Chapter 15 Accounting Information Systems, Chap 12 Accounting Information Systems, Chapter 13 Accounting Information Systems, AIS FINAL REVIEW

Ace your homework & exams now with Quizwiz!

22) The disbursement voucher and supporting documents are sent to the ________ for payment prior to the due date. A) cashier B) treasurer C) controller D) accounts payable department

24) This determines if all required data items have been entered. A) completeness check B) field check C) limit check D) range check

26) The accounts receivable management method typically used by credit card companies is A) balance forward. B) postbilling. C) monthly statement. D) open-invoice.

3 6) If invoices are processed in groups of fifty, which fields from the document shown below would not be used to create a hash control total? A) Amount B) Item Number C) Quantity Ordered D) Sales Order number

3) Independent checks on performance include all the following except A) data input validation checks. B) reconciling hash totals. C) preparing a trial balance report. D) supervisor review of journal entries and supporting documentation.

30) Falk Noam is the internal auditor for Matan Incorporated. Before investigating the HRM / payroll cycle at Matan, Falk decided to read up on the proper segregation of duties regarding payroll disbursement processes. For strongest segregation of duties, the ________ should record payroll. A) accounts payable department B) cashier C) internal audit department D) external auditor

4) Which of the following data entry controls would not be useful if you are recording the checkout of library books by members? A) sequence check B) prompting C) validity check D) concurrent update control

4) ________ is the risk that exists before management takes any steps to mitigate it. A) Inherent risk B) Residual risk C) Risk appetite D) Risk assessment

41) Which of the following is not a threat to the revenue cycle shipping process? A) incomplete orders B) inventory theft C) picking the wrong items D) wrong shipping address

45) The legitimacy of customer orders is established by ________ in paper-based customer orders. A) the customer's signature B) the customer's pin number C) the customer's verbal authorization D) prior experience with the customer

46) The legitimacy of customer orders is established by ________ in Internet-based customer orders. A) digital signatures B) the customer's pin number C) the customer's credit card number D) prior experience with the customer

6) If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack, then security is A) effective. B) ineffective. C) overdone. D) undermanaged.

7) The simplest and most common way to commit a computer fraud is to A) alter computer input. B) alter computer output. C) modify the processing. D) corrupt the database.

8) All of the following controls for online entry of a sales order would be useful except A) check digit verification on the dollar amount of the order. B) validity check on the inventory item numbers. C) field check on the customer ID and dollar amount of the order. D) concurrent update control.

1) Why is a separate payroll account used to clear payroll checks? A) for internal control purposes, to help limit any exposure to loss by the company B) to make bank reconciliation easier C) Banks don't like to commingle payroll and expense checks. D) All of the above are correct.

10 5) Reducing management layers, creating self-directed work teams, and emphasizing continuous improvement are all related to which aspect of internal environment? A) organizational structure B) methods of assigning authority and responsibility C) management philosophy and operating style D) commitment to competence

10) Which of the following is not a way to reduce fraud losses? A) Conduct periodic external and internal audits. B) Maintain adequate insurance. C) Use software to monitor system activity. D) Store backup copies of program and data files.

11 2) Key differences exist when an integrated Enterprise Resource Planning system (ERP) replaces an existing AIS or legacy system. For example, ________ are more accurate and timely, enabling sales order entry staff to provide customers more accurate information about delivery dates. A) inventory records B) cash receipts C) credit approval decisions D) exception reports

12) Identify the primary means of protecting data stored in a cloud from unauthorized access. A) authentication B) authorization C) virtualization D) securitization

2) A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n) A) preventive control. B) detective control. C) corrective control. D) authorization control.

2) Error logs and review are an example of A) data entry controls. B) data transmission controls. C) output controls. D) processing controls.

20) The security technology that evaluates IP packet traffic patterns in order to identify attacks against a system is known as A) an intrusion prevention system. B) stateful packet filtering. C) static packet filtering. D) deep packet inspection.

20) When a proper segregation of duties exists in the area of handling cash receipts, the ________, who reports to the ________, actually handles the cash and is not the same person who posts cash receipts to customer accounts. A) cashier; treasurer B) cashier; controller C) accountant; treasurer D) accountant; controller

21) A document typically encountered in the revenue cycle that is both an output document and a source document is the A) sales invoice. B) customer purchase order. C) sales order. D) packing slip.

