ACC 3510 Ch 7 - 17

Ace your homework & exams now with Quizwiz!

The goal of information security management is to protect the confidentiality, integrity, and availability (CIA) of a firm's information. What does CIA mean?

Confidentiality ----- Information is not accessible to unauthorized individuals or processes. Integrity ----- Information is accurate and complete. Availability ----- Information and systems are accessible on demand.

Select all that apply What is continuous auditing?

Continuous auditing is to perform audit-related activities on a continuous basis. Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance.

Select all that apply Select the benefits of using wireless technology.

Convenient online access without a physical network using cables for connections Freely setting up or removing wireless networks at different locations

True or false: Given the popularity of the Internet, mobile devices, and the complexity of computer technologies, important business information and IT assets are exposed to risks and attacks from external parties such as hackers, foreigners, competitors, etc. Today's employees are well trained and always support the firm to prevent the attacks.

False

True or false: IT projects generally deliver the intended results.

False

True or false: In Power BI, you can add a simple table to the report view page by clicking on the pie chart icon in the visualizations area and then selecting the fields to include.

False

True or false: In Tableau, there is one best type of visualization for each combination of dimensions and measures.

False

True or false: Information security is a critical concern to the chief information officer (CIO) and maybe also to the internal auditors. In general, practicing certified public accountants (CPAs) do not need to know much about information security management.

False

True or false: Most companies prefer to use the symmetric-key encryption method than the asymmetric-key encryption method in conducting e-business.

False

True or false: Raw data must have blank rows or columns to be easily turned into an Excel table.

False

True or false: Unlike Microsoft Access, you can't create relationships among tables in Excel.

False

True or false: Vulnerability assessment and management are often required by laws. Hence, management's commitment and support are not as critical as in enterprise risk assessment and management.

False

True or false: when setting up the relationships between tables in Access, you don't need to worry about enforcing referential integrity if you set the correct foreign keys.

False

True or false: you can't develop financial information in Access, you need to use Excel instead.

False

In the typical conversion process accounting, completion of work is recorded with a credit to Work-in-Process inventory and a debit to _____ _____ inventory.

Finished Goods

Match the actions that take place with the name of the balanced scorecard management process step.

Formulate ----- Identify ways the company can compete Translate ----- Establish long-term budgets Link ----- Prepare operating budgets and operate processes Monitor ----- Track performance and provide feedback to managers Adapt ----- Reconsider assumptions and develop alternatives

Select all that apply What is fraud?

Frauds are perpetrated by parties to obtain money, property, or services. Frauds are perpetrated by organizations to avoid payment or loss of services. Frauds are perpetrated by parties to secure personal or business advantage.

_____ IT are those that perform a single function, such as enhancing productivity for standalone tasks.

Function

Select all that apply Which of the following are potential impacts of IT on the elements of a business model canvas (select all that apply)?

Gather data about customer segments Support key activities Coordination with key partners Track key resources

Select all that apply What are the success factors for vulnerability management?

A firm should determine the main objectives of its vulnerability management after considering the firm's resource constraints. A firm should assign roles and responsibility for vulnerability management. Management's commitment and support

Select all that apply Which of the following are reasons that companies develop business cases for major IT investments?

Justification of anticipated value Thorough consideration of alternatives

Match the devices used in each type of networks.

LAN ----- Hubs LAN ----- Switches VPN ----- Stations VPN ----- Access points WAN ----- firewalls WAN ----- Routers

Which phase of the SDLC involves making changes, corrections, and upgrades to the system?

Maintenance Phase

Which of the following is NOT a well-known visualization tool?

Microsoft Access

Select all that apply Common computer frauds include the following:

Misuse of computer hardware Altering the logic of computer software Altering computer-readable records and files

Select all that apply What is cloud computing? Select correct statements in describing cloud computing.

Most cloud computing service providers charge on a per-user basis. A third-party service provider offers computing resources including hardware and software applications to users over the Internet cloud. A cloud user company often shares the computing resources with other user companies, and a cloud provider is responsible for managing the resources.

_____ _____ _____ is calculated as the sum of the present value of cash inflows minus the sum of the present value of cash outflows.

Net Present Value

_____ IT are those that allow people to communicate with one another.

Network

Refer to the UML class diagram of Sunset's conversion process; match the class to the number of foreign keys placed in the corresponding table when the class diagram is implemented in a relational database.

Products ----- 1 Material issues ----- 2 Materials ----- 0

What does the acronym PERT stand for?

Program Evaluation Review Technique

Companies that employ a conversion process convert _____ materials into _____ goods.

Raw Finished

Select all that apply The four steps to implementing Val IT include all of the following:

Recognize problems with prior IT investments. Define characteristics of the ideal future state. Take action.

What is the name of one of the 10 core principles of effective information technology planning that makes sure the project is of appropriate size to effectively address the business needs?

Relevant scope

Match the REA element (resource, event, agent, or type image) to the purpose of that element in a UML class model of the conversion process.

Resource ----- Permanent information about things available for use in the process Event ----- Information about costs added to work-in-process Agent ----- Information about employees available to work on the process Type image ------ Management planning information about the process

Select all that apply The benefits of an IT investment should be measured in which of the following terms?

Revenue enhancement Cost avoidance Revenue protection

Select all that apply Select all of the following that are elements of the business model canvas.

