ACC 340 final study guide

Ace your homework & exams now with Quizwiz!

An REA diagram contains four instances of the employee entity. How many tables does this require in a relational database

1

If customers pay for each sales transaction with a separate check and are not permitted to make installment payments on any sales, then the relationship between the sale and receive cash events would be modeled as which of the following

1:1

In most cases the relationships between agent entities and event entities is

1:N

How many tables are needed to implement an REA data model that has 7 distinct entities, 3 M:N relationships, and 5 1:N relationships in a relational database

7

Goal conflict may result when

A decision or action of a subsystem is inconsistent with the system as a whole.

7) Which of the following statements is FALSE?

A system flowchart is a narrative representation of an information system → NO, a system flowchart is a graphical representation of an information system, not a narrative representation TRUE STATEMENTS: ***a flowchart is an analytical technique used to describe some aspect of an information system in a clear, concise, and logical manner ***flowcharts use a standard set of symbols to describe pictorially the flow of documents and data through a system ***flowcharts are easy to prepare and revise when the designer utilizes a flowcharting software package

7) Which of the following statements is true?

ALL *** "Emergency" changes need to be documented once the problem is resolved. *** Changes should be tested in a system separate from the one used to process transactions *** Change controls are necessary to maintain adequate segregation of duties

5) The last step in the revenue cycle is cash collections. The accounts receivable department must know when customers pay their invoices, yet segregation of duty controls dictate that the collection and recording functions be kept separate from each other. What is a solution to this potential internal control problem?

ALL have customers send a remittance advice with their payment have mailroom personnel prepare a remittance list which can be forwarded to accounts receivable establish a lockbox arrangement with a bank

6) The integrated database underlying an ERP system results in which the following general threats to the revenue cycle?

ALL ARE TRUE inaccurate or invalid master data unauthorized disclosure of sensitive information loss or destruction of data

8) Which of the following statements is true?

ALL are TRUE ***virtualization significantly reduces RTO for hardware problems ***cloud computing reduces the risk that a single catastrophe from either a natural disaster or terrorist attack would result in significant downtime and loss of availability ***backups still need to be made when using either virtualization or cloud computing

9) Which of the following statements is true?

ALL are TRUE ***VPNs protect the confidentiality of information while it is in transit over the Internet ***Encryption limits firewalls' ability to filter traffic → firewalls cannot apply their rules to encrypted packets ***A digital certificate contains that entity's public key

3) Which of the following is most likely to be a general ledger control account?

Accounts Receivable

10) A report telling how well all approved vendors have performed in the prior 12 months is information that is MOST needed in which business process?

Acquiring Inventory

10) Pre-numbering of source documents helps to verify that

All transactions have been recorded since the numerical sequence serves as a control

2) Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework?

Analyzing past financial performance and reporting

4) Which of the following duties could be performed by the same individual without violating segregation of duties controls?

Approving accounting software change requests and testing production scheduling software changes

6) Periodic updating of the data stored about resources and agents is

Batch Processing

An AIS provides value by

Both improving products or services through information that increases quality and reduces costs and providing timely and reliable information to decision makers

3) Which of the following statements is true?

COSO's internal control integrated framework has been widely accepted as the authority to internal controls ***the internal control integrated framework is the accepted authority on internal controls and is incorporated into policies, rules, and regulations that are used to control business activities

7) Which of the following is not one of the responsibilities of auditors in detecting fraud according to SAS No. 99?

Catching the perpetrators in the act of committing the fraud

4) A listing of general ledger accounts by account number is called the

Chart of Accounts

Information that does not omit important aspects of the underlying events or activities that it measures is

Complete

1) Which of the following statements is true?

Cookies are text files that only store information. They cannot perform any actions. ***Encryption is not sufficient to protect confidentiality and privacy because sensitive information cannot be encrypted at all times -- it must be decrypted during processing, when displayed on a monitor, or included in a printed report ***The same set of controls for protecting confidentiality can also be used for protecting privacy, such as encryption, access controls, and training

2) To ensure proper separation of duties the ________ makes decisions concerning issuance of credit memos.

Credit manager

3) Which of the following statements if FALSE?

DFDs help convey the timing of events → DFDs show data movement, but not necessarily the timing of the movement TRUE STATEMENTS: ***flowcharts make use of many symbols ***a document flowchart emphasizes the flow of documents or records containing data

8) Which step below is NOT considered to be part of the data processing cycle?

Data Collection

4) Which of the following is NOT a step in the data processing cycle?

Data Collection steps in the data processing cycle are input stage, processing stage, output stage, and storage stage

Which of the following would managers most likely use to retrieve information about sales during the month of October

Data Query Language (DQL)

10) Which of the following can organizations use to protect the privacy of a customer's personal information when giving programmers a realistic data set with which to test a new application?

Data masking → because masking replaces actual values with fake ones, but the result is still the same type of data, which can then be used to test program logic ***digital signature cannot be used to test programming logic because it is an encrypted hash, but it can be used for nonrepudiation ***digital watermark cannot be used because it does not protect privacy ***data loss prevention cannot be used because it is designed to protect confidentiality by filtering outgoing messages to prevent sensitive data from leaving the company

Which of the following is a software program that runs a database system

Database Management System (DBMS)

8) Which of the following flowcharts illustrates the flow of data among areas of responsibility in an organization?

Document flowchart → traces the life of a document from its cradle to its grave as it works its way through the areas of responsibility within an organization ***program flowchart documents a computer program ***a computer configuration chart illustrates how computer hardware is arranged and implemented ***system flowchart illustrates the relationship among inputs, processes, and outputs of a system

4) Which of the following statements is true?

