CHAPTER 13 information system
At which phase in the SDLC are errors most costly to correct? Programming Conceptual design Implementation Analysis
Correct Answer: Implementation
Which of the following statements about the GAS techniques for substantive testing is NOT correct? GAS captures data during processing without removing the application from service. GAS languages are easy to use and require little IT background. GAS techniques are limited to use with flat files and relational database tables. Complex file structures need to be flattened before they can be read by GAS. All of the above are correct statements.
GAS captures data during processing without removing the application from service.
Which of the following steps is NOT considered to be part of this system's survey? 1. Equipment sold by various computer manufacturers is reviewed in terms of capability, cost, and availability. 2. Interviews are conducted with operating people and managers. 3. The complete documentation of the system is obtained and reviewed. 4. Measures of processing volume are obtained for each operation. 5. Work measurement studies are conducted to determine the time required to complete various tasks or jobs.
Correct Answer: Equipment sold by various computer manufacturers is reviewed in terms of capability, cost, and availability.
User test and acceptance is part of which phase of the SDLC? 1. General systems design 2. Program specification and implementation planning 3. Detailed system design 4. Implementation
Correct Answer: Implementation
Which of the following is the most important factor in planning for a system change? Having an auditor as a member of the design team. Involving top management and people who use the system. Using state-of-the-art techniques. Concentrating on software rather than hardware. Selecting a user to lead the design team.
Correct Answer: Involving top management and people who use the system.
Which of the following is least likely to be an accountant's role in the SDLC? Auditor User Consultant Programmer All of these are likely roles
Correct Answer: Programmer
Which of the following represents the correct order in problem resolution? 1. Recognize the problem, define the problem, specify system objectives, perform feasibility studies, and prepare a project proposal. 2. Define the problem, recognize the problem, perform feasibility studies, specify system objectives, and prepare a project proposal. 3. Recognize the problem, define the problem, perform feasibility studies, specify system objectives, and prepare a project proposal. 4. Define the problem, recognize the problem, specify system objectives, perform feasibility studies, and prepare a project proposal.
Correct Answer: Recognize the problem, define the problem, specify system objectives, perform feasibility studies, and prepare a project proposal.
__________ systems planning involves the allocation of systems resources at the macro level. It often deals with a time frame of three to five years. 1. Bottom-up 2. Network 3. Top-down 4. Strategic 5. Sequential
Correct Answer: Strategic
In the context of the TELOS acronym, technical feasibility refers to whether the system manager can coordinate and control the activities of the systems department: 1. a proposed system is attainable, given the existing technology. 2. an adequate computer site exists for the proposed system. 3. the proposed system will produce economic benefits exceeding its costs. 4. the system will be used effectively within the operating environment of an organization.
Correct Answer: a proposed system is attainable, given the existing technology.
One-time costs of system development include all of the following EXCEPT site preparation 1. hardware acquisition 2. programming 3. hardware maintenance 4. data conversion 5. none of the above because they are equally precise
Correct Answer: hardware maintenance
All of the following would likely be SDLC participants EXCEPT accountants. 1. programmers. 2. management. 3. shareholders. 4. all of the above.
Correct Answer: shareholders.
Which of the following statements about the ITF technique for testing is NOT correct? 1. Applications may be tested directly without being removed from service. 2. ITF supports continuous monitoring of controls. 3. ITF has the potential to corrupt corporate databases. 4. During normal operations, test transactions are merged into the input stream of regular (production) transactions. 5. All of the above are correct statements.
Correct answer: All of the above are correct statements.
Which of the following is not an operating system objective? 1. The operating system must protect itself from users. 2. The operating system must protect users from themselves. 3. The operating system must be protected from its environment. 4. The operating system must protect users from each other. 5. All of the above are operating system objectives.
Correct answer: All of the above are operating system objectives.
