be involved. Examining logical access policies and procedures. Examining system access logs. Making recommendations to management for improvement of existing internal controls. Developing the information system.

Developing the information system.

An electronic document that certifies the identity of the owner of a particular public key. Public key. Digital certificate. Digital signature. Asymmetric encryption.

Digital certificate.

Which of the following is not true regarding virtual private networks (VPN)? VPNs provide the functionality of a privately owned network using the Internet. It is more expensive to reconfigure VPNs to include new sites than it is to add or remove the corresponding physical connections in a privately owned network. The cost of the VPN software is much less than the cost of leasing or buying the infrastructure (telephone lines, satellite links, communications equipment, etc.) needed to create a privately owned secure communications network. Using VPN software to encrypt information while it is in transit over the Internet in effect creates private communication channels, often referred to as tunnels, which are accessible only to those parties possessing the appropriate encryption and decryption keys.

It is more expensive to reconfigure VPNs to include new sites than it is to add or remove the corresponding physical connections in a privately owned network.

What is the most effective way to ensure information system availability? Maintain a hot site. Frequent backups. High bandwidth. Maintain a cold site.

Maintain a hot site.

If an organization asks you to disclose your social security number, but fails to establish a set of procedures and policies for protecting your privacy, the organization has likely violated which of the Generally Accepted Privacy Principles? Use and retention. Notice. Choice and consent. Management.

Management.

Which statement is true regarding file systems? Transaction files are similar to ledgers in a manual AIS. Multiple master files create problems with data consistency. Individual records are never deleted in a master file. Transaction files are permanent.

Multiple master files create problems with data consistency.

Which of the following transactions is represented by the diagram below? Sale >|--------|< Inventory A shoe store sells products to consumers. A junkyard holds weekly sales where it sells its entire inventory. Netflix sells movies to consumers through its online downloading service. A stay-at-home mom creates furniture for doll houses. When one piece is finished, she sells it on Amazon.com.

Netflix sells movies to consumers through its online downloading service.

Which statement below is incorrect regarding program modifications? Only material program changes should be thoroughly tested and documented. During the change process, the developmental version of the program must be kept separate from the production version. When a program change is submitted for approval, a list of all required updates should be compiled and then approved by management and program users. After the modified program has received final approval, the change is implemented by replacing the developmental version with the production version.

Only material program changes should be thoroughly tested and documented.

Which of the following statements about REA modeling and REA diagrams is false? REA diagrams must include at least two activities, which together represent a give-get economic exchange. REA is an acronym for Resources, Entities, and Agents. REA data modeling could be referred to as an events-based model. REA data modeling does not include traditional accounting elements such as ledgers, chart of accounts, debits and credits.

REA is an acronym for Resources, Entities, and Agents.

________ tests a numerical amount to ensure that it does not exceed a predetermined value nor fall below another predetermined value. Field check Range check Completeness check Limit check

Range check

Identify the item below that is not a step you could take to prevent yourself from becoming a victim of identity theft. Only print your initial and last name on your personal checks. Refuse to disclose your social security number to anyone or any organization. Monitor your credit reports regularly. Shred all documents that contain your personal information.

Refuse to disclose your social security number to anyone or any organization.

Which of the following is not an information systems audit test of controls? Examine the results of disaster recovery plan simulations. Observe computer-site access procedures. Investigate how unauthorized access attempts are handled. Review logical access policies and procedures.

Review logical access policies and procedures.

Whose responsibility is it to determine the amount of time an organization can afford to be without its information system? External auditors. COBIT. The board of directors. Senior management.

Senior management.

In creating an entity-relationship diagram, ________ is anything about which an organization wants to collect and store information. a data model a tuple a schema an entity

an entity

A relational database in which vendor data is not maintained independently of purchase order data will most likely result in an insert anomaly. an integrity anomaly. an update anomaly. a delete anomaly.

an insert anomaly.

An auditor sets an embedded audit module to flag questionable online transactions, display information about the transaction on the auditor's computer, and send a text message to the auditor's cell phone. The auditor is using continuous and intermittent simulation. audit hooks. a system control audit review file. the snapshot technique.

audit hooks.

A well-planned and drawn level 0 data flow diagram for the revenue cycle would show which of the following processes? 1.0 Take customer's order; 2.0 Ship product; 3.0 Bill customer. 0.1 Take customer's order; 0.2 Ship product; 0.3 Bill customer. 0.1 Take customer's order; 0.12 Ship product; 0.13 Bill customer. 1.1 Take customer's order; 1.2 Ship product; 1.3 Bill customer.

1.0 Take customer's order; 2.0 Ship product; 3.0 Bill customer.

If available, a 1% discount for payment within 10 days instead of 30 days represents an approximate savings of ________% annually. 36 12 1 18

18

Interpret the following credit terms: 2/10, Net 30 a 20 percent discount can be taken if the balance is paid with 30 days. 20 percent of the balance is due upon receipt, with the remaining balance due in 30 days. 20 percent of the balance is due in 30 days. a 2 percent discount can be taken if the balance is paid within 10 days; otherwise, the balance is due in 30 days. a 10 percent discount can be taken if the balance is paid within 2 days; otherwise, the balance is due in 30 days.

2 percent discount can be taken if the balance is paid within 10 days; otherwise, the balance is due in 30 days.

Which type of audits can detect fraud and errors? External audits. Internal audits. Network security audits. All of these

All of these

Which of the following is an example of output fraud? The office manager of a Wall Street law firm sold information to friends and relatives about prospective mergers and acquisitions found in Word files. They made several million dollars trading the securities. A fraud perpetrator scanned a company paycheck, used desktop publishing software to erase the payee and amount, and printed fictitious paychecks. A man used desktop publishing to prepare bills for office supplies that were never ordered or delivered and mailed them to local companies. The invoices were for less than $300, an amount that often does not require purchase orders or approvals. A high percentage of the companies paid the bills. Two accountants without the appropriate access rights hacked into Cisco''s stock option system, transferred over $6.3 million of Cisco stock to their brokerage accounts, and sold the stock. They used part of the funds to support an extravagant lifestyle, including a $52,000 Mercedes-Benz, a $44,000 diamond ring, and a $20,000 Rolex watch.

A fraud perpetrator scanned a company paycheck, used desktop publishing software to erase the payee and amount, and printed fictitious paychecks.

Which of the following transactions is represented by the diagram below? Sale ||-------- |< Inventory Netflix sells movies to consumers through its online downloading service. A shoe store sells products to consumers. A stay-at-home mom creates furniture for doll houses. When one piece is finished, she sells it on Amazon.com. A junkyard holds weekly sales where it sells its entire inventory.

A junkyard holds weekly sales where it sells its entire inventory.