Encryption is reversible, but hashing is not → Encryption can be reversed to decrypt the ciphertext, but hashing cannot be reversed

4) The _____________ in the REA model include all of the organization's business activities.

Events

4) Which transaction cycle include interactions between an organization and its suppliers?

Expenditures

4) Which of the following techniques is the most efficient way to process customer payments and update accounts receivable?

FEDI → because FEDI integrates EFT, for processing customer payments, with EDI, for processing related remittance data to update accounts receivable ***EFT → deals only with the transfer of funds ***UPIC → enable customers to remit EFT payments without divulging the receiving company's bank account information ***ACH → the private communications network used by financial institutions to transfer funds

Data are

Facts entered, stored, and processed by an information system

5) Which of the following is not an example of computer fraud?

Failure to perform preventive maintenance on a computer

2) Which type of fraud is associated with 50% of all auditor lawsuits?

Fraudulent financial reporting

2) Which of the following would contain the total value of all inventory owned by an organization?

General Ledger

9) Which of the following would contain the total value of all inventory owned by an organization?

General Ledger

7) The transaction cycles relate to one another and interface with this to generate information for both management and external parties

General Ledger and Reporting System

6) Which of the following causes the majority of computer security problems?

Human error

5) Which of the following is NOT a means by which information improves decision making?

Increasing information overload

Data differ from information in which way?

Information is output and data is input

1) Which of the following statements is true?

Information security is necessary for protecting confidentiality, privacy, integrity of processing, and availability of information resources ***the concept of defense-in-depth is based on the idea that, given enough time and resources, any single control, no matter how sophisticated, can be overcome -- therefore, the use of redundant, overlapping controls maximizes security ***the correct formula for time-based model of security is P < D + C ***Security is primarily a managerial issue because only management can choose the most appropriate risk response to protect the organization's information resources

3) Which of the following most accurately models the sales of low-cost, mass-produced items by a retail store?

Inventory>O------------I<Sale

2) Which of the following is NOT a characteristic that makes information useful?

It is inexpensive

1) Which of the following is a fraud in which later payments on account are used to pay off earlier payments that were stolen?

Lapping

Which type of relationship cardinality must be implemented in a relational database as a separate table

M:N

1) Which of the following inventory control methods is most likely to be used for a product which sales can be reliably forecast?

MRP → MRP forecasts sales and uses that information to purchases inventory to meet anticipated needs ***NOT JIT because it seeks to minimize inventory by making purchases only after sales and is primarily used for products for which it is hard to forecast demand ***NOT EOQ because it represents the optimal amount of inventory to purchase to minimize sum of ordering, carrying, and stockout costs ***NOT ABC, which is a method for stratifying inventory according to importance and scheduling more frequent inventory costs for more important items

8) Which of the following statements about internal environment is false?

Management's attitudes toward internal control and ethical behavior have only minimal impact on employee beliefs or actions

1) What is one reasons why AIS threats are increasing?

Many companies do not realize that data security is crucial to their survival

10) Recording and processing information about a transaction at the same time it takes place is referred to as which of the following?

Online, Real-Time Processing

Humans can absorb and process only so much information. Information ______ occurs when those limits are passed

Overload

8) Which of the following control procedures is most likely to deter lapping?

Periodic rotation of duties

3) Which of the following is a primary activity in the value chain?

Post-sales service

6) Which of the following is LEAST likely to be a specialized journal?

Prepaid Insurance Journal

5) Which of the following is LEAST likely to be a specialized journal?

Prepaid insurance journal

4) Which of the following conditions is/are usually necessary for a fraud to occur?

Pressure, opportunity, rationalization

2) Federal Express stated in one of its mission statements that "positive control of each package will be maintained by utilizing... electronic tracking and tracking systems." This is an example of which type of data processing?

Real-time processing which features immediate updating as to the location of packages.

5) Which of the following documents is most likely to be used in the expenditure cycle?

Receiving Report

1) All of the information (name, GPA, major, etc.) about a particular student is stored in the same _____.

Record

Information that reduces uncertainty, improves decision makers' ability to make predictions or confirms or corrects their prior expectation, is said to be

Relevant

5) Events must be linked to at least one

Resource

7) In which cycle does a company ship goods to customers?

Revenue

6) EZ Construction Company builds residential houses. It sells only homes that it built. Most of its homes are sold to individuals, but sometimes an investor may purchase several homes and hold them for subsequent resale. Which of the following is the correct way to model the relationship between Sale and Inventory for EZ Construction Company?

Sale-I-O-------------I-<-Inventory

7) One of the ten GAAP concerns security. According to GAAP, what is the nature of the relationship between security and privacy?

Security is necessary, but not sufficient, precondition to protect privacy

9) Which of the following is the most important, basic, and effective control to deter fraud?

Segregation of duties

6) Which of the following is a control related to design and use of documents and records?

Sequentially pre-numbering sales invoices

3) Which of the following is true?

Setting up petty cash as an imprest fund violates segregation of duties → because the same person has custody of the asset (cash) that authorizes its disbursement, and maintains records

8) Which of the following is NOT an advantage of an ERP system?

Simplicity and Reduced Costs

3) A specialized journal

Simplifies the process of recording large numbers of repetitive transactions

4) What is the normal procedure for new customers or customers making a purchase that causes their credit limit to be exceeded?

Specific approval must be granted by the credit manager

9) A firm, its suppliers, and its customers collectively form which of the following?