Revenue streams Channels Key activities Key resources Value proposition Customer segments Cost structure Customer relationships Key partners

Vulnerability management and risk management have the same objective: to reduce the probability of the occurrence of detrimental events. What are the differences between them?

Risk management is often a more complex and strategic process that should be a long-term process.

Select all that apply Which of the following are examples of enterprise IT?

Supply chain management software Customer relationship management software

Encryption algorithms are grouped into two categories: symmetric-key and asymmetric-key encryption methods. Select the correct statement regarding these two methods.

Symmetric-key encryption is fast and suitable for encrypting large data sets or messages.

Which of the following are application controls for Sunset Graphic's conversion process?

System must default to current date. System must provide range and limit checks for labor costs.

What model predicts whether users will adopt a new or modified system?

Technology Acceptance Model

True or false: If Sunset Graphic's includes direct equipment costs in work-in-process, the UML class model should include an equipment resource and an event to capture equipment use information.

True

True or false: In data view in Power BI, you can set formatting for a field by selecting Modeling > Formatting and then selecting the appropriate format.

True

True or false: Managing, supporting and carrying out the systems development life cycle to achieve an intended outcome is called project management.

True

True or false: Most threats with regard to wireless networks typically involve an attacker with access to the radio link between a station and an access point, or between two stations.

True

True or false: The firm's senior executives need to understand the financial implications of the IT initiative so they can decide whether to allocate resources to it.

True

True or false: The reason why a digital signature can be used to ensure data integrity is because of the hashing process is not reversible.

True

True or false: a data visualization is a graphical means of presenting information to decision makers.

True

True or false: both vertical column and horizontal bar charts can be used to compare information among categories.

True

True or false: in Excel, a slicer can be used to filter pivot table and pivot chart output.

True

True or false: one important part of gathering requirements is to identify message flows between the focal organization and external organizations.

True

True or false: standard patterns for sales, purchases, and conversion processes shown in chapters 5, 6, and 7 should provide a basis for your integrated UML class diagram for the project.

True

True or false: to limit transactions to the first quarter in a query, enter the appropriate date range in the criteria row in the query by example grid.

True

True or false: when you cannot identify a unique primary key, consider splitting the table to form two well-formed relational tables.

True

The term "computer-assisted audit techniques (CAATs)" refers to any _____ audit techniques that can be used by an auditor to perform audits or achieve audit objectives.

automated

A type of attack called _____ could be described as the attacker passively monitors wireless networks for data, including authentication credentials.

eavesdropping

The process perspective describes that firm's objectives for its business processes so that firm operates _______ while also delivering products and services that meet its customers' requirements.

efficiently

The _____ _____ module is a programmed audit module that is added to the system under review. Hence, the auditors can monitor and collect data over online transactions. The collected data are analyzed by auditors in evaluating control risks and effectiveness.

embedded audit

The operating system performs the tasks that enable a computer to operate. It is comprised of system utilities and programs that:

ensure the integrity of the system. control the flow of multiprogramming. allocate computer resources to users and applications.

Given the popularity of the Internet, mobile devices, and the complexity of computer technologies, business information and IT assets are exposed to risks and attacks from _____ parties such as hackers and _____ parties such as disgruntled employees.

external Internal

To use the Tableau Show Me tool, select one or more of the _____ of interest while holding down the control (CTRL) key.

fields

The balanced scorecard framework uses accounting-based measures of performance in the _____ perspective.

financial

The benefits of an IT investment should be measurable in _____ terms.

financial

In the planning phase, it is critical to recognize that the IT plan supports the overall ______________.

firm strategy

In the Power BI report view, the Visualizations area allows you to click on an _____ to select specific types of charts or visualizations.

icon

Authentication is a process that establishes the origin of information or determines the _____ of a user, process, or device. It is critical in e-business because it can prevent _____ while conducting transactions online.

identity repudiation

Total acquisition costs include all direct and indirect costs to acquire and ____________ the IT initiative.

implement

In the learning and growth perspective, the organization sets goals to ensure that it is strategically ready to continuously _____ its process performance.

improve

In the learning and growth perspective, the firm addresses goals for investments in human capital, organizational capital, and _____ capital.

information

IT vulnerabilities can be categorized depending on whether they exist in the physical IT environment, within an _____ _____, or within the processes of IT operations.

information systems

The payback period equals the _____ investment divided by the increased cash flow per period.

initial

The _____ _____ _____ (ITF) approach is an automated technique that enables test data to be continually evaluated during the normal operation of a system. The auditor creates fictitious situations and performs a wide variety of tests over the system.

integrated test facility

In a recent survey, more than 40% of executives reported that their company's investments in IT are providing little or no return on _____

investment

Under the _____ simulation approach, the auditors write a computer program to reprocess the firm's actual data for a past period to generate simulated results to audit the system.

parallel

A strategy map allows firms to assess and prioritize gaps between their current and desired _____ levels.

performance

The first step in the project is to prepare a detailed project _____

plan

The first phase of the SDLC is called the _____ phase.

planning

In preparing an activity model of Sunset Graphic's conversion process, a collaboration model would not be useful, since there is only one _____.

pool

After importing each table from EXCEL data into Access, you need to set the _____ key for the table.

primary

To create relationships among Excel tables, you link foreign keys to _____ keys.