1) Most frauds are detected by A) external auditors. B) hotline tip. C) internal auditors. D) the police.

14) The basic document created in the billing process is call a ________. A) bill of lading B) sales invoice C) sales order D) packing list

14) Why did COSO develop the Enterprise Risk Management framework? A) to improve the audit process B) to improve the risk management process C) to improve the financial reporting process D) to improve the manufacturing process

15 5) How is expected loss calculated when performing risk assessment? A) impact times expected loss B) impact times likelihood C) inherent risk times likelihood D) residual risk times likelihood

15) A company uses the method for tracking accounts receivable where customers pay according to individual sales invoices. This describes the ________ method. A) monthly statement B) open-invoice C) balance forward D) cycle billing

16) Companies that specialize in processing payroll are known as A) paycheck distribution companies. B) payroll service bureaus. C) professional employer organizations. D) semi-governmental organizations.

16) This component of the fraud triangle explains how perpetrators justify their (illegal) behavior. A) pressure B) rationalization C) concealment D) opportunity

18) Hiring decisions at Maarja's Razors are made by Maimu Maarja, the Director of Human Resources. Pay rates are approved by the Vice President for Operations. At the end of each pay period, supervisors submit time cards to Kasheena, who prepares paycheck requisitions. Paychecks are then distributed through the company's mail room. This represents a(n) ________ segregation of duties. A) partial B) effective C) ineffective D) limited

18) The Trust Services Framework reliability principle that states access to the system and its data should be controlled and restricted to legitimate users is known as A) availability. B) security. C) privacy. D) integrity.

19 12) In the expenditure cycle, good control dictates that expenditures should be paid by check. This may not be feasible when minor purchases are made. To facilitate quick payment for minor purchases, a(n) ________ should be set up and maintained using ________. A) special bank account; disbursement vouchers B) imprest fund; vouchers C) cash box; small denomination bills D) petty cash fund; procurement cards

22) A serious exposure in the revenue cycle is loss of assets. What is the related threat and applicable control procedure that address this exposure? A) shipping errors; reconciliation of sales order with picking ticket and packing slip B) theft of cash; segregation of duties and minimization of cash handling C) making sales that turn out to be uncollectible; force sales people to make collection calls on customers with past due balances D) poor performance; preparation and review of performance reports

22) The document that lists each employee's gross pay, payroll deductions, and net pay in a multicolumn format is called A) an employee earnings statement. B) the payroll register. C) a deduction register. D) an employee time sheet summary.

24) Which of the controls below would be least effective at preventing a company from ordering goods at a price higher than market? A) Only place orders with vendors on an approved vendor list. B) Variance analysis of actual expenses to budgeted expenses C) For high-dollar goods, solicit competitive bids from possible vendors. D) Frequent review of, and update to, vendor price lists stored in the AIS

28) This batch processing data entry control sums a field that contains dollar values. A) record count B) financial total C) hash total D) sequence check

3) Restricting access of users to specific portions of the system as well as specific tasks, is an example of A) authentication. B) authorization. C) identification. D) threat monitoring.

3) The cashier deposits checks for Benedek Incorporated and also prepares payments to vendors. Of the following, who is best able to reconcile the bank statement to Benedek's records on a regular basis? A) cashier B) internal audit department C) treasurer D) external auditor

3) ________ remains after management implements internal control(s). A) Inherent risk B) Residual risk C) Risk appetite D) Risk assessment

30) Whose responsibility is it to determine the amount of time an organization can afford to be without its information system? A) the board of directors B) senior management C) external auditors D) COBIT

31) There is a symmetrical interdependence between a firm's expenditure cycle and its suppliers' A) production cycle. B) revenue cycle. C) expenditure cycle. D) general ledger and reporting system.

37) An accounts receivable aging report is useful for doing everything except A) estimating bad debts. B) estimating future sales. C) projecting the timing of future cash flows. D) deciding whether to increase a specific customer's credit limit.

4) ________ is/are an example of a preventive control. A) Emergency response teams B) Encryption C) Log analysis D) Intrusion detection

43) Which of the following is not a general threat to the revenue cycle? A) inaccurate master data B) loss of customers C) poor performance D) unauthorized disclosure of sensitive information

48) EFT payments are generally performed by A) the treasurer. B) a cashier. C) an accounts payable clerk. D) a credit manager.