Requiring all packing slips be reconciled to purchase orders before accepting a delivery of inventory would be most likely to prevent which of the following situations? The inventory records are incorrectly updated when a receiving department employee enters the wrong product number on the receiving report. An employee mails a fake invoice to the company, which is then paid. A supplier delivers more inventory than ordered at the end of the year and sends an invoice for the total quantity delivered. Receiving department employees steal inventory and then claim the inventory was received and delivered to the warehouse.

A supplier delivers more inventory than ordered at the end of the year and sends an invoice for the total quantity delivered.

Which is the most important assertion relating to cash receipts? All amounts received relate to actual sales. All amounts received are from actual customers. All amounts received are properly recorded. All amounts received are properly disclosed in the footnotes of the financial statements. All amounts received are recorded in the same period in which the sale occurred.

All amounts received are properly recorded.

Why do many computer fraud cases go unreported and unprosecuted? Because of lack of funding and skilled staff, law enforcement investigates only 1 in 15 computer crimes. Many companies believe the adverse publicity would result in copycat fraud and a loss of customer confidence, which could cost more than the fraud itself. It is difficult to calculate total losses when information is stolen, websites are defaced, and viruses shut down entire computer systems. All of these

All of these

The first steps in protecting the privacy of personal information is to identify who has access to sensitive information. where sensitive information is stored. All of these are first steps in protecting privacy. what sensitive information is possessed by the organization.

All of these are first steps in protecting privacy.

Which of the following measures can protect a company from AIS threats? Take a proactive approach to eliminate threats. Detect threats that do occur. Correct and recover from threats that do occur. All of these are proper measures for the accountant to take.

All of these are proper measures for the accountant to take.

Identify the statement below which is not a useful control procedure regarding access to system outputs. Restricting access to rooms with printers. Coding reports to reflect their importance. Allowing visitors to move through the building without supervision. Requiring employees to log out of applications when leaving their desk.

Allowing visitors to move through the building without supervision.

A well-designed AIS can improve decision making in an organization. Identify the statement below that describes a situation where an AIS may actually inhibit effective decision making. An AIS reduces uncertainty, and therefore accounting information can provide a basis for choosing among alternative courses of action. An AIS provides to its users an abundance of information without any filtering or condensing of such information. An AIS provides information about the results of previous decisions which provides decision makers with feedback that can be used in future decision making. An AIS identifies situations requiring management action.

An AIS provides to its users an abundance of information without any filtering or condensing of such information.

How are data sources and destinations represented in a data flow diagram? As a circle As a square None of the above As a curved arrow As two parallel lines

As a square

Which internal control framework is widely accepted as the authority on internal controls? COBIT. ISACA framework. COSO Integrated Control. Sarbanes-Oxley control framework.

COSO Integrated Control.

Which of the following is an example of an ERP system? Doug is a freelance photographer. He keeps records of all expenses and revenues on his cell phone and then e-mails them to himself every month. The files are stored on his personal computer and backed up to CD quarterly. Charlie keeps records of all his business records in a shoe box. Each week he enters all of the data into spreadsheets that automatically generate purchase orders, based on predetermined inventory reorder points. Production quotas for the coming week are also automatically generated based on customer orders. Betty has a system that keeps track of the accounts payable and receivable for her plumbing business. At the end of the year, the system helps her to prepare her taxes in just two hours. Alexis uses a computerized information system to keep track of all the financial data generated by her bakery. She is considering opening a new bakery on the east side of town.

Charlie keeps records of all his business records in a shoe box. Each week he enters all of the data into spreadsheets that automatically generate purchase orders, based on predetermined inventory reorder points. Production quotas for the coming week are also automatically generated based on customer orders.

Which of the following is an example of a detective control? Physical access controls. Encryption. Continuous monitoring. Incident response teams.

Continuous monitoring.

Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security? Training. Controlling physical access. Controlling remote access. Host and application hardening.

Controlling remote access.

The receiving clerk at Wattana Technologies examines incoming shipments and checks their purchase order numbers. A receiving report is then sent to accounts payable, where it is reconciled with the relevant purchase orders and invoices and payment is authorized. Which of the following would correct control weaknesses related to the clerk's activities? Purchase orders and receiving reports should be reconciled by the purchasing manager. Vendor invoices should be approved for payment by the purchasing manager. Vendor invoices should be approved for payment by the shipping clerk after the purchase order and receiving report are reconciled. Controls are adequate under the current system.

Controls are adequate under the current system.

Maintaining backup copies of files, correcting data entry errors, and resubmitting transactions for subsequent processing are examples of what type of control? Preventive control Detective control Corrective control Authorization control

Corrective control

Which of the following is not a way to make fraud less likely to occur? Create an audit trail so individual transactions can be traced. Effectively supervise employees. Create an organizational culture that stresses integrity and commitment to ethical values. Adopt an organizational structure that minimizes the likelihood of fraud.

Create an audit trail so individual transactions can be traced.

With respect to data flow diagrams, which of the following statements are true? (Check all that apply) DFDs are subdivided into successively lower levels in order to provide ever-increasing amounts of detail. If two or more data flows move together, two lines are used. If the data flow separately, a single line is used. A context diagram is the lowest-level DFD; it provides a low-level view of a system. In order to provide more information, a portion of a level zero diagram ( such as process 2.0) can be dividend into sub-processes (for example, 2.1, 2.2, and 2.3, if there are three sub-processes).

DFDs are subdivided into successively lower levels in order to provide ever-increasing amounts of detail. In order to provide more information, a portion of a level zero diagram ( such as process 2.0) can be dividend into sub-processes (for example, 2.1, 2.2, and 2.3, if there are three sub-processes).

Which of the following statements is false? One of three answers is false DFDs help convey the timing of events. Flowcharts make use of many symbols. A document flowchart emphasizes the flow of documents or records containing data.

DFDs help convey the timing of events.

Which of the following entries are correct for writing off an accounts receivable as uncollectible? Increase write-offs of accounts receivable; Increase bad debt expense Increase write-offs of accounts receivable; Decrease accounts receivable Increase bad debt expense; Decrease accounts receivable Decrease allowance for doubtful accounts; Decrease accounts receivable

Decrease allowance for doubtful accounts; Decrease accounts receivable

Which of the following are flowchart preparation guidelines? (Check all that apply.) Develop an understanding of the system using tools, such as interviews or questionnaires, or by walking through the system transactions. It is usually not necessary to show procedures and processes in the order they take place. There is no need to identify departments, job functions, or external parties on the flowchart. In document flowcharts, divide the flowchart into columns with labels, clearly label all symbols, and use arrowheads on all the flow lines. Design the flowchart so that data flow from bottom to top and from right to left.

Develop an understanding of the system using tools, such as interviews or questionnaires, or by walking through the system transactions. In document flowcharts, divide the flowchart into columns with labels, clearly label all symbols, and use arrowheads on all the flow lines.

