AIS CH. 5,6,7

Ace your homework & exams now with Quizwiz!

A _____ identifies and inventories mission critical business processes and supporting information systems, as well as establishes timelines and priorities for resuming processing capabilities. A. Business Impact Analysis B. Business Resumption Plan C. Emergency Contact Plan D. Disaster Recovery Plan

A. Business Impact Analysis

According to PCAOB Standard No. 5, which of the following is an example of an entity-level control? A. Effectiveness of the board of directors B. Personnel controls C. Access to computer files D. All of the above

A. Effectiveness of the board of directors

This term describes the policies, plans, and procedures implemented by a firm to protect the assets of the organization. A. Internal control B. SAS No. 94 C. Risk assessment D. Monitoring

A. Internal control

Which of the following is not one of the components of the 2017 COSO Enterprise Risk Management: Aligning Risk with Strategy and Performance Framework: A. Risk and Compliance B. Risk, Strategy, and Objective-Setting C. Monitoring Enterprise Risk Management Performance D. Risk in Execution

A. Risk and Compliance

Which of the following would a manager most likely use to organize and evaluate corporate governance structure? A. The 2013 COSO Internal Control—Integrated Framework B. The 2017 COSO Enterprise Risk Management—Aligning Risk with Strategy and Performance Framework C. The Sarbanes-Oxley Act of 2002 D. COBIT

A. The 2013 COSO Internal Control—Integrated Framework

COSO recommends that firms to determine whether they should implement a specific control. A. Use cost-benefit analysis B. Conduct a risk assessment C. Consult with the internal auditors D. Identify objectives

A. Use cost-benefit analysis

Components of an ERP's architecture typically include: A. a centralized database and application interfaces B. Internet portals and multiple databases C. a centralized database running on a mainframe computer D. business intelligence and multiple databases

A. a centralized database and application interfaces

A company's management is concerned about computer data eavesdropping and wants to maintain the confidentiality of its information as it is transmitted. The company should utilize15 A. data encryption. B. dial-back systems. C. message acknowledgment procedures. D. password codes.

A. data encryption.

Fault-tolerant systems are designed to tolerate computer errors and are built on the concept of _____. A. redundancy B. COBIT C. COSO D. integrated security

A. redundancy

Which of the following is not a computer facility control? A. Place the data processing center where unauthorized individuals cannot gain entry B. Limit access to the data processing center to all employees of the company C. Buy insurance to protect against loss of equipment in a computer facility D. Use advanced technology to identify individuals who are authorized access to the data processing center

B. Limit access to the data processing center to all employees of the company

Which of the following is not one of the four objectives of an internal control system? A. Safeguard assets B. Promote firm profitability C. Promote operational efficiency D. Encourage employees to follow managerial policies

B. Promote firm profitability

The purpose of a/n __ edit check is to ensure that an input field does not exceed expected norms, i.e., someone doesn't enter more than 24 hours worked in a day. A. Completeness B. Reasonableness C. Sequence D. Consistency

B. Reasonableness

Which of the following is not one of the three additional components that was added in the 2004 COSO Enterprise Risk Management—Integrated Framework? A. Objective setting B. Risk assessment C. Event identification D. Risk Response

B. Risk assessment

Which of the following would a manager most likely use for risk assessment across the organization? A. The 2013 COSO Internal Control—Integrated Framework B. The 2017 COSO Enterprise Risk Management—Aligning Risk with Strategy and Performance Framework C. The Sarbanes-Oxley Act of 2002 D. COBIT

B. The 2017 COSO Enterprise Risk Management—Aligning Risk with Strategy and Performance Framework

In entering the billing address for a new client in Emil Company's computerized database, a clerk erroneously entered a nonexistent zip code. As a result, the first month's bill mailed to the new client was returned to Emil Company. Which one of the following would most likely have led to the discovery of the error at the time of entry into Emil Company's computerized database?14 A. Limit test B. Validity test C. Parity test D. Record count test

B. Validity test

In selecting a new AIS, a company's management should: A. always hire a consultant B. always consult with your accountant during the decision process C. never rely on your accountant for help in this decision D. always use an Internet software service to make the decision

B. always consult with your accountant during the decision process

Segregation of duties is a fundamental concept in an effective system of internal control. But, the internal auditor must be aware that this safeguard can be compromised through: A. lack of training of employees B. collusion among employees C. irregular employee reviews D. absence of internal auditing

B. collusion among employees

Mid-level accounting software: A. can only be deployed through a server networked with desktop computers B. may be purchased in modules that match various business processes C. will not be appropriate for a multinational company because these programs cannot handle foreign currencies D. is generally inappropriate for a company operating in a specialized industry, such as retail or not-for-profit

B. may be purchased in modules that match various business processes

A _____ is a comprehensive plan that helps protect the enterprise from internal and external threats. A. firewall B. security policy C. risk assessment D. VPN