Supply Chain

6) In the value chain concept, upgrading IT is considered what kind of activity?

Support Activity

8) Which of the following statements is true?

Symmetric encryption is faster than asymmetric encryption but cannot be used to provide nonrepudiation of contracts → the key is shared by both parties, so there is no way to prove who created and encrypted a document

Which is NOT an accountant's primary role in in-formation systems?

System Programmer

1) Data must be collected about three facets of each business activity. What are they?

The business activity, the resources it affects, the people who participate

6) Which of the following statements about obtaining consent to collect and use a customer's personal information is true?

The default policy in Europe is opt-in, but in the United States the default is opt-out

The business owners obtain financing from outside investors, which results in an inflow of cash into the company. This transaction is considered to be part of which cycle?

The financing cycle

7) How does the chart of accounts list general ledger accounts?

The order in which they appear in financial statements

3) Which of the following statements is false?

The psychological profiles of white-collar criminals are significantly different from those of the general public.

10) It is important to control access to system output, such as hard copies of reports. Some of the control procedures include:

Train employees to not leave reports containing sensitive information in plain view on their desktops when they are not physically present

2) Which of the following is a preventive control?

Training

8) Which of the following is a function of an AIS?

Transforming data into useful information

Which of the following is a function of an AIS?

Transforming data into useful information

3) The credit manager reports to the ________ and the treasurer reports to the _________.

Treasurer VP of Finance

4) A DFD consists of the following four basic elements: data sources and destination, data flows, transformation processes, and data stores. Each is represented on a DFD by a different symbol.

True → The four elements of a DFD are data sources and destination, data flows, transformation processes, and data stores

2) Documentation methods such as DFDs, BPDs, and flowcharts save both time and money, adding value to an organization.

True → a picture is worth a thousand words: many people learn more and learn it more quickly by studying the DFD, BPD, or flowchart of a system than by reading a narrative description of the same system

9) Records of company data sent to an external party and then returned to the system as inputs are called

Turnaround Documents

The process of creating value for customers is the result of nine activities (5 primary and 4 support) that taken together form a

Value Chain 5 primary are inbound logistics, operations, outbound logistics, marketing and sales, and post sale-service 4 support are firm infrastructure, human resources, technology, and purchasing

1) The sales order department reports to the:

Vice President of marketing

A data entry input control in which the application software sums the first four digits of a customer number to calculate the value of the fifth digit and then compares the calculated number to the number typed in during data entry is an example of a Select one: a. check digit verification. Correct b. validity check. c. duplicate data check. d. closed-loop verification.

a

Creating an empty table in a relational database requires use of the __________, and filling that table requires the use of __________. Select one: a. DDL; DML Correct b. DML; DDA c. DQL; SQL d. DDL; DQL

a

In many cases of fraud, the __________ takes more time and effort than the __________ is worth. Select one: a. concealment; theft Correct b. theft; concealment c. conversion; theft d. conversion; concealment

a

Most fraud are detected by Select one: a. Whistleblowing tip from employee, vendor, customer, or other third party Correct b. accidental recovery c. External auditor d. internal auditor

a

Perhaps the most striking fact about natural disasters in relation to AIS controls is that Select one: a. many companies in one locale can be seriously affected at one time by a disaster. Correct b. losses are absolutely unpreventable. c. there are a large number of major disasters every year. d. disaster planning has largely been ignored in the literature.

a

Researchers have compared the psychological and demographic characteristics of white-collar criminals, violent criminals, and the general public. They found that Select one: a. few differences exist between white-collar criminals and the general public. Correct b. white-collar criminals eventually become violent criminals. c. most white-collar criminals invest their illegal income rather than spend it. d. most white-collar criminals are older and not technologically proficient.

a

The major cost driver in the purchasing function is Select one: a. The number of purchase orders processed Correct b. The price of the items purchased c. The reputation of the supplier d. None of the above

a

There are two basic ways to design a well-structured relational database. The method in which a database designer uses knowledge about how business processes work to draw a graphical picture of the elements to be included in the database is called Select one: a. semantic data modeling. Correct b. decentralization. c. normalization. d. geometric data modeling.

a

There is a threat of paying an invoice twice. What is an applicable control that may help mitigate this threat? Select one: a. payment should never be authorized for a photocopy of an invoice Correct b. double-check invoice accuracy c. approval of a purchase order d. adequate perpetual inventory records

a

Which is a true statement regarding the document flowchart? Select one: a. It is particularly useful in analyzing the adequacy of internal control procedures. Correct b. It is not normally used in the systems design process. c. It should ignore control processes and actions d. It illustrates the sequence of logical operations performed by a computer.

a

9) Which of the following combination of credentials is an example is an example of multifactor authentication?

a PIN and an ATM card → the PIN is something a person knows and the ATM card is something the person has

10) In a cash collection system with proper controls, the ___________ function, responsible or reporting to the _____________, is separate and distinct from the cash handling activities.

accounts receivable controller

Combining two REA diagrams typically does not involve merging which type of entity

agents

6) Which of the following expenditure cycle activities can be eliminated through the use of IT or reengineering?

approving vendor invoices → ERS eliminates vendor invoices

6) Information that needs to be stored securely for 10 years or more would most likely be stored in which type of file?

archive ***backups are for short-term storage; archives are for long-term storage ***long-term retention uses archives, which are usually not encrypted ***log is part of an audit trail, not part of storage procedures/processes

10) How are data sources and destinations represented in a data flow diagram?