primary

To authenticate the receiver (B), the sender (A) e-mails a challenge message to B. B will use her _____ key to encrypt the challenge message and send it to A. If A is able to use B's _____ key to decrypt and get the plaintext of the challenge message, A has authenticated B successfully.

private public

The _____ perspective describes that firm's objectives for its business processes so that firm operates efficiently while also delivering products and services that meet its customers' requirements.

process

The term "benefit dependency" indicates that IT functionality must be combined with complementary changes to deliver business _____ change that results in improved performance.

process

For Sunset Graphics, finished goods increases when they complete _____ in their basic BPMN activity model of the conversion process.

products

The ____________ is the lead member of the project team and is responsible for the project.

project manager

In the BPMN activity model of Sunset Graphic's conversion process that includes swimlanes, the intermediate error event redirects process flow if the work does not meet _____ standards.

quality

Select all that apply Which of the following are attributes of a firm product relevant to the firm's value proposition.

quality price

It will require multiple _____ to develop financial statement information in Access, Listen to the complete question

queries

The final step in the process is to assemble the analyses for alternative IT initiatives and _____ the preferred alternative.

recommend

After connect to data sources in Tableau, the next step is to create _____ among the tables.

relationships

In Power BI, the _____ view allows you to set connections among tables.

relationships

The second step in preparing the data and developing visualizations is to set _____ among tables to exploit any database structure.

relationships

In considering alternative IT investments, _____ costs include incremental expenses of developing, implementing, and operating proposed IT initiatives.

relevant

The main components of vulnerability assessment include vulnerability identification and risk assessment. The main components of vulnerability management include vulnerability _____ and maintenance.

remediation

To create a table visualization in _____ view in Power BI, click on the Table icon in the visualizations area and then select the appropriate fields.

report

The second step in the project is to define the business _____

requirements or needs

Cloud computing refers to a service model where third-party service providers offers computing _____ including hardware and software applications to cloud users over the Internet, and the service provider charges on a per-user basis.

resource

The value proposition defines what the organization does to attract and _____ customers.

retain

Disaster recovery planning (DRP) is a process that identifies significant events that may threaten a firm's operations and outlines the procedures to ensure that the firm will resume operations when the events occur. A DRP should be _____ and _____ periodically to analyze weaknesses and explore possible improvements.

reviewed tested

Match the correct descriptions with regard to risk management and vulnerability management.

risk management ----- a complex and strategic process risk management ----- a long-term process vulnerability management ----- a tactical process vulnerability management ----- a short-term process risk management ----- using a top-down, risk-based approach vulnerability management ----- using an IT asset-based approach

The business case should consider the _____ of not doing the project.

risks

The attacker of a wireless network sometimes uses a _____ access point to set up an unsecured wireless network near the enterprise with an identical name and to intercepts any messages sent by unsuspecting users that who log onto it.

rogue

Similar to an enterprise risk assessment, a computer fraud risk assessment focuses on fraud _____ and _____ to determine whether the controls exist and how the controls can be circumvented.

scheme scenario

A revenue stream is the result of selling products and services to each customer _____

segment

Because each financial metric has both strengths and weaknesses, IT initiatives should be evaluated using _____ metrics.

several

In auditing information systems, auditors use parallel _____ to verify the firm's key features or processes. Under this approach, the auditors write a computer program to reprocess the firm's actual data for a past period to generate simulated results.

simulation

Scope creep generally comes about due to _____________ changes.

small, relatively insignificant

The theft, misuse, or misappropriation of computer hardware is a common computer fraud. The illegal copying of computer _____ is another commonly observed computer fraud.

software or applications

Where sales information in Excel contains information about the sale and the sales items, you would need to _____ the table to form two tables.

split or divide

A _____ map allows firms to assess and prioritize gaps between their current and desired performance levels.

strategy

The business case should define how the _____ of the project will be measured.

success

Encryption algorithms are grouped into two categories: _____-_____ and asymmetric-key encryption methods.

symmetric key

The bill of material association between raw materials and finished goods is usually a many-to-many relationship that would be implemented by creating a _____ in the relational database.

table

Security controls for wireless networks can be categorized into three groups: management, operational, and _____ controls.

technical

The _____ _____ technique uses a set of input data to validate system integrity in auditing a system. When creating the test data, auditors need to prepare both valid and invalid data to examine critical logics and controls of the system.

test data

Find proper definitions of techniques for white-box approach in auditing systems.

test data technique ----- uses a set of input data to validate system integrity parallel simulation ----- attempts to simulate the firm's key features or processes integrated test facility ----- enables test data to be continually evaluated during the normal operation of a system

IT projects are frequently canceled, late, over budget or don't deliver ________?

the intended consequences

Line charts typically are used to show values over _____

time

The first step in the economic justification process is _____.

to assess business requirements

Firms continue to monitor system availability. Fault _____ uses redundant units to provide a system with the ability to continue functioning when part of the system fails. Many firms implement a redundant array of independent drives (RAID) so that if one disk drive fails, important data can still be accessed from another disk.

tolerance

Firms use two encryption methods, _____ encryption and _____ encryption, in data transmission and electronic communication in e-business.

two-key one-key

In the UML class diagram of the conversion process, _____ images can be used to specify the plan for how the resources are to be used.

type

When the business relationship between raw materials and finished goods is complex, the UML class model of the conversion process can promote the bill of materials association to a _____ image.