B. security policy

Accounting and enterprise software can be expensive. Which of the following is likely to be the highest cost associated with a new AIS? A. the cost of new hardware B. the cost of implementing and maintaining the new system C. the cost of the software D. the cost of converting old data for the new system

B. the cost of implementing and maintaining the new system

All of the following are examples of authenticating based on something you know except A. password B. token C. PIN D. passphrase

B. token

Which of the following accounting software programs would be appropriate for a small business (e.g., a sole proprietorship with 20 employees)? A. SAP B. QuickBooks C. NetSuite D. Oracle

C. NetSuite

Which of these is not one of the three major types of controls? A. Preventive B. Corrective C. Objective D. Detective

C. Objective

Which one of the following forms of audit is most likely to involve a review of an entity's performance of specific activities in comparison to organizational specific objectives? A. Information system audit B. Financial audit C. Operational audit D. Compliance audit

C. Operational audit

Separation of duties is an important control activity. If possible, managers should assign which of the following three functions to different employees? A. Analysis, authorizing, transactions B. Custody, monitoring, detecting C. Recording, authorizing, custody D. Analysis, recording, transactions

C. Recording, authorizing, custody

Which one of the following would most compromise the use of backups as protection against loss or damage of master files?16 A. Use of magnetic tape B. Inadequate ventilation C. Storing of all files in one location. D. Failure to encrypt data

C. Storing of all files in one location.

Section 404 affirms that management is responsible for establishing and maintaining an adequate internal control structure. This section may be found in which of the following? A. The 2013 COSO Internal Control—Integrated Framework B. The 2017 COSO Enterprise Risk Management—Aligning Risk with Strategy and Performance Framework C. The Sarbanes-Oxley Act of 2002 D. COBIT

C. The Sarbanes-Oxley Act of 2002

Within the context of ERP systems, a mashup is: A. a combination of several accounting systems B. the mess created when ERP systems fail to interface with legacy systems C. a Web page that can combine data from two or more external sources D. the informal name given to annual ERP conferences

C. a Web page that can combine data from two or more external sources

Organizations use _____ controls to prevent, detect, and correct errors and irregularities in transactions that are processed. A. specific B. general C. application D. input

C. application

Which of the following is a distinguishing characteristic of an enterprise-wide (ERP) system? A. must be a hosted solution B. multiple databases C. integration of business functions D. low cost

C. integration of business functions

A _____ site is a disaster recovery site that is fully staffed and utilizes real-time replication of data and transaction processing. A. hot B. cold C. mirrored D. backup

C. mirrored

Low-end accounting software is increasingly complex and sophisticated. However, software costing only a few hundred dollars is not likely to: A. provide information to multiple stores where a company operates more than one B. include a chart of accounts that users may customize to suit their industry C. provide all the information needed to optimize customer and supplier relationships D. provide information for budgeting decisions

C. provide all the information needed to optimize customer and supplier relationships

Categories of application controls include all of the following except A. Input B. Processing C. Output D. Encryption

D. Encryption

Which of the following is the best DRP choice if minimal downtime is the primary deciding factor? A. Hot Site B. Warm Site C. Cold Site D. Mirrored site

D. Mirrored site

An internal control system should consist of five components. Which of the following is not one of those five components? A. The control environment B. Risk assessment C. Monitoring D. Performance evaluation

D. Performance evaluation

Which of the following is not one of the five components of Enterprise Risk Management from the COSO 2017 report? A. Risk governance and culture B. Risk, strategy and objective setting C. Risk in execution D. Risk response

D. Risk response

A _____ is a security appliance that runs behind a firewall and allows remote users to access entity resources by using wireless, handheld devices. A. data encryption B. WAN C. checkpoint D. VPN

D. VPN

Which of the following reasons might explain why a small business owner would hire a CPA firm or a software consultant to help select accounting software? A. to train employees to use the software B. to help the firm identify useful reports for decision-making C. to help with rescue/recovery needs should a disaster occur D. all of the above

D. all of the above

An organization will always need to upgrade to a new AIS if: A. a major competitor buys a new package B. customers complain about late deliveries C. the company wants to begin doing business over the Internet D. none of the above are necessarily reasons to buy new accounting software

D. none of the above are necessarily reasons to buy new accounting software

Disaster recovery plans may not be of much use if _____. A. they are not fully documented B. the organization does not have a cold site for relocation purposes C. the organization does not expect any natural disasters to occur D. they are not tested periodically and revised when necessary

D. they are not tested periodically and revised when necessary

When management of the sales department has the opportunity to override the system of internal controls of the accounting department, a weakness exists in A. risk management B. information and communication C. monitoring D.the control environments

D.the control environments


Related study sets

Biopsych Quiz 4: Drug Interactions and Sleep (other grade)

View Set

Ch. 11-15 questions Business Law

View Set

Chapter 14 - Money, Banking, and Financial Institutions

View Set

Chapter 23: S-Corps (Study Tools)

View Set

entrepreneurship final chapter 9

View Set