AIS CH. 5,6,7
A _____ identifies and inventories mission critical business processes and supporting information systems, as well as establishes timelines and priorities for resuming processing capabilities. A. Business Impact Analysis B. Business Resumption Plan C. Emergency Contact Plan D. Disaster Recovery Plan
A. Business Impact Analysis
According to PCAOB Standard No. 5, which of the following is an example of an entity-level control? A. Effectiveness of the board of directors B. Personnel controls C. Access to computer files D. All of the above
A. Effectiveness of the board of directors
This term describes the policies, plans, and procedures implemented by a firm to protect the assets of the organization. A. Internal control B. SAS No. 94 C. Risk assessment D. Monitoring
A. Internal control
Which of the following is not one of the components of the 2017 COSO Enterprise Risk Management: Aligning Risk with Strategy and Performance Framework: A. Risk and Compliance B. Risk, Strategy, and Objective-Setting C. Monitoring Enterprise Risk Management Performance D. Risk in Execution
A. Risk and Compliance
Which of the following would a manager most likely use to organize and evaluate corporate governance structure? A. The 2013 COSO Internal Control—Integrated Framework B. The 2017 COSO Enterprise Risk Management—Aligning Risk with Strategy and Performance Framework C. The Sarbanes-Oxley Act of 2002 D. COBIT
A. The 2013 COSO Internal Control—Integrated Framework
COSO recommends that firms to determine whether they should implement a specific control. A. Use cost-benefit analysis B. Conduct a risk assessment C. Consult with the internal auditors D. Identify objectives
A. Use cost-benefit analysis
Components of an ERP's architecture typically include: A. a centralized database and application interfaces B. Internet portals and multiple databases C. a centralized database running on a mainframe computer D. business intelligence and multiple databases
A. a centralized database and application interfaces
A company's management is concerned about computer data eavesdropping and wants to maintain the confidentiality of its information as it is transmitted. The company should utilize15 A. data encryption. B. dial-back systems. C. message acknowledgment procedures. D. password codes.
A. data encryption.
Fault-tolerant systems are designed to tolerate computer errors and are built on the concept of _____. A. redundancy B. COBIT C. COSO D. integrated security
A. redundancy
Which of the following is not a computer facility control? A. Place the data processing center where unauthorized individuals cannot gain entry B. Limit access to the data processing center to all employees of the company C. Buy insurance to protect against loss of equipment in a computer facility D. Use advanced technology to identify individuals who are authorized access to the data processing center
B. Limit access to the data processing center to all employees of the company
Which of the following is not one of the four objectives of an internal control system? A. Safeguard assets B. Promote firm profitability C. Promote operational efficiency D. Encourage employees to follow managerial policies
B. Promote firm profitability
The purpose of a/n __ edit check is to ensure that an input field does not exceed expected norms, i.e., someone doesn't enter more than 24 hours worked in a day. A. Completeness B. Reasonableness C. Sequence D. Consistency
B. Reasonableness
Which of the following is not one of the three additional components that was added in the 2004 COSO Enterprise Risk Management—Integrated Framework? A. Objective setting B. Risk assessment C. Event identification D. Risk Response
B. Risk assessment
Which of the following would a manager most likely use for risk assessment across the organization? A. The 2013 COSO Internal Control—Integrated Framework B. The 2017 COSO Enterprise Risk Management—Aligning Risk with Strategy and Performance Framework C. The Sarbanes-Oxley Act of 2002 D. COBIT
B. The 2017 COSO Enterprise Risk Management—Aligning Risk with Strategy and Performance Framework
In entering the billing address for a new client in Emil Company's computerized database, a clerk erroneously entered a nonexistent zip code. As a result, the first month's bill mailed to the new client was returned to Emil Company. Which one of the following would most likely have led to the discovery of the error at the time of entry into Emil Company's computerized database?14 A. Limit test B. Validity test C. Parity test D. Record count test
B. Validity test
In selecting a new AIS, a company's management should: A. always hire a consultant B. always consult with your accountant during the decision process C. never rely on your accountant for help in this decision D. always use an Internet software service to make the decision
B. always consult with your accountant during the decision process
Segregation of duties is a fundamental concept in an effective system of internal control. But, the internal auditor must be aware that this safeguard can be compromised through: A. lack of training of employees B. collusion among employees C. irregular employee reviews D. absence of internal auditing
B. collusion among employees
Mid-level accounting software: A. can only be deployed through a server networked with desktop computers B. may be purchased in modules that match various business processes C. will not be appropriate for a multinational company because these programs cannot handle foreign currencies D. is generally inappropriate for a company operating in a specialized industry, such as retail or not-for-profit
B. may be purchased in modules that match various business processes
A _____ is a comprehensive plan that helps protect the enterprise from internal and external threats. A. firewall B. security policy C. risk assessment D. VPN
B. security policy