type

Firms continue to monitor system availability. Backups are used to alleviate problems of file or database corruptions. An _____ power supply is a device using battery power to enable a system to operate long enough to back up critical data and shut down properly during the loss of power. Both are corrective controls.

uninterruptible

To audit a system, auditors use the test data technique to _____ system integrity. When creating the test data, auditors need to prepare both valid and invalid data to examine critical logics and controls of the system.

validate

The last step in the economic justification process is to describe the _____ proposition for the preferred alternative.

value

We often define _____ as weaknesses or exposures in IT assets or processes that may lead to a business risk, compliance risk, or security risk

vulnerability

A data _____ is a centralized collection of firm-wide data for a relatively long period of time.

warehouse

The data in a data _____ are pulled periodically from each of the operational databases (ranging from a couple of times a day to once a year) and often maintained for 5 to 10 years.

warehouse

To use the _____-box approach to audit systems, auditors need to understand the internal logic of the system/application being tested.

white

The development of a business model canvas starts with the _____ proposition.

value

The firm's _____ proposition includes attributes of its products, such as price, quality, and selection, as well as attributes of its relationship with its customers and its brand image.

value

Pie charts are typically used to show the composition of a _____

whole

The business case should determine _____ the company is doing the project.

why

A _____ _____ network (WAN) links different sites together; transmits information across geographically dispersed networks; and covers a broad geographic area such as a city, region, nation, or an international link.

wide area

To prepare a PERT chart, all project tasks to complete a project must be broken down in a process known as the ______________.

work breakdown structure

Which of the statements below best defines an embedded audit module?

A programmed module added to the system so that the auditors can monitor and collect data over online transactions.

Select the best answer in describing virtualization and cloud computing.

A virtual machine containing system applications and data backups is often resides in the cloud off-site or at various locations.

Which of the following is not an example of direct acquisition costs?

Business disruption costs

Which of the following is true about approaching ill-structured problems?

Careful planning is required

To conduct business to business e-commerce, companies often need to involve which of the following items in operations?

Certificate authority PKI Authentication Encryption

Which of the following is NOT part of selecting and modifying the visualization?

Set relationships among tables

A type of information security attack, called _____ _____, is to manipulate someone to take certain action that is not in that person's best interest, such as revealing confidential information or granting access to an office building.

Social Engineering

Select all that apply Which of the following are examples of direct costs of acquiring information technology?

Software costs Training costs Hardware costs

Select all that apply Which of the following are categories of IT initiative risks that should be addressed?

Solution risk Change risk Alignment risk

Which of the following is not part of the second step: defining the business requirements.

Specify how new technology can be applied

Select all that apply Select the correct definition(s) of examples of security risks and attacks.

Spyware is secretly installed into an information system to gather information on individuals or organizations without their knowledge. Spoofing is sending a network message that appears to come from a source other than its actual source.

Models of the conversion process must be able to describe information about which of the following things?

Standard costs of material Material costs Cost of goods manufactured Overhead allocations Labor costs

Which of the following is NOT usually listed under the revenue streams element of a business model canvas?

Personnel expense

Treemaps are similar in purpose to which of the following charts?

Pie charts

Ill-structured problems require careful _____ and attention to detail.

Planning

Which phase of the SDLC begins with a business need for a new or improved information system?

Planning Phase

Which phase of the SDLC includes a feasibility study for a new or improved information system?

Planning Phase

Which phase of the SDLC is used as a basis to get buy-in and funding from upper management?

Planning Phase

True or false: Common benefits of using wireless technology include mobility, rapid deployment, and flexibility and scalability of a network.

True

Management of IT benefits over an investment's life cycle is called the _____ IT framework.

Val

A framework intended to help managers create business value from IT investments is called:

Val IT

Select all that apply Define vulnerability.

Weaknesses or exposures in IT processes that may lead to a business risk, compliance risk, or security risk Characteristics of IT resources that can be exploited by a threat to cause harm to a firm

Consider the tblProductCategory table in Table 7.2; the foreign key (Product category manager) implements the _____ relationship between this type image and the tblPartners agent table.

assignment

Using the asymmetric-key encryption method, _____ can be achieved for electronic transactions.

authentication

In the BPMN activity model of Sunset Graphic's conversion process that includes swimlanes, the first gateway redirects process flow if the _____ is not finished.

batch

In the BPMN activity model of Sunset Graphic's conversion process that includes swimlanes, the second gateway redirects process flow if all _____ are not finished.

batch

In Sunset Graphic's conversion process raw materials are issued into work-in-process based on a _____ of material.

bill

Organizations need to create a business _____ for an IT investment.

case

Dimensions in Tableau are _____ fields.

categorical

Treemaps show relationships among nested

categories

Vertical column charts typically show fewer _____ than horizontal bar charts.

categories

The Sarbanes-Oxley Act of 2002 (SOX) requires management and auditors to report on the ____________ of internal controls over the company's accounting information system.

effectiveness

In the UML class diagram of the conversion process, _____ record costs applied to Work-in-Process.

event

Computer-assisted audit techniques enable auditors to gather and analyze audit _____ to test the adequacy and reliability of financial information and internal controls in a computerized environment.

evidence

True or false: The business model canvas is completely different from a strategy map.

false

The three categories of information technology are _____, network and enterprise.

function

Pert and _____ charts are specific project management tools which help address the time constraint.

gantt

The first step in preparing the data and developing visualizations is to _____ data.

get

An important part of understanding the data involves questioning how the data supports the overall ______ of the visualizations.

goal

The total acquisition cost includes direct and _____ costs required to acquire and deploy technology.

indirect

The discount rate that makes the project's net present value equal to zero is called the _____.

internal rate of return

In the BPMN activity model of Sunset Graphic's conversion process that includes swimlanes, the process finishes when conversion partners place the finished items in inventory and the inventory manager updates the _____ records.

inventory

The _____________ is generally a senior executive who takes responsibility for the success of the project.

project sponsor

Each of the following are implementation steps for Val IT except:

providing oversight of all organization's IT investments programs.