as a square → Figure 3-1 ***a curved arrow represents a data flow ***a circle represents a process ***two parallel lines represent a data store

restricting access of users to specific portions of the system as well as specific tasks, is

authorization

3) The control procedure designed to restrict what portions of an information system an employee can access and what actions he or she can perform is called ___________.

authorization → the process of controlling what actions -- read, write, delete, etc. -- a user is permitted to perform

6) To achieve effective segregation of duties, certain functions must be separated. Which of the following is the correct listing of the account-related functions that must be segregated?

authorization, recording, and custody → Figure 7-5

A customer failed to include her account number on her check, and the accounts receivable clerk credited her payment to a different customer with the same last name. Which control could have been used to most effectively to prevent this error? Select one: a. Reconciliation of a batch control total b. Closed-loop verification Correct c. Validity check d. Duplicate values check

b

A graphical description of the sequence of logical operations that a computer performs is called Select one: a. a data flow diagram. b. a program flowchart. Correct c. a system flowchart. d. a document flowchart.

b

A graphical representation of the flow of documents and information between departments or areas of responsibility within an organization is called Select one: a. data flow diagram b. document flowchart c. system flowchart Incorrect d. program flowchart

b

A majority of fraud perpetrators are Select one: a. outsiders. b. employees. Correct c. computer hackers. d. vendors.

b

A query that extracts, for a given time period, all sales events for which there is no corresponding receive cash event on the date of the sales event will yield Select one: a. an accounts receivable ledger b. an accounts payable journal. Incorrect c. a credit sales journal d. a cash account ledger

b

A set of interrelated, centrally coordinated files is called Select one: a. a multiple-records grouping (MRG). b. a database. Correct c. a transaction file. d. a master file.

b

A standing order to purchase specified items at a designated price, from a particular supplier for a set period of time, is called a Select one: a. set order. b. blanket purchase order. Correct c. purchase order. d. commodity order.

b

Multiple attribute primary keys are Select one: a. common. b. concatenated keys. Correct c. disallowed. d. secondary keys.

b

Reasons for committing a fraud include living beyond one's means, having heavy debts, or unusually high bills. Such a motivator for committing a fraud is commonly known as a Select one: a. spark. b. pressure. Correct c. flash-point. d. catalyst.

b

The Treadway Commission studied 450 lawsuits against auditors and found that Select one: a. misappropriation of assets was the reason for over one-half of the suits. b. fraudulent financial reporting was the reason for over one-half of the suits. Correct c. white-collar criminals were responsible for only a fraction of the lawsuits. d. only in a very few cases were financial statements falsified.

b

There are several threats that are associated with the process and activity of receiving and storing goods. Identify one of these threats below. Select one: a. errors in vendor invoices b. errors in counting Correct c. kickbacks d. requests for unnecessary items

b

This compares the results produced by more than one method to verify accuracy. Select one: a. concurrent update control b. cross-footing balance test c. data matching Incorrect d. recalculation of batch totals

b

What is the first step to implementing an REA diagram in a relational database? Select one: a. Assign attributes to appropriate tables. b. Create a table for each distinct entity in the diagram and for each many-to-many relationship. Correct c. Identify cardinalities. d. Use foreign keys to implement one-to-one and one-to-many relationships.

b

What is the most popular type of database? Select one: a. hierarchical b. relational Correct c. network d. object-oriented

b

7) With a ________ system, customers pay according to the amount showing on their monthly statement and payments are simply applied against the total account balance.

balance forward

5) Which of the following revenue cycle activities can potentially be eliminated by technology?

billing → the use of integrated ERP systems makes printing invoices superfluous, because both the seller and customer already know all the information included in the invoice ***sales order entry → the sales process must always begin with taking the customer's order ***shipping → the product must always be shipped to the customer ***cash collections → sellers will always need to collect payments from customers

9) Nonfinancial information should be collected because:

both it may indicate events that may affect resources and it can be used to plan other activities

A query that extracts, for a given time period, all deposits to and disbursements from a payroll clearing account will yield Select one: a. a credit sales journal. Incorrect b. an accounts payable journal. c. a cash account ledger. d. an accounts receivable ledger.

c

All of the following are benefits of database technology except: Select one: a. data integration and sharing. b. minimal data redundancy. c. decentralized management of data. Correct d. reporting flexibility.

c

Characteristics connected with fraud include pressures, opportunities, and rationalizations. Of these characteristics, which one relates to excuses that perpetrators have allowing them to justify their illegal behavior? Select one: a. pressures b. opportunities c. rationalizations Correct d. none of these

c

Concerning the creation of tables from an REA diagram, which of the following is false? Select one: a. A properly designed relational database has a table for each distinct entity in an REA diagram. b. A properly designed relational database has a table for each many-to-many relationship in an REA diagram. c. To reduce confusion, table names should not duplicate REA diagram entities' names. Correct d. Many-to-many relationships will be shown in tables with hyphenated concatenations of the entities' names.

c

Concerning the generation of financial statements from an REA-based relational database, which of the following is false? Select one: a. It is possible to use a completed REA diagram to guide the writing of queries to produce the information that would be included in financial statements. b. Many financial statement items can be displayed by querying a single table. c. It is unnecessary to understand the REA data model to know which tables need to be included in each query to generate the correct answers to financial statement questions. Correct d. A major advantage of the REA data model is that it integrates non-financial and financial data.

c

Fraud is any and all means a person uses to gain an unfair advantage over another person. Current and former employees of an organization are much more likely to perpetrate fraud than external parties. The act by a person or group of persons resulting in materially misleading financial statements is called a(n) Select one: a. misappropriation of assets. b. employee fraud. c. fraudulent financial reporting. Correct d. theft of assets.