Which of the following is not a guideline when preparing a data flow diagram? Give each process a sequential number. Do not ignore any aspects of the system. Group transformation processes. Subdivide the DFD.

Do not ignore any aspects of the system.

Which of the following flowcharts illustrates the flow of data among areas of responsibility in an organization? Computer configuration chart Document flowchart Program flowchart System flowchart

Document flowchart

With respect to flowcharts, which of the following statements are true? (Check all that apply.) Flowcharts can be used to analyze how to improve business processes, but not document flows An internal control flowchart is not very helpful in spotting system weaknesses or inefficiencies. An internal control flowchart can be used to describe, analyze, and evaluate internal control strengths. A system flowchart describes the specific logic used to perform a process shown on a program flowchart. Document flowcharts trace a document for its cradle to its grave, showing everything that happens as it flows through the system

Document flowcharts trace a document for its cradle to its grave, showing everything that happens as it flows through the system An internal control flowchart can be used to describe, analyze, and evaluate internal control strengths.

In which stage(s) of the database design process does data modeling occur? During the systems analysis stage. During both the systems analysis and design stages. During the design stage. After the design stage.

During both the systems analysis and design stages.

________ is/are an example of a preventive control. Emergency response teams Encryption Log analysis Intrusion detection

Encryption

Which of the following is not a component of the COSO Enterprise Risk Management Integrated Framework (ERM)? Monitoring. Ethical culture. Risk assessment. Control environment.

Ethical culture.

Andile Uzoma is the CEO of Chibuzo Incorporated. The board of directors has recently demanded that they receive independent assurance regarding the financial statements, which are generated using an accounting information system. Which type of audit would best suit the demands of the board of directors? Sustainability audit. Operational audit. Information system audit. Financial audit.

Financial audit.

A DFD is a representation of which of the following? Decision rules in a computer program The logical operations performed by a computer program Computer hardware configuration Flow of data in an organization

Flow of data in an organization

All of the following are recommended guidelines for making flowcharts more readable, clear, concise, consistent, and understandable except: Flowchart all data flows, especially exception procedures and error routines. Show the final disposition of all documents to prevent loose ends that leave the reader dangling. Divide a document flowchart into columns with labels. Design the flowchart so that flow proceeds from top to bottom and from left to right.

Flowchart all data flows, especially exception procedures and error routines.

Which of the following control procedures is best for ensuring that sales at Waren are recorded in the proper accounting period? Examine the last 10 shipping document numbers of the current year and ensure that sales were recorded in the subsequent year. Examine the first 10 shipping document numbers of the subsequent year and ensure that the sales were recorded in the same period as the customer orders were placed. Have an employee from the accounting department on-hand in the shipping department at the close-of-business for the current year in order to record the last shipping document number of the year. Examine the last 10 shipping document numbers of the subsequent year and ensure that sales were recorded in the subsequent year. Examine the first 10 shipping document numbers of the current year and the last 10 shipping document numbers of the subsequent year and ensure that sales were recorded in the proper period.

Have an employee from the accounting department on-hand in the shipping department at the close-of-business for the current year in order to record the last shipping document number of the year.

Which of the following is the greatest risk to information systems and causes the greatest dollar losses? Physical threats such as natural disasters Human errors and omissions Dishonest employees Computer crime

Human errors and omissions

Which of the following statements below shows the contrast between data and information? Information is the primary output of an accounting information system. Data is the primary output of an accounting information system. Data and information are the same. Data is more useful in decision making than information.

Information is the primary output of an accounting information system.

Identify the first step in protecting the confidentiality of intellectual property below. Identifying what controls should be placed around the intellectual property. Identifying the weaknesses surrounding the creation of the intellectual property. Identifying who has access to the intellectual property. Identifying the means necessary to protect the intellectual property.

Identifying who has access to the intellectual property.

Which of the following are data flow diagram preparation guidelines? (Check all that apply) Include all error paths, no matter how unimportant they may seem. Give each process a sequential number to help readers navigate among the DFD levels All transformation processes should have one or more incoming data flows, but may not have an outgoing data flow. Include all relevant data elements so that they are considered during the system development

Include all relevant data elements so that they are considered during the system development Give each process a sequential number to help readers navigate among the DFD levels

Classification of confidential information is the responsibility of whom, according to COBIT5? IT security professionals. Management. Information owner. External auditor.

Information owner.

Which type of audit assesses employee compliance with management policies and procedures? External audit. Internal audit. Compliance audit. Operational audit.

Internal audit.

Which of the following is not a step in an organization's incident response process? Recognition. Recovery. Isolation. Containment.

Isolation.

________ attempts to minimize or eliminate carrying and stockout costs. Just-in-time inventory Evaluated receipt settlement Materials requirements planning Economic order quantity

Just-in-time inventory

All of the following are guidelines that should be followed in naming DFD data elements except: Choose active and descriptive names. Process names should include action verbs, such as update, edit, prepare, and record. Name only the most important DFD elements. Make sure the names describe all the data or the entire process.

Name only the most important DFD elements.

Which characteristic of the fraud triangle often stems from the belief that "the rules do not apply to me" within an organization? Opportunity Rationalization Concealment Pressure

Opportunity

Which of the following statements is false? Flowcharts use a standard set of symbols to describe pictorially the flow of documents and data through a system. Press enter after select an option to check the answer A system flowchart is a narrative representation of an information system. A flowchart is an analytical technique used to describe some aspect of an information system in a clear, concise, and logical manner. Flowcharts are easy to prepare and revise when the designer utilizes a flowcharting software package.

Press enter after select an option to check the answer A system flowchart is a narrative representation of an information system.

Which of the following are data flow diagram preparation guidelines (Check all that apply) Processes and data stores typically take their names from the data inflows or outflows In a DFD, you should always show how the system starts and stops Data flows can only move in one direction All data flows should come from, and go to, a transformation process, a data store, or a source or destination

Processes and data stores typically take their names from the data inflows or outflows All data flows should come from, and go to, a transformation process, a data store, or a source or destination

The documentation skills that accountants require vary with their job function. However, all accountants should at least be able to do which of the following? Critique and correct documentation that others prepare. Teach others how to prepare documentation. Prepare documentation for a newly developed information system. Read documentation to determine how the system works.

Read documentation to determine how the system works.

________ information reduces uncertainty, improves decision-makers' ability to make predictions, or confirms expectations. Relevant Reliable Timely Complete

Relevant

Which of the following is NOT a flowcharting symbol category? Processing Storage Reporting Input/output

Reporting

Which of the following is an effective control to ensure that sales returns are valid? Do not allow credit memorandums to be recorded in the sales journal; rather, create a separate sales returns journal. Require a receiving report to be attached to all credit memorandums prior to approving the return. Periodically select a sample of credit memorandums and ensure that they have been properly recorded. Require that sales returns are handled by the same employee who credits the customer's account.