In using asymmetric-key encryption, each user has a pair of two keys, the _____ key and the _____ key.

public private

The general rule associated with the segregation of duties is that accounting controls should be set up to separate (1) custody of assets, (2) authorization of transactions, and (3)______________.

record-keeping responsibilities

The conversion process is inherently more complicated that either the sales and collection or purchase and payment processes because of the increased _____ requirements.

recordkeeping

Disaster _____ planning (DRP) is a process that identifies significant events that may threaten a firm's operations and outlines the procedures to ensure that the firm will resume operations when the events occur.

recovery

Part of understanding the data is to find relevant _____ for the data.

sources

Part of getting the Excel data is to convert the raw data into _____

tables

In the relationships view in Power BI, inactive relationships are shown with a _____ line.

dashed

On the left, the Power BI report view screen shows icons representing the three different views: report, _____, and relationships.

data

The _____ view in Power BI lets you calculate new fields and set formatting for fields, such as currency fields.

data

In today's electronic world, most accounting records are stored in a _____

database

The triple constraints of project management are also called ____________.

dempster's triangle

Internal rate of return is the _____ rate that makes the project's net present value equal to zero.

discount

Present value equals the cash flow for each period divided by one plus the _____ rate to the power "t."

discount

How many core principles of effective information technology planning are advocated by the International Federation of Accountants?

10

Which of the following is NOT something the project plan would include?

Current processes documentation

Which of the following is NOT true about data visualizations.

Data visualizations are the only way to present data

True or false: A BPMN activity model of Sunset Graphic's conversion process would not need swimlanes because there is only one function involved.

False

Rank the steps in the balanced scorecard management process in the sequence that they should occur.

Formulate Translate Link Monitor Adapt

All but the following are examples of direct operating costs incurred after implementing an IT project.

IT implementation costs

Which of the following is NOT an element of the business model canvas?

Key technologies

Match each situation below with the correct type of vulnerability.

No regular review of a policy that identifies how IT equipments are protected against environmental threats ----- Vulnerabilities within a physical IT environment Software not patched immediately ----- Vulnerabilities within an information system Poor user access management allows some users to retrieve sensitive information not pertaining to their roles and responsibilities ----- Vulnerabilities within the processes of IT operations Failure to terminate unused accounts in a timely manner ----- Vulnerabilities within an information system

Why do we need to use digital signatures in conducting e-business?

Obtain data integrity

Using the two-key encryption method for authentication, we need to be careful about how the keys are used. Select all correct answers regarding key usage in authentication from the list below.

Only the pair of one user's two keys is used for encryption and decryption. Public key management is very important because we use public keys to authenticate others in conducting e-business.

Virtualization and ______ computing are considered good alternatives to back up data and applications.

cloud

For horizontal bar charts, the purpose is to _____ information among categories.

compare

When considering "benefit dependency", IT functionality and _____ are precursors to business process change.

complementary changes

Good information security ensures that systems and their contents remain the same for integrity. In general, the goal of information security management is to protect the _____, integrity, and availability (CIA) of a firm's information.

confidentiality

General security objectives for both wired LANs and wireless LANs include: _____, _____, _____, and access control.

confidentiality integrity availability

A weakness of the payback period is _____.

it ignores the time value of money

Measures are ______ fields

numeric

True or false: Cybersecurity is highly technical and not relevant to CPA.

False

True or false: Excel is always the best visualization tool.

False

True or false: Bar charts compare information among categories.

True

Select the correct definition of a digital signature.

A digital signature is a message digest (MD) of a document (or data file) that is encrypted using the document creator's private key.

Similar to an enterprise risk assessment, a computer fraud risk assessment focuses on fraud schemes and scenarios to determine whether the controls exist and how the controls can be circumvented. List computer fraud risk assessments in sequence.

1. Identifying relevant IT fraud risk factors 2. Identifying and prioritizing potential IT fraud schemes 3. Mapping existing controls to potential fraud schemes and identifying gaps 4. Testing operating effectiveness of fraud prevention and detection controls 5. Assessing the likelihood and impact of a control failure and/or a fraud incident

Rank the following elements of Sunset's conversion process in sequence.

1. Manger authorizes production 2. Issues material into WIP 3. Construct the items 4. Place completed items in inventory

Match the numbers on the generic conversion process diagram with the business purpose of the association.

1. R/M that are issued to Work-in-Process 2. Finished Goods that increase when Work-in-Process completes 3. Employee that issues the raw materials 4. Employee that authorizes production 5. Employees that work in the process

Match individual computer fraud schemes with the oversights.