c

Other attributes besides the primary key are Select one: a. included to satisfy transaction processing requirements. b. included to meet management's information needs. c. Both included to satisfy transaction processing requirements and included to meet management's information needs. Correct d. None of these

c

Statements on Audit Standards requires that independent auditors be able to Select one: a. prepare and understand any type of system documentation. b. draw computerized flowcharts. c. understand a client's system of internal controls before conducting an audit. Correct d. prepare flowcharts and decision tables before conducting an audit.

c

The Sarbanes-Oxley Act requires companies to Select one: a. use flowcharting to document business processes group data flows b. identify the entities to be flowcharted c. document their business processes and internal controls. Correct d. None of the above

c

The __________ contains information about the structure of the database. Select one: a. database management system b. data definition language c. data dictionary Correct d. data warehouse

c

The best example of a hash total for a payroll transaction file could be Select one: a. sum of hours worked. b. total number of employees. c. total of employees' social security numbers. Correct d. sum of net pay.

c

The initial document used to request that an item be ordered is the Select one: a. Purchase advice b. Purchase order Incorrect c. Purchase requisition d. Purchase auction

c

The logical view of a database system refers to Select one: a. how and where the data are physically arranged and stored. b. how master files store data values used by more than one application program. c. how a user or programmer conceptually organizes and understands the data. Correct d. how the DBMS accesses data for a certain application program.

c

This ensures that the input data will fit into the assigned field. Select one: a. limit check b. range check c. size check Correct d. validity check

c

When duties cannot be segregated, the most important preventive internal control procedure is Select one: a. Rotation of duties b. Mandatory vacations c. Direct supervision by management Correct d. Review of accounting records

c

Which of the following is not one of the three steps to implementing an REA diagram in a relational database? Select one: a. Assign attributes to appropriate tables. b. Create a table for each distinct entity in the diagram and for each many-to-many relationship. c. Every event must be linked to at least one resource. Correct d. Use foreign keys to implement one-to-one and one-to-many relationships.

c

7) What is the best control procedure to prevent paying the same invoice twice?

cancel all supporting documents when the check is signed → this ensures that the supporting documents cannot be resubmitted to pay the same invoice again

A company has five different cash accounts. It deposits all payments received from customers into its checking account. Which of the following accurately depicts the relationship between the cash entity and the receive cash event

cash ||-----o< receive cash

10) For good internal control over customer remittances, the mailroom clerk should separate the checks from the remittance advices and send the customer payments to which department?

cashier → because the cashier function has custody of cash accounts ***NOT: billing because billing creates invoices but should not be involved in processing payments from customers accounts receivable because that performs the recording function and should not also have physical custody of assets sales because they authorize the release of merchandise and should not also have custody of assets

8) For good internal control, who should sign checks?

cashier → the cashier is responsible for managing cash and reports to the treasurer

1) Which activity is part of the sales order entry process?

checking customer credit ACTIVITIES NOT PART OF THE SALES ORDER ENTRY PROCESS: ***setting customer credit limits → the credit department ***preparing a bill of lading → occurs as part of the shipping process ***approving sales returns → someone outside the sales department should approve all returns

the __________ disseminates information about fraud, errors, breaches and other improper system uses and their consequences. They facilitate integrating physical and information security

chief security officer

4) Which disaster recovery strategy involves contracting for use of a physical site to which all necessary computing equipment will be delivered within 24 to 36 hours?

cold site → delivery of all equipment within 24 to 36 hours ***virtualization is a strategy to make better uses of resources by running multiple virtual machines on one physical host. It is not a disaster recovery strategy. ***hot site is an infrastructure replacement strategy that contracts for use of a physical site that contains all necessary computer and network equipment ***data mirroring is a fault-tolerant backup strategy in which the organization maintains a second data center and all transactions are processed on both systems as they occur

2) A digital signature is ________.

created by hashing a document and then encrypting the hash with the signer's private key ***creating a hash provides a way to verify the integrity of a document, and encrypting it with the signer's private key provides a way to prove that the sender created the document

9) For good internal control, who should approve credit memos?

credit manager → because this is the function of credit managers ***NOT: sales manager because the same person who authorizes sales should not also authorize credit memos to adjust customer accounts for those sales billing manager because he/she is in charge of invoicing customers and should not have authority to reduce accounts receivable by issuing credit memos controller because he/she is responsible for recording function and should not also be able to authorize changes to accounts via credit memos

Which of the following attributes in the cash receipts table would most likely be a foreign key

customer number

A flowchart is an analytical tool used to describe some aspect of an information system. A flowchart that depicts the relationships among the input, processing, and output of an AIS is Select one: a. a program flowchart b. an internal control flowchart Incorrect c. a document flowchart d. a system flowchart

d

A purchase order is Select one: a. a document formally requesting a vendor to sell a certain product at a certain price. b. a request for delivery of certain items and quantities. c. a contract between the buyer and vendor once accepted by the vendor. d. All of these are true. Correct

d

A receiving clerk notes that a delivery of 10 units has been received, but the purchase order specified 12 units. A debit memo will be prepared to adjust for the difference in the quantity ordered and received. Who should prepare this document? Select one: a. the receiving clerk b. management c. the sales department d. the purchasing department

d

An REA diagram contains four instances of the Employee entity. How many tables does this require in a relational database? Select one: a. 3 b. 4 c. 2 d. 1

d

Concerning the use of REA diagrams to retrieve information from a database: Select one: a. Although neither journals nor ledgers appear explicitly in an REA diagram, each can be created through appropriate queries. b. The information normally found in a journal is contained in the tables used to record data about events. c. Much of the information about an organization's assets that is traditionally recorded in ledgers is stored in resource tables in an REA-based relational database. d. all of these

d

Flowcharts are created using a standard set of symbols. These symbols can be divided into four basic categories. A square denotes an auxiliary operation and is found in which flowchart symbol category? Select one: a. storage b. input/output c. flow and maintenance d. processing

d

How can funds be stolen in payroll fraud? Select one: a. by paying a fictitious or ghost employee b. by increasing pay rates without permission c. by keeping a real but terminated employee on the payroll d. All of these situations are possible.