Accounting and enterprise software can be expensive. Which of the following is likely to be the highest cost associated with a new AIS? A. the cost of new hardware B. the cost of implementing and maintaining the new system C. the cost of the software D. the cost of converting old data for the new system
B. the cost of implementing and maintaining the new system
All of the following are examples of authenticating based on something you know except A. password B. token C. PIN D. passphrase
B. token
Which of the following accounting software programs would be appropriate for a small business (e.g., a sole proprietorship with 20 employees)? A. SAP B. QuickBooks C. NetSuite D. Oracle
C. NetSuite
Which of these is not one of the three major types of controls? A. Preventive B. Corrective C. Objective D. Detective
C. Objective
Which one of the following forms of audit is most likely to involve a review of an entity's performance of specific activities in comparison to organizational specific objectives? A. Information system audit B. Financial audit C. Operational audit D. Compliance audit
C. Operational audit
Separation of duties is an important control activity. If possible, managers should assign which of the following three functions to different employees? A. Analysis, authorizing, transactions B. Custody, monitoring, detecting C. Recording, authorizing, custody D. Analysis, recording, transactions
C. Recording, authorizing, custody
Which one of the following would most compromise the use of backups as protection against loss or damage of master files?16 A. Use of magnetic tape B. Inadequate ventilation C. Storing of all files in one location. D. Failure to encrypt data
C. Storing of all files in one location.
Section 404 affirms that management is responsible for establishing and maintaining an adequate internal control structure. This section may be found in which of the following? A. The 2013 COSO Internal Control—Integrated Framework B. The 2017 COSO Enterprise Risk Management—Aligning Risk with Strategy and Performance Framework C. The Sarbanes-Oxley Act of 2002 D. COBIT
C. The Sarbanes-Oxley Act of 2002
Within the context of ERP systems, a mashup is: A. a combination of several accounting systems B. the mess created when ERP systems fail to interface with legacy systems C. a Web page that can combine data from two or more external sources D. the informal name given to annual ERP conferences
C. a Web page that can combine data from two or more external sources
Organizations use _____ controls to prevent, detect, and correct errors and irregularities in transactions that are processed. A. specific B. general C. application D. input
C. application
Which of the following is a distinguishing characteristic of an enterprise-wide (ERP) system? A. must be a hosted solution B. multiple databases C. integration of business functions D. low cost
C. integration of business functions
A _____ site is a disaster recovery site that is fully staffed and utilizes real-time replication of data and transaction processing. A. hot B. cold C. mirrored D. backup
C. mirrored
Low-end accounting software is increasingly complex and sophisticated. However, software costing only a few hundred dollars is not likely to: A. provide information to multiple stores where a company operates more than one B. include a chart of accounts that users may customize to suit their industry C. provide all the information needed to optimize customer and supplier relationships D. provide information for budgeting decisions
C. provide all the information needed to optimize customer and supplier relationships
Categories of application controls include all of the following except A. Input B. Processing C. Output D. Encryption
D. Encryption
Which of the following is the best DRP choice if minimal downtime is the primary deciding factor? A. Hot Site B. Warm Site C. Cold Site D. Mirrored site
D. Mirrored site
An internal control system should consist of five components. Which of the following is not one of those five components? A. The control environment B. Risk assessment C. Monitoring D. Performance evaluation
D. Performance evaluation
Which of the following is not one of the five components of Enterprise Risk Management from the COSO 2017 report? A. Risk governance and culture B. Risk, strategy and objective setting C. Risk in execution D. Risk response
D. Risk response
A _____ is a security appliance that runs behind a firewall and allows remote users to access entity resources by using wireless, handheld devices. A. data encryption B. WAN C. checkpoint D. VPN
D. VPN
Which of the following reasons might explain why a small business owner would hire a CPA firm or a software consultant to help select accounting software? A. to train employees to use the software B. to help the firm identify useful reports for decision-making C. to help with rescue/recovery needs should a disaster occur D. all of the above
D. all of the above
An organization will always need to upgrade to a new AIS if: A. a major competitor buys a new package B. customers complain about late deliveries C. the company wants to begin doing business over the Internet D. none of the above are necessarily reasons to buy new accounting software
D. none of the above are necessarily reasons to buy new accounting software
Disaster recovery plans may not be of much use if _____. A. they are not fully documented B. the organization does not have a cold site for relocation purposes C. the organization does not expect any natural disasters to occur D. they are not tested periodically and revised when necessary
D. they are not tested periodically and revised when necessary
When management of the sales department has the opportunity to override the system of internal controls of the accounting department, a weakness exists in A. risk management B. information and communication C. monitoring D.the control environments
D.the control environments