195 illegitimate drivers' licenses are created and sold by a police communications officer ----- Lack of authentication and role-based access control requirements An employee entered fake health insurance claims into the system, and profited $20 million ----- Lack of consideration for security vulnerabilities posed by authorized system access A computer technician uses his unrestricted access to customers' systems to plant a virus on their networks that brings the customers' systems to a halt. ----- Lack of access control to all customers' systems A foreign currency trader covers up losses of millions over a 5-year period by making unauthorized changes to the source code. ----- Lack of code reviews; improper change management

The relevant time frame for most IT initiatives is _____ years or less, since technology changes rapidly.

3

Information technology can affect all _____ elements of the business model canvas.

9

Who plays a major role in telling systems developers the specific information needs in an accounting information system?

Accountants

Select all that apply Which of the following are relevant costs of IT investments?

Acquisition costs Maintenance costs

Match the description with the name of the IT project risk category.

Alignment ----- solution is not aligned with firm strategy Solution ----- solution will not deliver projected benefits Financial ----- solution will not deliver expected financial performance Technological ----- technology will not deliver expected benefits Change ----- part of firm will not be able to change

Select all that apply Which of the following are true about IT investments?

As much as 20% of IT spending is wasted. They involve substantial costs. They offer opportunities to create value.

List the sequence of steps in the economic justification process in order of occurrence.

Assess business requirements Identify potential solutions Estimate costs, benefits, and risks Assess value propsition

Select all that apply Select correct statements regarding asymmetric-key encryption methods.

Asymmetric-key encryption is also called public-key encryption. Asymmetric-key encryption is also called two-key encryption. Asymmetric-key encryption is slow and is not appropriate for encrypting large data sets.

Select all that apply What is the white-box approach in auditing systems? Select all statements that apply.

Auditors need to create test cases to verify specific logic and controls in a system. It requires auditors to understand the internal logic of the system/application being tested.

Select the best answer in describing the authentication process.

Authentication can prevent repudiation while conducting transactions online.

In Sunset Graphic's conversion process when the quantity on hand of a product drops below the minimum level, the item manager production _____ to increase the quantity on hand.

Authorizes

What is the common practice in using symmetric-key encryption and asymmetric-key encryption methods in conducting e-business?

Both parties use the asymmetric-key encryption method to distribute the symmetric key securely. Both parties use the asymmetric-key encryption method to authenticate each other.

To authenticate the receiver (B), the sender (A) e-mails a challenge message to B. B will use _____ (tip: A's or B's) private key to encrypt the challenge message and send it to A. If A is able to use _____ (tip: A's or B's) public key to decrypt and get the plain text of the challenge message, A has authenticated B successfully.

B's B's

Your UML class diagram should link with the _____ diagrams and capture information about each data object in the BPMN activity diagrams.

BPMN or activity

_____ prioritizing the alternative IT initiatives based on the financial metrics, the project team should test the impact of changes in assumptions on the various financial metrics of the project.

Before

Which of the following are included in the typical accounting transactions for the conversion process?

Debit Finished Goods Inventory; credit Work-in-Process Inventory Debit Work-in-Process Inventory; credit Manufacturing Wages Debit Work-in-Process Inventory; credit Raw Material Inventory

Which of the following businesses are likely to use a conversion process?

Dell Computer Company Molson Coors Brewing Company Jelly Belly Candy Company

What does the design phase of the SDLC do?

Describes in detail the desired features of the system.

Which phase of the SDLC describes in detail the desired features of the system?

Design Phase

Which of the following are objectives for process steps in Sunset Graphic's conversion process?

Direct labor costs are recorded promptly and accurately. Appropriate partner authorizes production to meet expected demand.

Select all that apply Which of the following are examples of direct operating costs after implementing an IT project?

Disposal costs Maintenance contracts Software upgrades

True or false: A local area network is a group of computers, printers, and other devices connected to the same network and covers a large geographic range such as a city, a county, or a state.

False

Which of the following can help companies achieve a positive return on investment for their IT investments according to IndustryWeek magazine?

Employ a formal, structured approach

Which of the following are elements of the generic conversion process UML class model?

Employees Raw Materials Issue Raw Materials Bill of material Finished Goods

Select all that apply Select the correct concepts regarding encryption.

Encryption is a preventive control. Encryption provides confidentiality and privacy for data transmission and storage.

_____ IT are those that restructure interactions within the organization as well as with external partners.

Enterprise

Which of the following types of businesses are likely to use a conversion process?

Equipment manufacturing Restaurants Automobile repair

Select all that apply Which of the following must be determined to use capital budgeting techniques for each IT alternative?

Establish relevant time frame Select appropriate discount rate Assess sensitivity to assumptions

The main factors in encryption are key length, encryption algorithm, and key management. Select the correct statement regarding encryption.

Establishing a policy on key management is essential for information security.

Select all that apply What are the main purposes of AICPA cybersecurity risk management framework?

Evaluate a company's cybersecurity controls . Describe a company's cybersecurity risk management system.

To record equipment use in Work-in-Process, the UML class diagram would include an Equipment Operations _____ to record the costs.

Events

True or false: Budget planning is one of the 10 core principles of effective information technology planning.

False

Match the processes for vulnerability assessment and vulnerability management.

Identification ----- Vulnerability assessment Risk assessment ----- Vulnerability assessment Remediation ----- Vulnerability management Maintenance ----- Vulnerability management

Which of the following would NOT be part of creating BPMN diagrams to describe a process?