d

In a document flowchart, a dotted line is used for which of the following? Select one: a. Using the payroll register to prepare payroll checks b. Using new employee data to update employee/payroll register c. Filing the payroll register d. Using tax tables to prepare the payroll register

d

Modest Expectations Investment Services (MEIS) allows customers to manage their investments over the Internet. If customers attempt to sell more shares of a stock than they have in their account, an error message is displayed. This is an example of a Select one: a. reasonableness test. Incorrect b. field check c. validity check. d. limit check

d

Once a vendor is selected for a product, the company's identity is recorded in the Select one: a. purchase requisition file. b. product inventory transaction file. c. general ledger. d. product inventory master record.

d

The data dictionary contains information about the structure of the database. Which of the following would not be found in a data dictionary entry for a data item? Select one: a. the source of the data item b. the field (data) type c. records containing a data item d. the physical location of the data

d

The logical structure of a database is described by the Select one: a. dictionary. b. subschema. c. internal level. d. schema.

d

The maximum amount of time between backups is determined by a firm's Select one: a. recovery objective b. recovery time objective c. maximum time recovery objective d. recovery point objective

d

The passage of the Sarbanes Oxley Act Select one: a. Made documentation skills even more important. b. Requires public companies to prepare an annual internal control report. c. Means that auditors must be able to prepare, evaluate and read documentation tools such as flowcharts d. All of the above.

d

To accomplish the objectives set forth in the expenditure cycle, a number of key management decisions must be addressed. Which of the decisions below is not ordinarily found as part of the expenditure cycle? Select one: a. How can cash payments to vendors be managed to maximize cash flow? b. What is the optimal level of inventory and supplies to carry on hand? c. Where should inventories and supplies be held? d. What are the optimal prices for each product or service?

d

Which flowchart symbol is used to represent a processing operation performed manually? Select one: a. Auxiliary operation b. Document or processing flow c. Computer processing d. Manual operation

d

Which of the following data entry controls would not be useful if you are recording the checkout of library books by members? Select one: a. Prompting b. Validity check c. Concurrent update control d. Sequence check

d

Which of the following emotions could cause an employee to feel pressured to defraud his employer? Select one: a. a feeling of not being appreciated b. failing to receive a deserved promotion c. believing that their pay is too low relative to others around them d. All of these emotions could be sources of pressure.

d

Which of the following would not be found in a data dictionary entry for a data item? Select one: a. source of the data item b. records containing a specific data item c. field type d. physical location of the data

d

Within the expenditure cycle, internal information flows Select one: a. from the production cycle to the expenditure cycle. b. from the revenue cycle to the expenditure cycle. c. to the general ledger from the expenditure cycle. d. All of these are correct.

d

10) Which document is used to record adjustment to accounts payable based on the return of unacceptable inventory to the supplier?

debit memo → this document is used to adjust accounts payable

8) Which of the following techniques is the most effective way for a firewall to use to protect the perimeter?

deep packet inspection *** because it examines the contents of the data in the body of the IP packet, not just the information in the packet header. This is the best way to catch malicious code ***packet filtering is NOT EFFECTIVE because is only examines the headers of IP packets, which can be fooled by attacks that spoof source or destination addresses or which hide malicious code inside the packet ***access control lists are NOT EFFECTIVE because they are just a set of rules that can be used to perform packet filtering or deep packet inspection

9) Which of the following provides detailed procedures to resolve the problems resulting from a flash flood that completely destroys a company's data center?

disaster recovery plan (DRP) → focuses on restoring an organization's IT functionality ***backup plan → they focus solely on making a duplicate copy of files in the event that the original becomes corrupted because of hardware malfunctions, software problems, or human error ***business continuity plan (BCP) → focuses on restoring not only IT, but also aspects of business processes ***archive plan only deals with long-term retention of data

if the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack, then security is

effective

which of the following is an example of a corrective control

emergency response teams

3) Able wants to send a file to Baker over the Internet and protect the file so that only Baker can read it and can verify that it came from Able. What should Able do?

encrypt the file using Able's private key, and then encrypt it again using Baker's public key

The constraint that all primary keys must have nonnull data values is referred to as which of the following

entity integrity rule

9. Which of the following statements about the REA data model is true

every event must be linked to at least two agents

Which of the following statements is true only about an integrated REA model

every resource must be linked to at least one increment event and at least one decrement event

10) Your current system is deemed 90% reliable. A major threat has been identified with an impact of $3,000,000. Two control procedures exist to deal with the threat. Implementation of control A would cost $100,000 and reduce the likelihood to 6%. Implementation of control B would cost $140,000 and reduce the likelihood to 4%. Implementation of both controls would cost $220,000 and reduce the likelihood to 2%. Given the data, and based solely on an economic analysis of costs and benefits, what should you do?