5) The ________ specifies the point at which inventory is needed. A) company inventory policies B) reorder point C) economic order quantity D) stockout point

8) Which internal control framework is widely accepted as the authority on internal controls? A) COBIT B) COSO Integrated Control C) COSO Enterprise Risk Management D) Sarbanes-Oxley Control Framework

8) Which type of audit assesses employee compliance with management policies and procedures? A) external audit B) internal audit C) network security audit D) all of the above

0 28) Because it is the most fungible of all assets, the management of cash has always been the most difficult of all control issues. The most important of cash controls is A) minimization of cash handling. B) lockbox arrangements. C) segregation of duties. D) frequent reconciliation of records.

1 5) Experts estimate that, on average, the costs associated with replacing an employee are about ________ the employee's annual salary. A) one-quarter of B) one-half of C) one and one-half times D) twice

1 6) By using an ERP to merge the billing, sales, and marketing functions, the firm may be able to A) bill the customer right after the sale occurs. B) market products and services on bills sent to customers. C) use customer's past purchase history to send information about related products and services the customer may be interested in. D) eliminate the need for a firm to have a billing, sales, and marketing department.

10) What is the best control to reduce the risk of losing payroll data? A) passwords B) physical security controls C) backup and disaster recovery procedures D) encryption

12) An ________ is an arrangement where a bank receives customer payments and transmits payment data to the organization. A) e-commerce. B) electronic funds transfer (EFT). C) electronic lockbox. D) electronic data interchange (EDI).

15) To ensure proper segregation of duties, only the ________ has authority to issue credit memos. A) accounts receivable supervisor B) controller C) credit manager D) cashier

15) Upon getting into your new car, you suddenly became worried that you might become injured in an auto accident. In response, you decided to ride your bike instead. You chose to ________ the risk of being injured in an auto accident. A) reduce B) share C) avoid D) accept

17) The Trust Services Framework reliability principle that states personal information should be protected from unauthorized disclosure is known as A) availability. B) security. C) privacy. D) integrity.

17) Which of the following is a control that addresses the threat of unauthorized changes to the payroll master file? A) field checks B) batch totals C) segregation of duties D) sound hiring procedures

18) Data matching is an example of a(n) A) data entry control. B) data transmission control. C) processing control. D) input control.

18) The accounting department at Aglaya Telecom records an average of 2,500 transactions per hour. Managers state that the maximum acceptable loss of data in the event of a system failure is 2,500 transactions. The firm's recovery point objective is therefore A) 2,500 transactions. B) 5,000 transactions. C) 1 hour. D) 2 hours.

22) A(n) ________ system prepares and mails monthly statements to customers throughout the entire month, instead of just at the end of the month. A) continuous B) open-invoice C) cycle billing D) balance forward

26 9) Which of the following factors is not a reason forensic investigators are increasingly used in accounting? A) the Sarbanes-Oxley Act B) new accounting rules C) audit fee increases D) pressure from boards of directors

27 37) One way a firm could reduce the risk of problems with supplier dependability is to A) purchase inventory from only U.S.-based suppliers. B) use an ERP system for purchases. C) require suppliers to be ISO 9000 certified. D) automate the purchasing function.

28) All of the following regarding payroll checks is correct except A) access to payroll checks should be restricted. B) payroll checks should be sequentially pre-numbered. C) payroll checks should be drawn on the organization's regular bank account(s). D) the cashier should sign payroll checks.

3) COSO requires that any internal deficiencies identified through monitoring be reported to whom? A) the external auditor B) appropriate federal, state, or local authorities C) the board of directors D) the audit committee

3) The ________ normally triggers the customer payment recording process. A) sales invoice B) deposit slip C) remittance advice D) customer monthly statement

31) Why would a firm perform ABC cost analysis? A) to identify the best inventory supplier B) to reconcile accounts payable C) to prioritize physical inventory counts D) to verify production quality

32) This batch processing data entry control sums the number of items in a batch. A) financial total B) hash total C) record count D) sequence check

35) Identify item below that is the biggest purchasing function cost driver. A) the number of purchase requisitions processed B) the number of suppliers used C) the number of purchase orders processed D) the quantity of items ordered

35) Identify the most important component of a disaster recovery plan below. A) documentation B) operating instructions C) periodic testing D) on-site and off-site storage

4 16) The Trust Services Framework reliability principle that states sensitive information be protected from unauthorized disclosure is known as A) availability. B) security. C) confidentiality. D) integrity.