Identify the resources, agents, and events

Which phase of the SDLC involves development and testing of the system?

Implementation Phase

Which phase of the SDLC involves placing the system into production such that users can actually use the system that has been designed for them?

Implementation Phase

Select all that apply Which of the following are examples of network IT?

Instant messaging Email software

Good information security ensures that systems and their contents remain the same for integrity. In general, the goal of information security management is to protect the confidentiality, _____, and _____ (CIA) of a firm's information.

Integrity Availability

Select all that apply Which of the following financial metrics consider the time value of money?

Internal rate of return Net present value

Match the accounting transaction with the step in the BPMN activity diagram for Sunset Graphics.

Issue Raw material ----- Debit work-in-Process; Credit Raw Material Inventory Perform work ----- Debit Work-in-Process; Credit Manufacturing Wages and Overhead Complete Product- ion ----- Debit finished Goods Inventory; credit Work-in-Process Authorize production ----- No accounting transaction required

Identify the major steps in the conversion process shown in the generic UML class diagram.

Issue raw material Authorize production

Which of the following is NOT a feature of the business model canvas?

It does not show the impact of IT

What is a message digest?

It is a result of a hashing process such as using the SHA-256 algorithm.

Select all that apply What is the black-box approach in auditing systems? Select all statements that apply.

It is adequate when automated systems applications are relatively simple. It is to audit around the computer. The advantage of this approach is that the systems will not be interrupted for auditing purposes.

Select the correct statement regarding the black-box approach in auditing systems.

It is also called auditing around the computer.

Select all that apply What is a digital signature?

It is encrypted using the private key of the creator of document or data file. It is a message digest (MD) of a document or a data file. The process of getting a message digest (MD) is called hashing.

In the typical conversion process, Work-in-Process inventory is the sum of raw material issued, labor used, and manufacturing _____ allocated.

Overhead

Select all that apply Which of the following are project management tools to help address time constraints?

PERT charts Gantt charts

Which of the following are access controls over Sunset Graphic's conversion process?

Partner authorizing production can't modify inventory records. Partner issuing material can't modify bill of material.

What term in the Technology Acceptance Model (TAM) defines the extent to which a person believes that the use of a particular system would be free of effort?

Perceived Ease of Use

Since 2003, information security management has been ranked as the top one technology issue for CPAs. According to AICPA, information security management is "an integrated, systematic approach that coordinates people, policies, standards, _____, _____ used to safeguard critical systems and information from internal and external security threats."

Process Control

Select all that apply Which of the following correctly describe relationships among the four balanced scorecard perspectives?

Process affects Customer Process affects Financial Learning and Growth affects Process

Which of the following are indicated by this BPMN diagram of Sunset Graphic's conversion process?

Process loops until the batch is complete Process loops until all batches are complete Intermediate error indicates quality failures

Refer to the UML class diagram of Sunset's conversion process; which of the following tables would pick up foreign keys when the diagram is implemented in relational tables?

Products Material Issue Bill of Material Production Authorization Labor Operations

Select all that apply A fraud prevention and detection program starts with a fraud risk assessment across the entire firm. Select correct statements on the role(s) of the audit committee on fraud risk assessment, prevention and detection.

The audit committee has an oversight role in the fraud risk assessment process. The audit committee interacts with external auditor to ensure that fraud assessment results are properly communicated. The audit committee works with the internal audit group to ensure that the fraud prevention/detection program remains an ongoing effort.

Select all that apply The business case should focus on which of the following?

The change and proposed technology The likelihood of achieving the benefits The anticipated benefits

Select all that apply What are the main concerns of cloud user companies on the cloud service providers?

The cloud service provider's financial viability The security of the cloud computing systems and networks Whether the cloud service provider's internal controls are properly designed and effective

Who is responsible to prevent and catch fraud?

The management

Select all that apply Because research indicates that more than half of the malicious incidents in IT security are caused by insider abuse and misuse, firms should implement a sound system of internal controls to prevent and detect frauds perpetrated by insiders. Which of the following conditions often exist for a fraud to be perpetrated?

The perpetrator is pressured with a reason to commit fraud. There is an opportunity for fraud to be perpetrated. The perpetrator has an attitude to rationalize the fraud.

Consider the tblBill_of_Material table shown in Table 7.2. Which of the following would best describe the structure of that table if it was a linking table instead of a type image?

The primary key would change

Which of the following is not a product characteristic that affects customers' willingness to buy?

The product supplier

Which of the following best describes why there is no work-in-process inventory resource in a UML class model of the conversion process?

The value of work-in-process can be calculated.

Which of the following is NOT true of pie charts?

They compare values across time

Which of the following is NOT true about line charts?

They show distribution of a single variable

Select all that apply Identify the main purposes for a wide area network (WAN).

To provide remote access to employees or customers To link various sites within the firm To provide corporate access to the Internet

True or false: According to IndustryWeek magazine, a formal, structured approach that links IT investment to business performance can help avoid return on IT investment problems by providing a focus that is often missing.

True

Select all that apply Which of the following is an example of function IT?