Which of the following is NOT and SDLC control issue during an audit? 1. Users and computer services management properly authorized the project. 2. The preliminary feasibility study showed that the project had merit. 3. A cost-benefit analysis was conducted using reasonably accurate values. 4. The detailed design was an appropriate solution to the user's problem. 5. All of the above are specific points of review.
Correct answer: All of the above are specific points of review.
Which of the following statements is NOT correct? 1. Application logic changes may be made directly to the load module. 2. As a practical matter, programs in their compiled state are secure and free from the threat of unauthorized modification. 3. Executing a production application requires that the source code be compiled and linked to a load module. 4. Once the application is compiled, the source code is not needed to run the application. 5. All of the above are correct statements.
Correct answer: Application logic changes may be made directly to the load module.
Which of the following statements about test data techniques for testing application controls are NOT correct? Implementing the test is costly and labor intensive. Applications may be tested directly without being removed from service. The test provides only a static picture of application integrity. The test provides explicit evidence of application functions.
Correct answer: Applications may be tested directly without being removed from service.
Which of the following statements is NOT correct? EAMs capture transactions during processing without removing the application from service. EAMs support continuous monitoring of controls. EAMs have the potential to corrupt corporate databases. EAMs decrease operational performance. All of the above are correct statements.
Correct answer: EAMs have the potential to corrupt corporate databases.
Which of the following is NOT an SDLC controllable activity? External audit participation User specification Systems authorization User test and acceptance procedures All of the above are SDLC controls
Correct answer: External audit participation
The TELOS acronym is often used for determining he need for system changes. Which of the following types of feasibility studies are elements of TELOS? 1. Legal, environmental, and economic 2. Environmental, operational, and economic 3. Technical, economic, legal, and practical 4. Practical, technical, and operational 5. Accounting rate of return method 6. Technical, operational, and economic
Correct answer: Technical, operational, and economic
Which of the following is NOT a test for identifying application control errors? Access test User acceptance tests Field tests Range tests All of the above
Correct answer: User acceptance tests
Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an ACK, is a DES message. a call-back device. the request-response technique. a denial of service attack. none of the above.
Correct answer: a denial of service attack.
Tracing is a technique that 1. reviews interest calculations to identify salami fraud. 2. performs an electronic walk through of computed logic database. 3. allows test data to be merged with production data and traces the effects to the database. 4. none of the above.
Correct answer: performs an electronic walk through of computed logic database.
Which of the following is NOT an advantage of commercial software? Cost Independence Implementation time Reliability Internal controls
Independence
Which of the following is NOT a common type of through-the-computer tests of controls? Completeness tests Validity tests Inference tests Redundancy tests
Inference tests
Which of the following is NOT a one-time cost 1. Insurance 2. Data conversion 3. Software acquisition 4. Site preparation
Insurance
The TELOS study that determines whether a project can be completed in an acceptable time frame is 1. an on-time feasibility study. 2. a schedule feasibility study. 3. a time frame feasibility study. 4. an economic completion feasibility study. 5. a length of contract feasibility study.
a schedule feasibility study.
A feasibility study to determine selection of a new computer system should 1. include a report by the internal audit department that evaluated internal control features for each planned application. 2. provide the preliminary plan for converting existing manual systems and clerical operations. 3. consider costs, savings, controls, profit improvement, and other benefits analyzed by application area. 4. provide management with assurance from qualified, independent consultants that the use of a computer system appeared justified.
consider costs, savings, controls, profit improvement, and other benefits analyzed by application area.
The purpose of a checkpoint procedure is to facilitate restarting after operating system failure. data input errors. the failure to have all input data ready on time. computer operating intervention. none of the above.
none of the above
An integrated group of programs that supports the applications and facilitates their access to specified resources is called a(n) utility system. database management system. operating system. facility system. none of the above.
operating system
The database attributes that individual users have permission to access are defined in the operating system. user view. user manual. database schema. application listing.
user view
The program that attaches to another legitimate program and replicates itself into areas of idle memory is called a back door. Trojan horse. worm logic bomb. none of the above.
worm