Require a receiving report to be attached to all credit memorandums prior to approving the return.

________ remains after management implements internal control(s). Inherent risk Residual risk Risk appetite Risk assessment

Residual risk

When estimating uncollectible accounts, which of the following would be least useful? Past experience Industry experience Current-year aging report Sales forecasts Economic indicators

Sales forecasts

Identify the most accurate statement below. Several purchase orders are often created to fill one purchase requisition. Several purchase requisitions are often created to fill one purchase order. Every purchase order should lead to the creation of one purchase requisition. Every purchase requisition should lead to the creation of one purchase order.

Several purchase orders are often created to fill one purchase requisition.

Which of the following are flowchart preparation guidelines? (Check all that apply.) Show the final disposition of all the documents. Do not indicate on the flowchart who prepared the flowchart. Identify the business processes, documents, data flows, and data processing procedures to be flowcharted. Show where documents or processes originate, and data are processed, but do not show where data are stored or sent. Show data entered into, or retrieved from, a database as passing through a processing operation (computer program) first.

Show the final disposition of all the documents. Identify the business processes, documents, data flows, and data processing procedures to be flowcharted. Show data entered into, or retrieved from, a database as passing through a processing operation (computer program) first.

The inventory tracking system shows that 12 laptop were on hand before a customer brings two laptops to the register for purchase. The cashier accidentally enters the quantity sold as 20 instead of 2. Which data entry control would most effectively prevent this error? Limit check. Sign check. Validity check. Field check.

Sign check.

Which of the following tasks is not performed by the cash disbursement clerk? Sign checks. Review the supporting documents for completeness and accuracy. Prepare checks. Mark the supporting documents paid.

Sign checks.

Why is computer fraud often more difficult to detect than other types of fraud? Computers provide more opportunities for fraud. Rarely is cash stolen in computer fraud. The fraud may leave little or no evidence it ever happened. Computer fraud perpetrators are just more clever than other types of criminals.

The fraud may leave little or no evidence it ever happened.

In many cases of fraud, the ________ takes more time and effort than the ________. conversion; concealment conversion; theft concealment; theft theft; concealment

concealment; theft

The data entry control that would best prevent entering an invoice received from a vendor who is not on an authorized supplier list is a check digit. an authorization check. a validity check. closed-loop verification.

a validity check.

What is the primary difference between fraud and errors in financial statement reporting? The level of management involved The type of transaction effected The intent to deceive The materiality of the misstatement

The intent to deceive

A payroll clerk accidentally entered an employee's hours worked for the week as 380 instead of 38. The data entry control that would best prevent this error would be a check digit. a limit check. a field check. batch total reconciliation.

a limit check.

Compatibility tests utilize a(n) ________, which is a list of authorized users, programs, and data files the users are authorized to access or manipulate. validity test biometric matrix logical control matrix access control matrix

access control matrix

Is it best practice for an organization to practice periodically restoring a system from its backup files? No, doing so takes the system offline and prevents customers from being able to access the system. Yes, doing so verifies the procedure and backup media are working correctly. Yes, doing so improves the efficiency of the system. No, doing so might introduce errors into the system's data.

Yes, doing so verifies the procedure and backup media are working correctly.

Which of the following is not one of the components of the fraud triangle? Rationalization Incentive Susceptibility Opportunity

Susceptibility

Which is a true statement about the REA data model? Using an REA data model is not helpful when creating an R-E diagram. The term REA is an acronym that stands for resources, entities, and activities. The term REA is an acronym that stands for resources, entities, and agents. The REA data model classifies entities into three distinct categories.

The REA data model classifies entities into three distinct categories.

Which of the following is not an example of misappropriation of assets? The treasurer of the company makes an unauthorized wire transfer from the organization's bank to a personal account in Grand Cayman. The president of the company utilizes the organization's cash to add a floor to her 15,000 square foot house. The chief financial officer of the company falsely adds $20 million to the accounts receivable and revenue accounts. A warehouse employee takes home two units of electronic entertainment inventory each week without authorization.

The chief financial officer of the company falsely adds $20 million to the accounts receivable and revenue accounts.

Identify the opportunity below that could enable an employee to commit fraud. An employee is upset that he was passed over for a promotion. The employee is experiencing financial hardship. The company does not have a clear policies and procedures for the employee to follow. An employee's spouse loses her job.

The company does not have a clear policies and procedures for the employee to follow.

Which of the following is an example of data fraud? The office manager of a Wall Street law firm sold information to friends and relatives about prospective mergers and acquisitions found in Word files. They made several million dollars trading the securities. A fraud perpetrator scanned a company paycheck, used desktop publishing software to erasethe payee and amount, and printed fictitious paychecks. Two accountants without the appropriate access rights hacked into Cisco''s stock option system, transferred over $6.3 million of Cisco stock to their brokerage accounts, and sold the stock. They used part of the funds to support an extravagant lifestyle, including a $52,000 Mercedes-Benz, a $44,000 diamond ring, and a $20,000 Rolex watch. A man used desktop publishing to prepare bills for office supplies that were never ordered or delivered and mailed them to local companies. The invoices were for less than $300, an amount that often does not require purchase orders or approvals. A high percentage of the companies paid the bills.

The office manager of a Wall Street law firm sold information to friends and relatives about prospective mergers and acquisitions found in Word files. They made several million dollars trading the securities.

In regards to the accounts payable department, which statement is not true? The supplier's invoice indicates the financial value of the transaction. The purchase order proves that the purchase was required. The purchase requisition shows that the transaction was authorized. The receiving report provides evidence of the physical receipt of the goods.

The purchase order proves that the purchase was required.

Which of the following statements is not correct? The voucher system is used to improve control over cash disbursements. The voucher system permits the firm to consolidate payments of several invoices on one voucher. Many firms replace accounts payable with a voucher payable system. The sum of the paid vouchers represents the voucher payable liability of the firm.

The sum of the paid vouchers represents the voucher payable liability of the firm.

Which of the following controls can minimize the threat of check alteration? Perpetual inventory system. The use of ERS. The use of positive pay. Do not inform receiving employees about quantity ordered.

The use of positive pay.

Which of the following statements least justifies the need for receiving reports? They reduce the risk that goods will be purchased on behalf of the Company for personal use by employees. They provide assurance to the vendor that all goods were received in good condition. They help to ensure that only authorized goods are received by the Company. They help prevent paying for goods before they have been examined as satisfactory by the Company. They create an audit trail that bridges the purchasing and cash disbursements cycles.

They provide assurance to the vendor that all goods were received in good condition.