40) Which of the following is not a threat to the revenue cycle sales order entry process? A) incomplete orders B) invalid orders C) cash flow problems D) uncollectible accounts

45) Prompting is a control that helps ensure A) transaction data are not lost. B) transactions data are accurate. C) transactions data are complete. D) transaction data are valid.

6) How many principles are there in the 2013 updated COSO - Internal Control Framework? A) 5 B) 8 C) 17 D) 21

8 11) Which fraud scheme involves stealing customer receipts and applying subsequent customer cash payments to cover the theft? A) kiting B) laundering C) lapping D) bogus expense

28) Describe the basic activities in an HRM/payroll cycle.

The HRM/payroll cycle is a recurring set of business activities and related data processing operations associated with effectively managing the employee work force. Important activities in the HRM/payroll cycle include the following tasks: Recruitment and hiring of new employees. Training. Job assignment. Compensation (payroll). Performance evaluation. Discharge.

12 46) Identify the department below that should not be able to submit a purchase requisition. A) Marketing B) Production C) Inventory Control D) None of the above

14) Which situation below makes it easy for someone to commit a fraud? A) placing excessive trust in key employees B) inadequate staffing within the organization C) unclear company policies D) All of the above situations make it easy for someone to commit a fraud.

16) The Sarbanes-Oxley Act (SOX) applies to A) all companies with gross annual revenues exceeding $500 million. B) publicly traded companies with gross annual revenues exceeding $500 million. C) all private and public companies incorporated in the United States. D) all publicly traded companies.

16) The accounting department at Aglaya Telecom records an average of 5,000 transactions per hour. A cost-benefit analysis leads management to conclude that the maximum acceptable amount of data loss is 20,000 transactions. If the firm's recovery time objective is 60 minutes, then the worst case recovery time objective is A) 1 hour. B) 2 hours. C) 3 hours. D) 4 hours.

21) Vendor invoices are approved by the ________, which reports to the ________. A) purchasing department; controller B) accounts payable department; treasurer C) purchasing department; treasurer D) accounts payable department; controller

27) Which of the following is not an advantage of a voucher system? A) Several invoices may be included on one voucher, reducing the number of checks. B) Disbursement vouchers may be pre-numbered and tracked through the system. C) The time of voucher approval and payment can be kept separate. D) It is a less expensive and easier system to administer than other systems.

3) Which of the following is not a commonly used technique used to identify potential events? A) performing internal analysis B) monitoring leading events C) conducting interviews D) none of the above

6 3) Insiders are frequently the ones who commit fraud because A) they are more dishonest than outsiders. B) they need money more than outsiders. C) they are less likely to get caught than outsiders. D) they know more about the system and its weaknesses than outsiders.

6) Which type of audits can detect fraud and errors? A) external audits B) internal audits C) network security audits D) all of the above

1 25) The manager of Callow Youth Clothing was entering an order online from Sad Clown Pajamas. He ordered 100 one-size fits all pajama bottoms, but when he ordered 1000 one-size fits all pajama tops, the following error message popped up: "Did you mean to enter a quantity of 1000 for your order?" This message is the result of a A) reasonableness test. B) validity check. C) limit check. D) closed-loop verification.

1 4) Which of the following is not one of the three fundamental information security concepts? A) Information security is a technology issue based on prevention. B) Security is a management issue, not a technology issue. C) The idea of defense-in-depth employs multiple layers of controls. D) The time-based model of security focuses on the relationship between preventive, detective and corrective controls.

1 5) Excessive heat is an example of a(n) ________ threat. A) natural and political disasters B) software errors and equipment malfunctions C) unintentional acts D) system inefficiency

1) According to the ERM, these help the company address all applicable laws and regulations. A) compliance objectives B) operations objectives C) reporting objectives D) strategic objectives

1) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Then, ticket stubs collected at the theater entrance are counted and compared with the number of tickets sold. Which of the following situations does this control detect? A) Some customers presented tickets purchased on a previous day when there wasn't a ticket taker at the theater entrance (so the tickets didn't get torn.) B) A group of kids snuck into the theater through a back door when customers left after a show. C) The box office cashier accidentally gives too much change to a customer. D) The ticket taker admits his friends without tickets.