Word processing software Spreadsheet software Map applications

In our electronic world, all or most accounting records are stored in a database. A database is:

a shared collection of logically related data that meets the information needs of a firm

A wireless network is comprised of two fundamental architectural components: _____ and _____

access stations

Scope creep is the broadening of a project's scope that occurs ______ the project has started.

after

Management is responsible for fraud risk assessments, while the _____ _____ typically has an oversight role in this process.

audit committee

The Sarbanes-Oxley Act of 2002 (SOX) requires management and _________ to report on the effectiveness of internal controls over the company's accounting information system.

auditors

The general rule associated with the segregation of duties is that accounting controls should be set up to separate (1) custody of assets, (2) ______________, and (3) record-keeping responsibilities.

authorization of transactions

Both payback period and _____ analysis both compare the costs with benefits of an IT project with considering the time value of money.

breakeven

The UML class diagram of the conversion process does not show a Work-in-Process resource, since the the value of the Work-in-Process inventory can be _____ at any time.

calculated

When using asymmetric-key encryption method in e-business, a _____ authority (CA) is a trusted entity that issues and revokes digital certificates. A digital certificate indicates the subscriber identified in the certificate with sole control and access to the private key, and binds the name of a subscriber to a public key.

certificate or certification

When joining two tables in Tableau, the overlapping _____ indicate the type of join.

circles

Common security objectives for both wired and wireless networks include: confidentiality, integrity, availability, and access control. Select the correct explanation for each term.

confidentiality ----- Communication cannot be read by unauthorized parties. integrity ----- Detect any intentional or unintentional changes to the data during transmission. availability ----- Devices and individuals can access a network and its resources whenever needed. access control ----- Restrict the rights of devices or individuals to access a network or resources within a network.

Accounting-based measures _____ the success of the firm's investments in learning and growth, process performance, and ability to deliver value to customers.

confirm

Disaster recovery planning is the process of rebuilding the operations and infrastructure after a disaster has occurred. Business _____ management (BCM) refers to the activities required to keep a firm running during a period of displacement or interruption of normal operations.

continuity

With _____ auditing, theoretically, an audit report/opinion can be issued simultaneously with, or shortly after, the occurrence of the events under review.

continuous

A _____ _____ occurs when audit-related activities are performed on a continuous basis.

continuous audit

It is important that a cloud user company obtains and reviews a service organization control (SOC) report from the cloud provider prior to signing an agreement for the service. Such a report provides stringent audit requirements, with a stronger set of _____ on the cloud computing service provider.

control

The __________ process is inherently more complicated than either the sales and collection process or the purchases and payments process.

conversion

Both disaster recovery planning (DRP) and business continuity management (BCM) are the most critical ____ controls, and DRP is a key component of BCM.

corrective

The three constraints of project management include scope, time, and ________.

cost

IT projects offer important benefits to organizations but also involve substantial _____

costs

In the queries, you need to set _____ to constrain transactions to the first quarter or other appropriate date range.

criteria

The _____ path is the longest path for a project and represents the minimum amount of time needed for the completion of the project when sufficient resources are allocated.

critical

Creating accurate BPMN diagrams is often an _____ process.

iterative

Public ____ infrastructure (PKI) is an arrangement that issues digital certificates to users and servers, manages the key issuance, and verifies and revokes certificates by means of a certificate authority.

key

The _____ and _____ perspective describes the firm's objectives for improvements in tangible and intangible infrastructure.

learning growth

Computer frauds also happen during the systems development ______ cycle (SDLC).

life

A _____ _____ _____ (LAN) is a group of computers, printers, and other devices connected to the same network and covers a limited geographic range such as a home, small office, or a campus building.

local area network

The business case should specify how _____ the project is expected to take.

long

The critical path is the _____ path for a project and represents the minimum amount of time needed for the completion of the project when sufficient resources are allocated.

longest

The maintenance phase of the SDLC involves ___________________

making changes, corrections, and upgrades to the system

After developing a strategy map, companies then plan, implement, and monitor performance using the balanced scorecard _____ process.

management

The processes and systems within the focal organization must be able to respond to incoming _____ flows.

message

To create a digital signature, the document creator must use his or her own private key to encrypt the _____ _____(MD), so the digital signature also authenticates the document creator.

message digest

Understanding the data also includes selection of appropriate _____

metrics

A common security threat, _____, is that the attacker steals or makes unauthorized use of a service.

misappropriation

Select all that apply The balanced scorecard management process allows companies to:

monitor their performance describe their implementation strategy

You can use Value Field Settings to specify a Custom _____ for a field.

name

The three categories of information technology are function, _____, and enterprise.

network

Benefits should be measured in comparison to the revenues and costs that will occur if the IT initiative is _____ implemented.

not

The 15-15 rule of project management suggests that if the project is 15% over budget or 15% _______________, it will likely never recoup the time or cost necessary to be considered successful.

off the desired schedule

The _____ system is the most important system software because it performs the tasks that enable a computer to operate.

operating

According to the fraud triangle, three conditions exist for a fraud to be perpetrated: incentive or pressure, _____, and rationalization.

opportunity

The 15-15 rule of project management suggests that if the project is 15% ___________ or 15% off the desired schedule, it will likely never recoup the time or cost necessary to be considered successful.

over budget


Related study sets

Tema 8. Organización / Admin / 1º / Uni

View Set

Chapter 17- Servicing Electric Motor and Controls

View Set

appendicitis, peritonitis, diverticular disease,

View Set

Medieval Europe Quiz - Chapter 6, Section 2

View Set

History Rhineland remilitarization

View Set

Neurology 400 - Special Senses: Taste

View Set