What is the primary objective of ensuring systems and information are available for use whenever needed? To maximize sales. To minimize system expense. To maximize system processing speed. To minimize system downtime.

To minimize system downtime.

Which of the following is an example of processor fraud? A man used desktop publishing to prepare bills for office supplies that were never ordered or delivered and mailed them to local companies. The invoices were for less than $300, an amount that often does not require purchase orders or approvals. A high percentage of the companies paid the bills. Two accountants without the appropriate access rights hacked into Cisco's stock option system, transferred over $6.3 million of Cisco stock to their brokerage accounts, and sold the stock. They used part of the funds to support an extravagant lifestyle, including a $52,000 Mercedes-Benz, a $44,000 diamond ring, and a $20,000 Rolex watch. The office manager of a Wall Street law firm sold information to friends and relatives about prospective mergers and acquisitions found in Word files. They made several million dollars trading the securities. A fraud perpetrator scanned a company paycheck, used desktop publishing software to erasethe payee and amount, and printed fictitious paychecks.

Two accountants without the appropriate access rights hacked into Cisco's stock option system, transferred over $6.3 million of Cisco stock to their brokerage accounts, and sold the stock. They used part of the funds to support an extravagant lifestyle, including a $52,000 Mercedes-Benz, a $44,000 diamond ring, and a $20,000 Rolex watch.

Which of the controls below would be least effective at preventing a company from ordering goods at a price higher than market? Only place orders with vendors on an approved vendor list. Variance analysis of actual expenses to budgeted expenses For high-dollar goods, solicit competitive bids from possible vendors. Frequent review of, and update to, vendor price lists stored in the AIS

Variance analysis of actual expenses to budgeted expenses

Which would not generally be considered a data dictionary output report? a list of cash balances in the organization's bank accounts a list of all data elements used by a particular user a list of all synonyms for the data elements in a particular file a list of all programs in which a data element is used

a list of cash balances in the organization's bank accounts

Which of the following commonly initiates the data input process? a trial balance query automatic batch processing a business activity an accounting department source document

a business activity

What is the first step performed after checks are received in the mail room at Waren Sports Supply? an entry in the sales journal an entry in accounts receivable subsidiary ledger an entry in the cash receipts journal a cash receipts prelist is prepared a bank deposit slip is prepared

a cash receipts prelist is prepared

At Waren, a completed credit sales transaction should be supported by a customer order, bill of lading, voucher, and sales invoice. a customer order, receiving report, and sales invoice. a customer order, bill of lading, receiving report, and sales invoice. a customer order, bill of lading, and sales invoice. a customer order, receiving report, sales invoice, and voucher.

a customer order, bill of lading, and sales invoice.

A graphical description of data sources, data flows, transformation processes, data storage, and data destinations is called a data flow diagram. a business process diagram. a flowchart. a context diagram.

a data flow diagram.

The document that shows the items stored in a file, including the order and length of the data fields and the type of data stored is called a record layout. a data layout. a physical layout. a logical layout.

a record layout.

In a DFD, a data destination is represented by an arrow. a square. two horizontal lines. a bubble.

a square.

Social engineering is inserting a sleeve into an ATM so that it will not eject the victim's card, pretending to help thevictim as a means of obtaining his PIN, and using the card and PIN to drain the account. verifying credit card validity; buying and selling stolen credit cards. changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data. a technique that tricks a person into disclosing confidential information.

a technique that tricks a person into disclosing confidential information.

A ________ is a data entry control that compares the ID number in transaction data to a master file to verify that the ID number exists. validity check reasonableness test data matching user review

validity check

The receiving report is used to advise the purchasing department of the dollar value of the goods delivered advise general ledger of the accounting entry to be made accompany physical inventories to the storeroom or warehouse advise the vendor that the goods arrived safely

accompany physical inventories to the storeroom or warehouse

When a customer of a company inquires about the amount which the customer owes the company, the clerk handling the question would go to the: sales journal customer service department original copy of the monthly statement accounts receivable general ledger accounts receivable subsidiary ledger

accounts receivable subsidiary ledger

Accounting information plays major roles in managerial decision making by all of the above providing a basis for choosing among alternative actions. identifying situations requiring management action. reducing uncertainty.

all of the above

An accounting information system must be able to perform which of the following tasks? process transaction data provide adequate controls collect transaction data all of the above

all of the above

Goods received are inspected and counted to determine that the goods are in good condition all of the above determine the quantity of goods received preclude payment for goods not received or received in poor condition

all of the above

When the AIS provides information in a timely and accurate manner, it stands as an example of improving the quality and reducing the costs of products or services. improving efficiency. improved decision making. all of the above

all of the above

A ________ determines if all required data items have been entered. completeness check field check limit check range check

completeness check

The simplest and most common way to commit a computer fraud is to alter computer input. modify the processing. alter computer output. corrupt the database.

alter computer input.

All of the following are disadvantages of an ERP system except an ERP provides an integrated view of the organization's data. ERP software and hardware can cost midsized companies between $10 million and $20 million dollars. ERPs frequently cause organizations to change their business processes to standardized ones. ERPs are relatively complex.

an ERP provides an integrated view of the organization's data.

Auditors have several techniques available to them to test computer-processing controls. An audit technique that immediately alerts auditors of suspicious transactions is known as an audit hook. the snapshot technique. reperformance. a SCARF.

an audit hook.

A client approached Paxton Uffe and said, "Paxton, I need for my customers to make payments online using credit cards, but I want to make sure that the credit card data isn't intercepted. What do you suggest?" Paxton responded, "The most effective solution is to implement an encryption system with digital signatures." a data masking program." a private cloud environment." a virtual private network."

an encryption system with digital signatures."

Reconciliation procedures is an example of a processing control. a data entry control. a data transmission control. an output control.

an output control.

Which type of control prevents, detects, and corrects transaction errors and fraud? general application detective preventive

application

The data dictionary usually is maintained by the database programmers. by the database administrator. by top management. automatically by the DBMS.

automatically by the DBMS.

The Trust Services Framework reliability principle that states that users must be able to enter, update, and retrieve data during agreed-upon times is known as availability. security. maintainability. integrity.

availability.

A document prepared at the time of shipment indicating the description of the merchandise, the quantity shipped and other relevant data. It is a written contract of the receipt and shipment of goods between the seller and the carrier. This document is a: receiving report bill of lading remittance advice sales order purchase requisition

bill of lading

A typical source document could be the company's financial statements. both some type of paper document and a computer data entry screen a computer data entry screen. some type of paper document.

both some type of paper document and a computer data entry screen

According to the ERM model, ________ help the company address all applicable laws and regulations. compliance objectives operations objectives reporting objectives strategic objectives

compliance objectives

An entity-relationship diagram can show a limited number of entities and relationships. is used only to design new databases. is only used in conjunction with REA models. can represent the contents of any database.

can represent the contents of any database.