expected loss= impact X likelihood $300,000 = $3,000,000 X 10%

Which of the following is an individual user's view of the database

external-level schema

8) Cardinalities reflect ____________ about the organization being modeled and its business practices.

facts

2) Which data entry application control would detect and prevent entry of alphabetic characters as the price of an inventory item?

field check → field check tests whether data are numeric or alphabetic ***limit check compares an input value against a fixed number ***reasonableness check compares two data items to determine whether the values of both are reasonable ***a sign check determines whether a numeric field is positive or negative

1) A DFD is a representation of which of the following?

flow of data in an organization ***the logical operations performed by a computer program is a description of a program flowchart ***decision rules in a computer program are objective statements specific to computer programs ***computer hardware configuration shows how various parts of a computer fit together

9) All of the following are recommended guidelines for making flowcharts more readable, clear, concise, consistent, and understandable EXCEPT:

flowchart all data flows, especially exception procedures and error routines → this is NOT a recommended guideline for making flowcharts more readable, clear, concise, consistent, and understandable GUIDELINES FOR MAKING FLOWCHARTS BETTER: ***divide a document flowchart into columns with labels ***design the flowchart so that flow proceeds from top to bottom and from left to right ***show the final disposition of all documents to prevent loose ends that leave the reader dangling

6) In addition to the sales order entry process there are three other processes in the revenue cycle. Which of the following is not one of them?

general ledger ***processes in revenue cycle: shipping billing cash collections sales order entry process

The process of turning off unnecessary features in the system is known as

hardening

10) Modifying default configurations to turn off unnecessary programs and features to improve security is called ____________.

hardening → modifying default configurations to turn off unnecessary programs and features to improve security

9) Which of the following is the correct order of the risk assessment steps discussed in this chapter?

identify threats, estimate risk and exposure, identify controls, and estimate costs and benefits

1) Accountants may provide the greatest value to their organization by taking responsibility for data modeling. In which stage(s) of the database design process does data modeling occur?

in both the systems analysis and design stages of database design

5) Which of the following statements is true?

incremental daily backups are faster to perform than differential daily backups, but restoration is slower and more complex

10) Once fraud has occurred, which of the following will reduce fraud losses?

insurance, contingency plan, regular backup of data and programs

1) COSO identified five interrelated components of internal control. Which is not one of those five?

internal control policies ***risk assessment, monitoring, information and communication, control environment, control activities

Which of the following tables would most likely have a concatenated primary key

inventory - sales

Which of the following most accurately models the sales of low cost, mass produced items by a retail store

inventory >|-----o< sale

Which of the following is not likely to be depicted as an entity in the REA data model

invoices

multi-factor authentication

involves the use of two or more basic authentication methods

an access control matrix

is a table specifying which portions of the system users are permitted to access

Which of the following elements of a traditional AIS can be derived from queries of an REA database

journals, ledgers, and claims

8) Which of the following provides a means both to improve the efficiency of processing customer payments and also to enhance control over those payments?

lockboxes → the use of lockboxes eliminates the delays involved in processing customer payments and then depositing them. It also improves control because customer payments are not directly handled by any employees.

How a user conceptually organizes and understands data is referred to as the

logical view

5) One of the objectives of the segregation of duties is to

make sure that different people handle different parts of the same transaction

3) Who is responsible for establishing and maintaining the internal control system?

management

5) Which of the following statements about the control environment is false?

management's attitudes toward internal control and ethical behavior have little impact on employee belief or actions ***true statements → an overly complex or unclear organizational structure may be indicative of problems that are more serious, a written policy and procedures manual is an important tool for assigning authority and responsibility, supervision is especially important in organizations that cannot afford elaborate responsibility reporting or are too small to have an adequate separation of duties

5) Confidentiality focuses on protecting _____________.

merger and acquisition plans → they are sensitive plans that should not be made public until the deal is consummated ***Protecting customers' personal information relates to the principal of privacy ***A company's annual report is meant to be available to the public

5) All of the following are guidelines that should be followed in named DFD data elements EXCEPT:

name only the most important DFD elements → all data elements should be named with the exception of data flows into data stores, when the inflows and outflows make naming the data store redundant GUIDELINES FOR NAMED DFD DATA ELEMENTS: ***process names should include action verbs such as update, edit, prepare, and record ***make sure the names describe all the data or the entire process ***choose active and descriptive names

Accounts receivable would appear in an REA diagram as an example of which kind of entity

none of the above

3) Which method is most likely used when a company offers customer discounts from prompt payment?

open-invoice method → because it facilitates aging each invoice to verify whether a discount should be granted ***balance-forward method → not, because it does not facilitate tracking the age of individual invoice and thus is difficult to use to offer discounts for early payment of individual invoices ***accounts receivable aging method → not, because it is a control measure used to detect potential uncollectible accounts ***cycle billing method → a method of smoothing the timing of cash receipts by billing different subsets of the customer file each week

A business orders mass-produced merchandise frequently throughout the year. In which table should the attribute "quantity ordered" appear

order inventory - inventory

2) Which document often accompanies merchandise shipped to a customer?

packing slip ***picking ticket is used by warehouse workers to fill the order ***credit memo is used to adjust a customer's account balance for sales returns, allowance, or write-offs ***sales order is created during sales order entry

10) Which of the following is a control that can be used to verify the accuracy of information transmitted over a network?

parity bit → a communications control that counts the number of bits in order to verify the integrity of data sent and received ***completeness check → ensure all necessary data is entered ***check digit → detects miskeying of account numbers ***size check → ensure that the amount of data entered does not exceed the space set aside for it