The sales journal is the only journal that would be used to post a: sale credit sale cash discount cash sale cash transaction

cash sale

Data diddling is verifying credit card validity; buying and selling stolen credit cards. inserting a sleeve into an ATM so that it will not eject the victim's card, pretending to help thevictim as a means of obtaining his PIN, and using the card and PIN to drain the account. changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data. a technique that tricks a person into disclosing confidential information.

changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data.

A client's accounting records are unfamiliar to a new auditor. Where would a new auditor go to learn the names and numbers of the accounts being debited and credited in the transactions? general ledger chart of accounts inquire of the client internal control flowcharts general journal

chart of accounts

Text that was transformed into unreadable gibberish using encryption is called private text. encryption text. plaintext. ciphertext.

ciphertext.

Auditing involves the collection of audit evidence and approval of economic events. collection, review, and documentation of audit evidence. planning and verification of economic events. testing, documentation, and certification of audit evidence.

collection, review, and documentation of audit evidence.

Information that does not omit important aspects of the underlying events or activities that it measures is timely. relevant. complete accessible.

complete

The Trust Services Framework reliability principle that states sensitive information be protected from unauthorized disclosure is known as availability. security. confidentiality. integrity.

confidentiality.

An auditor sets an embedded audit module to selectively monitor transactions. Selected transactions are then reprocessed independently, and the results are compared with those obtained by the normal system processing. The auditor is using an integrated test facility. continuous and intermittent simulation. the snapshot technique. a system control audit review file.

continuous and intermittent simulation.

A document indicating a reduction in the amount due from a customer because of returned goods or an allowance granted is called a: sales return and allowances journal sales invoice uncollectible account authorization form debit memo credit memo

credit memo

At Waren Sports Supply, which of the following is the correct order for document preparation and entry recording in the sales and cash receipts cycle? customer order, sales invoice, bill of lading, entry in sales and accounts receivable subsidiary ledgers customer order, entry in sales and accounts receivable subsidiary ledgers, sales invoice, bill of lading customer order, bill of lading, entry in sales and accounts receivable subsidiary ledgers, sales invoice customer order, bill of lading, sales invoice, entry in sales and accounts receivable subsidiary ledgers

customer order, bill of lading, sales invoice, entry in sales and accounts receivable subsidiary ledgers

In order to maintain controls over cash receipts, cash is typically deposited _____, while a bank reconciliation is performed _____. weekly, monthly daily, monthly monthly, daily weekly, weekly daily, weekly

daily, monthly

Independent checks on performance include all the following except data input validation checks. reconciling hash totals. preparing a trial balance report. supervisor review of journal entries and supporting documentation.

data input validation checks.

Identify the four parts of the transaction processing cycle. data input, data storage, data processing, information output data input, data recall, data transmission, information output data input, data recall, data transmission, data storage data input, data recall, data processing, information output

data input, data storage, data processing, information output

The process of defining a database so that it faithfully represents all aspects of the organization including its interactions with the external environment is called data definition. data designing. data modeling. data development.

data modeling.

Information is best described as data that has been organized and processed so that it is meaningful to the user. the same thing as data. facts that are useful when processed in a timely manner. raw facts about transactions.

data that has been organized and processed so that it is meaningful to the user.

An AIS that makes information more easily accessible and more widely available is likely to increase pressure for decentralization and autonomy. centralization and defined procedures. centralization and autonomy. Data is more useful in decision making than information.

decentralization and autonomy.

A major financial institution hired a renowned security firm to attempt to compromise its computer network. A few days later, the security firm reported that it had successfully entered the financial institution's computer system without being detected. The security firm presented an analysis of the vulnerabilities that had been found to the financial institution. This is an example of a preventive control. detective control. corrective control. security control.

detective control.

The first step in a risk-based audit approach is to evaluate the control procedures. determine the threats facing the AIS. evaluate weaknesses to determine their effect on the audit procedures. identify the control procedures that should be in place.

determine the threats facing the AIS.

A(n) ________ measures company progress by comparing actual performance to planned performance. boundary system diagnostic control system interactive control system belief system

diagnostic control system

The type of flowchart that illustrates the flow of documents and data among areas of responsibility within an organization is called program flowchart. document flowchart. system flowchart. business process flowchart

document flowchart.

The traditional approach to inventory management to ensure sufficient quantity on hand to maintain production is known as optimal inventory quantity. safety stock. just-in-time production. economic order quantity.

economic order quantity.

Using prenumbered sales invoices is the primary control procedure for both a and c. ensuring that all recorded sales transactions are accurate. both b and c. ensuring that all recorded sales transactions are valid. ensuring that all sales transactions are recorded.

ensuring that all sales transactions are recorded.

A(n) ________ diagram graphically depicts a database's contents by showing entities and relationships. data flow flowchart entity-relationship REA

entity-relationship

In the ________ stage of an operational audit, the auditor measures the actual system against an ideal standard. testing evidence evaluation internal control evidence collection

evidence evaluation

John Pablo works in the accounting department of a multinational manufacturing company. His job includes updating accounts payable based on purchase orders and checks. His responsibilities are part of the company's financing cycle. production cycle. revenue cycle. expenditure cycle.

expenditure cycle.

The ________ audit examines the reliability and integrity of accounting records. financial operational informational information systems

financial

The batch processing data entry control that sums a field that contains dollar values is called sequence check. financial total. hash total. record count.

financial total.

A ______ is a pictorial, analytical technique used to describe some aspect of an information system in a clear, concise, and logical manner. context flow diagram BFD flowchart narrative

flowchart

n attribute in a table that serves as a unique identifier in another table and is used to link the two tables is a relational key. primary key. linkage key. foreign key.

foreign key.

The two most common types of fraud impacting financial statements are fraudulent financial reporting and e-commerce fraud. misappropriation of assets and embezzlement. fraudulent financial reporting and misappropriation of assets. corruption and fraudulent financial reporting.

fraudulent financial reporting and misappropriation of assets.

The ________ is not a transaction cycle. expenditure cycle human resources cycle general ledger and reporting cycle revenue cycle

general ledger and reporting cycle

The batch processing data entry control that sums a non-financial numeric field is called record count. financial total. sequence check. hash total.

hash total.

Gaining control of somebody's computer without their knowledge and using it to carry out illicit activities is known as posing. hijacking. hacking. spamming.

hijacking.

The first step of the risk assessment process is generally to identify controls to reduce all risk to zero. estimate the exposure from negative events. identify the threats that the company currently faces. estimate the risk probability of negative events occurring.

identify the threats that the company currently faces.

Which of the following is not one of the five principles of COBIT5? meeting stakeholder needs covering the enterprise end-to-end enabling a holistic approach improving organization efficiency

improving organization efficiency

Identify one potential outcome of the insert anomaly. inconsistent data None of these unintentional loss of data inability to add new data

inability to add new data

Identify one potential outcome of the update anomaly. unintentional loss of data inability to add new data None of these inconsistent data

inconsistent data

The purchase order is the source document to make an entry into the accounting records is prepared by the inventory control department indicates item description, quantity, and price is approved by the end-user department

indicates item description, quantity, and price

"Cooking the books" is typically accomplished by all the following except accelerating recognition of revenue. delaying recording of expenses. overstating inventory. inflating accounts payable.

inflating accounts payable.

Cancellation and storage of documents is one example of a(n) data entry control. processing control. output control. input control.

input control.

Form design is one example of a(n) output control. data entry control. input control. processing control.

input control.

The SEC, PCAOB, and FASB are best described as external influences that directly affect an organization's hiring practices. philosophy and operating style. internal environment. methods of assigning authority.

internal environment.

In a merchandising firm, authorization for the purchase of inventory is the responsibility of purchasing cash disbursements inventory control accounts payable

inventory control

Multi-factor authentication involves the use of two or more basic authentication methods. is a table specifying which portions of the systems users are permitted to access. provides weaker authentication than the use of effective passwords. requires the use of more than one effective password.

involves the use of two or more basic authentication methods.

Lauren wants to open a floral shop in a downtown business district. She doesn't have funds enough to purchase inventory and pay six months' rent up front. Lauren approaches a good friend, Jamie, to discuss the possibility of Jamie investing funds and becoming a 25% partner in the business. After a lengthy discussion, Jamie agrees to invest. Eight months later, Jamie discovered that Lauren has not be honest with her regarding some aspects of the business financial operation. In order for Jamie to sue Lauren for fraud, all the following must be true except Jamie's decision to invest was primarily based on Lauren's assertion that she had prior floral retail experience. Jamie has suffered a substantial loss in her investment because of Lauren's deception. Jamie found Lauren dishonest because she does not always reconcile the business cash account on a timely basis. Jamie trusted and relied on Lauren's representation of the business financial operation.

jamie found Lauren dishonest because she does not always reconcile the business cash account on a timely basis.

A fraud technique that allows a hacker to place himself or herself between a client and a host to intercept network traffic is called the ________ technique. Trojan horse man-in-the-middle salami trap door

man-in-the-middle

Perhaps the most striking fact about natural disasters in relation to AIS controls is that there are a large number of major disasters every year. many companies in one location can be seriously affected at one time by a disaster. losses are absolutely unpreventable. disaster planning has largely been ignored in the literature.

many companies in one location can be seriously affected at one time by a disaster.

Using a file-oriented approach to data and information, data is maintained in a centralized database. many interconnected files. a decentralized database. many separate files.

many separate files.

File-oriented approaches create problems for organizations because of multiple transaction files. multiple master files. a lack of sophisticated file maintenance software. multiple users.

multiple master files.

The receiving department is not responsible to count items received from vendors order goods from vendors inspect shipments received safeguard goods until they are transferred to the warehouse

order goods from vendors

In an ERP system, the module used to record data about transactions in the revenue cycle is called financial. order to cash. customer relationship management. purchase to pay.

order to cash.

The first major business activity in the expenditure cycle is receiving goods from vendors. a customer sale. shipping goods to customers. ordering inventory, supplies, or services.

ordering inventory, supplies, or services.

The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the control activities. organizational structure. budget framework. internal environment.

organizational structure.

The audit committee of the board of directors is usually chaired by the CFO. conducts testing of controls on behalf of the external auditors. provides a check and balance on management. does all of these.

provides a check and balance on management.

The information systems audit objective that pertains to protect computer equipment, programs, communications, and data from unauthorized access, modification, or destruction is known as overall security. program development. processing. program modifications.

overall security.

The process that screens individual IP packets based solely on the contents of the source and/or destination fields in the packet header is known as access control list. deep packet inspection. intrusion filtering. packet filtering.

packet filtering.

Remittance advice is used to: authorize a transaction send or receive billing for asset or service pay or receive cash ship or receive asset or service record or issue order to sell, buy or employ

pay or receive cash

Hunter Carr is an accountant with AcctSmart. The firm has a very strict policy of requiring all users to change their passwords every sixty days. In early March, Hunter received an e-mail claiming that there had been an error updating his password and it provided Hunter with a link to a website with instructions for re-updating his password. Something about the e-mail made Hunter suspicious, so he called AcctSmart's information technology department and found that the e-mail was fictitious. The e-mail was an example of phishing. piggybacking. social engineering. spamming.

phishing.

SAS No. 99 requires that auditors alert the Securities and Exchange Commission of any fraud detected. plan audits based on an analysis of fraud risk. detect all material fraud. take all of these actions.

plan audits based on an analysis of fraud risk.

Using a small device with storage capacity (iPod, Flash drive) to download unauthorized data from a computer is called eavesdropping. masquerading. podslurping. bluebugging.

podslurping.

Creating a seemingly legitimate business, collecting personal data while making a sale, and never delivering items sold is known as hijacking. hacking. posing. spamming.

posing.

In the expenditure cycle, general ledger does not post the journal voucher from the purchasing department post the journal voucher from the accounts payable department reconcile the inventory control account with the inventory subsidiary summary post the account summary from inventory control

post the journal voucher from the purchasing department

Acting under false pretenses to gain confidential information is called tabnapping. pretexting. piggybacking. superzapping.

pretexting.

A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n) preventive control. detective control. corrective control. authorization control.

preventive control.

Hiring qualified personnel is an example of a ________ control, and procedures to resubmit rejected transactions are an example of a ________ control. corrective; detective detective; corrective preventive; corrective detective; preventive

preventive; corrective

Data matching is an example of a(n) processing control. data transmission control. data entry control. input control.

processing control.

The transaction cycle that includes product design is known as the financing cycle. production cycle. expenditure cycle. revenue cycle.

production cycle.

In an ERP system, the module used to record data about transactions in the disbursement cycle is called order to cash. purchase to pay. customer relationship management. financial.

purchase to pay.

A delivery of inventory from a vendor, with whom a credit line is already established, would be initially recorded in which type of accounting record and as part of what transaction cycle? purchases journal; expenditure cycle cash disbursements journal; production cycle general journal; expenditure cycle general ledger; expenditure cycle

purchases journal; expenditure cycle

If duties are properly segregated, the authorization function is performed by ________, the recording function is performed by ________, and cash handling is performed by the ________. purchasing; cashier; accounts payable accounts payable; purchasing; cashier purchasing; accounts payable; treasurer purchasing; accounts payable; cashier

purchasing; accounts payable; cashier

The auditor's objective is to seek ________ that no material error exists in the information audited. reasonable evidence reasonable objectivity absolute reliability reasonable assurance

reasonable assurance

When a copy of the receiving report arrives in the purchasing department, it is used to analyze the receiving department's process recognize the purchase order as closed record the physical transfer of inventory from receiving to the warehouse adjust perpetual inventory records

recognize the purchase order as closed

The steps that criminals take to study their target's physical layout to learn about the controls it has in place is called scanning and mapping the target. social engineering. research. reconnaissance.

reconnaissance.