5) Which of the following is a corrective control designed to fix vulnerabilities?

patch management → involves replacing flawed code that represents a vulnerability with corrected code, called a patch

this is an authorized attempt by an internal audit team or an external security consultant to break into the organization's information system

penetration test

6) Which of the following is a detective control?

penetration testing ***endpoint hardening is a preventive control ***physical access controls are preventive controls ***patch management is a corrective control

7) Which document is used to authorize the release of merchandise from inventory control (warehouse) to shipping?

picking ticket → a picking ticket is generated by sales order entry to authorize removal of inventory to be shipped to the customer

because planning is more effective than reacting, this is an important criteria for successfully implementing systems reliability:

policy development

9) A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of:

preventive control

4) All other things being equal, which of the following is true?

preventive controls are superior to detective controls ***with respect to controls, it is always of utmost importance to prevent errors from occurring

5) Whmprovements for the purchase of noninventory items such as miscellaneous office supplich method would provide the greatest efficiency iies?

procurement cords → designed specifically for purchase of noninventory items

4) Which document is used to establish a contract for the purchase of goods or services from a supplier?

purchase order

7) Which of the following is not an independent check?

re-adding the total of a batch of invoices and comparing it with your first total ***independent checks must involve a second person, a second set of documents, or a second process

6) The documentation skills that accountants require vary with their job function. However, they should at least be able to do which of the following?

read documentation to determine how the system works

1) Which of the following measures the amount of data that might be potentially lost as a result of a system failure?

recovery point objective (RPO) → because it measures the time between the last data backup and the occurrence of the problem ***recovery time objective (RTO) measures the time that an organization may have to function without its information system ***disaster recovery plan (DRP) specifies the procedures to restore IT operations ***business continuity plan (BCP) specifies the procedures to resume business processes

2) Concerning REA diagrams, which of the following is false?

redrawing an REA diagram several times during development is uncommon ***TRUE: an REA diagram for a given organization will change over time data modeling and REA diagram development involve complex and repetitive processes each organization will have its own unique REA diagram

The constraint that all foreign keys must have either null values or the value of the primary key in another table is referred to as which of the following

referential integrity rule

9) Which of the following procedures is designed to prevent the purchasing agent from receiving kickbacks?

requiring purchasing agents to disclose any financial investments in potential suppliers → such disclosure is to minimize the risk of conflicts of interest that could result in kickbacks

In a relational database design according to the REA data model, informational traditionally stored in ledgers can be obtained by querying which of the following

resources, events, and M:N relationship tables between resources and events

Which of the following types of entities must become a separate table in a relational database

resources, events, and agents

2) In the ERM model, COSO specified four types of objectives that management must meet to achieve company goals. Which of the following is not one of those types?

responsibility objectives ***responsibility objectives are NOT one of the objectives in COSO's ERM model

10. A business operates by always collecting payments for the entire amount of the sale from customers in advance. It then orders the items from its suppliers, and when they all arrive it ships the entire order to the customer. Which of the following describes the relationship between the sale and receive cash events for this company

sale |o ---- || receive cash event to resource is 1 and event to agent has to be at least 2

8. EZ construction company builds residential homes. It sells only homes that it has built. Most of its homes are sold to individuals, but sometimes an investor may purchase several homes and old them for subsequent resale. Which of the following is the correct way to model the relationship between sale and inventory

sale |o ----- |< inventory

8) Which of the following is a control procedure relating to both the design and the use of documents and records?

sequentially prenumbering sales invoices

Which of the following attributes would most likely be a primary key

supplier number

Data modeling occurs during which stages of database design

system analysis and conceptual design

The relational data model portrays data as being stored in

tables

9) For a given order, assume that goods have been picked for shipment and the items and quantities have been entered into the system. Which system update is not triggered by these actions?

the customer accounts receivables is posted

10) Concerning cardinality, which of the following is false?

the maximum cardinality can be 0 ***TRUE: cardinalities describe the nature of the relationship between two entities no universal standard exists for representing information about cardinalities in REA diagrams the minimum cardinality can be 0

2) Which of the following matches is performed in evaluated receipt settlement (ERS)?

the purchase order with the receiving report ***NOT the vendor invoice with anything, because the vendor invoice is eliminated by ERS

8) The third basic activity in the revenue cycle involves billing customers and maintaining accounts receivable. What is the basic document created in the billing process?

the sales invoice

7) Which of the following is an example of the kind of batch total called a hash total?

the sum of the purchase order number field in a set of purchase orders ***the sum of the purchase amount field in a set of purchase orders is an example of a financial total ***the number of completed documents in a set of purchase orders is an example of a record count

what is biometrics used for?

to identify individuals by their own unique physical characteristics

What is each row in relational database table called

tuple

3) Which of the following controls would prevent entry of a nonexistent customer number in a sales transaction?

validity check → compares a customer number entered into a transaction record against the customer numbers that exist in the master file or database ***field check → numeric or alphabetic ***completeness check → ensure that a customer number was entered, but not test if customer exists ***batch total → used to verify completeness of data entry

4) A weakness that an attacker can take advantage of to either disable or take control of a system is called an __________.

vulnerability → any weakness that can be used to disable or take control of a system

7) Most fraud are detected by

whistleblowing tip from employee, vendor, customer, or other third party


Related study sets

Chapter 23 Group Exercise: The Hardy-Weinberg Principle

View Set

How to Fill Out a Job Application

View Set

exam 3 1st semester nursing practice questions

View Set