The batch processing data entry control that sums the number of items in a batch is called sequence check. hash total. record count. financial total.

record count.

The Director of Information Technology for the city of Tampa, Florida formed a company to sell computer supplies and software. All purchases made on behalf of the City were made from her company. She was later charged with fraud for overcharging the City, but was not convicted by a jury. The control issue in this case arose because the Director had both ________ and ________ duties. custody; authorization custody; recording recording; authorization management; custody

recording; authorization

An entity-relationship diagram represents entities as ________ and the relationships between them as lines and ________. rectangles; circles circles; squares rectangles; diamonds squares; diamonds

rectangles; diamonds

Increasing the effectiveness of internal controls would have the greatest effect on reducing audit risk. reducing control risk. reducing detection risk. reducing inherent risk.

reducing control risk.

The clerk who opens mail is assigned responsibility for preparing a document which identifies all cash collections received in the mail for a given day. This document is called: accounts receivable subsidiary record voucher collection authorization form remittances prelist form receiving report

remittances prelist form

There is a symmetrical interdependence between a firm's expenditure cycle and its suppliers' revenue cycle. general ledger and reporting system. expenditure cycle. production cycle.

revenue cycle.

The amount of risk a company is willing to accept in order to achieve its goals and objectives is inherent risk. residual risk. risk appetite. risk assessment.

risk appetite.

Control risk is defined as the susceptibility to material risk in the absence of controls. risk that a material misstatement will get through the internal control structure and into the financial statements. risk that auditors and their audit procedures will not detect a material error or misstatement. risk auditors will not be given the appropriate documents and records by management who wants to control audit activities and procedures.

risk that a material misstatement will get through the internal control structure and into the financial statements.

A document prepared in the sales department of most firms for recording the description, quantity and related information for goods purchased by their customers is called a: purchase order customer order purchase requisition sales invoice sales order

sales invoice

The basic source document which is used for recording a credit sale is bill of lading monthly billing statement sales invoice customer order form debit memo

sales invoice

Which of the following is not a control over the risk of unauthorized inventory purchases? scanner technology transaction authorization automated purchase approval All of the above are controls over the risk of unauthorized inventory purchases.

scanner technology

One of the basic activities in the expenditure cycle is the receiving and storage of goods, supplies, and services. What is the counterpart of this activity in the revenue cycle? cash payments activity sales order entry process shipping function cash collection activity

shipping function

All of the following are associated with asymmetric encryption except speed. private keys. public keys. no need for key exchange.

speed.

According to the ERM model, ________ help to align high level goals with the company's mission. compliance objectives operations objectives reporting objectives strategic objectives

strategic objectives

When purchasing inventory, which document usually triggers the recording of a liability? purchase order purchase requisition supplier's invoice receiving report

supplier's invoice

The type of flowchart that illustrates the relationships among system input, processing, storage, and output in an organization is called internal control flowchart. program flowchart. document flowchart. system flowchart.

system flowchart.

When a cash disbursement in payment of an accounts payable is recorded the income statement is changed the liability account is increased the cash account is unchanged the liability account is decreased

the liability account is decreased

The value of information can best be determined by its usefulness to decision makers. the extent to which it optimizes the value chain. its relevance to decision makers. the benefits associated with obtaining the information minus the cost of producing it.

the benefits associated with obtaining the information minus the cost of producing it.

The most important element of any preventive control is the people. the performance. the procedure(s). the penalty.

the people.

In which transaction cycle would customer sales transaction information be most likely to pass between internal and external accounting information systems? the financing cycle the expenditure cycle the revenue cycle the human resources / payroll cycle

the revenue cycle

An auditor is interested in testing whether a sample of recorded credit sales were actually ordered by customers, shipped to them and billed properly. In this case, the auditor would most likely select a sample from which source? bills of lading customer orders the sales journal sales invoices the general ledger

the sales journal

In a private key system the sender and the receiver have ________, and in the public key system they have ________. different keys; the same key the same key; two separate keys an encrypting algorithm; a decrypting algorithm a decrypting algorithm; an encrypting algorithm

the same key; two separate keys

With regards to an accounting information system, a financial audit is most concerned with the system's storage. the system's processing. the system's output. the system's input.

the system's input.

In order to maintain controls over cash receipts at Waren Sports Supply, the cash receipts journal is initialed after which of the following events? the entry in the cash receipts journal and accounts receivable subsidiary ledger are compared. the cash prelist and the entry in the accounts receivable subsidiary ledger are compared. the validated deposit slip and bank reconciliation are agreed to the cash receipts journal for each entry the cash prelist and the bank reconciliation are agreed for each entry. the validated deposit slip and cash prelist are agreed to the cash receipts journal for each entry.

the validated deposit slip and cash prelist are agreed to the cash receipts journal for each entry.

Misappropriation of assets is a fraudulent act that involves theft of company property. dishonest conduct by those in power. using computer technology to perpetrate a crime. misrepresenting facts to promote an investment.

theft of company property.

Data masking is also referred to as encryption. cookies. captcha. tokenization.

tokenization.

Prompting is a control that helps ensure transaction data are not lost. transactions data are complete. transaction data are valid. transactions data are accurate.

transactions data are complete.

A back door into a system that bypasses normal system controls is called a trap door. virus. logic bomb. data diddle.

trap door.

Before a firm can identify the information needed to effectively manage a process, the firm must obtain internet access. understand the process. purchase computers and/or workstations. hire an outside consultant.

understand the process.

A BPD provides users a ________ of the different steps or activities in a business process. visual view data flow decision tree narrative

visual view

The REA data model was developed specifically for use in designing accounting information systems. classifies data into relationships, entities and accounts. is used in many areas of business and science. is a graphical technique for portraying a database schema.

was developed specifically for use in designing accounting information systems.

Fraud perpetrators are often referred to as bad actors. blue-collar criminals. outlaws. white-collar criminals.

white-collar criminals.


संबंधित स्टडी सेट्स

aPHR Study Guide - Functional Area 2: Recruitment and Selection

View Set

Pharmacology Unit 2: Repiratory System

View Set

course point musculoskeletal ch 39

View Set

Ch. 40 Fluid, Electrolyte, and Acid-Base Balance

View Set