1) Lapping is best described as the process of A) applying cash receipts to a different customer's account in an attempt to conceal previous thefts of cash receipts. B) inflating bank balances by transferring money among different bank accounts. C) stealing small amounts of cash, many times over a period of time. D) increasing expenses to conceal that an asset was stolen.

1) Rauol is a receptionist for The South American Paper Company, which has strict corporate policies on appropriate use of corporate resources. The first week of March, Rauol saw Jim (the branch manager) putting printer paper and toner into his briefcase on his way out the door. This situation best reflects a weakness in which aspect of internal environment, as discussed in the COSO Enterprise Risk Management Framework? A) integrity and ethical values B) risk management philosophy C) restrict access to assets D) methods of assigning authority and responsibility

1) Requiring all packing slips be reconciled to purchase orders before accepting a delivery of inventory would be most likely to prevent which of the following situations? A) A supplier delivers more inventory than ordered at the end of the year and sends an invoice for the total quantity delivered. B) An employee mails a fake invoice to the company, which is then paid. C) The inventory records are incorrectly updated when a receiving department employee enters the wrong product number on the receiving report. D) Receiving department employees steal inventory and then claim the inventory was received and delivered to the warehouse.

1) The Trust Services Framework reliability principle that states that users must be able to enter, update, and retrieve data during agreed-upon times is known as A) availability. B) security. C) maintainability. D) integrity.

1) The sales department administrative assistant has been assigning phone order sales to her brother-in-law, a company sales person. Company policy is to pay commissions only on orders directly received by sales people, not on orders received over the phone. The resulting fraudulent commission payments might best have been prevented by requiring that A) sales commission statements be supported by sales order forms signed by the customer and approved by the sales manager. B) sales order forms be prenumbered and accounted for by the sales department manager. C) sales orders and commission statements be approved by the accounting department. D) disbursement vouchers for commission payments be reviewed by the internal audit department and compared to sales commission statements and sales orders.

1) Which activity below is not performed by Human Resources management (HRM)? A) compensation B) training C) discharge D) recruitment and hiring

1) Which component of the COSO Enterprise Risk Management Integrated Framework is concerned with understanding how transactions are initiated, data are captured and processed, and information is reported? A) information and communication B) internal environment C) event identification D) objective setting

1) Why are threats to accounting information systems increasing? A) Many companies do not realize that data security is crucial to their survival. B) LANs and client/server systems are easier to control than centralized, mainframe systems. C) Many companies believe that protecting information is a strategic requirement. D) Computer control problems are often overestimated and overly emphasized by management.

10) A payroll clerk accidently entered an employee's hours worked for the week as 380 instead of 38. The data entry control that would best prevent this error would be A) a limit check. B) a check digit. C) batch total reconciliation. D) a field check.

10) A store policy that allows retail clerks to process sales returns for $500 or less, with a receipt dated within the past 30 days, is an example of A) general authorization. B) specific authorization. C) special authorization. D) generic authorization.

10) Information security procedures protect information integrity by A) preventing fictitious transactions. B) reducing the system cost. C) making the system more efficient. D) making it impossible for unauthorized users to access the system.

10) Payroll deductions fall into the broad categories of ________ and ________. A) payroll tax withholdings; voluntary deductions B) unemployment; social security taxes C) unemployment taxes; income taxes D) voluntary deductions; income taxes

10) What control would best mitigate the threat of paying an invoice twice? A) never authorizing payment of a photocopy of an invoice B) double-checking mathematical accuracy of invoices C) approval of purchase orders D) maintaining adequate perpetual inventory records

11 35) A computer operator accidentally used the wrong master file when updating a transaction file. As a result, the master file data is now unreadable. Which control could best have prevented this from happening? A) Internal header label B) validity check C) check digit D) parity check

11) According to the COSO Enterprise Risk Management Framework, the risk assessment process incorporates all of the following components except A) reporting potential risks to auditors. B) identifying events that could impact the enterprise. C) evaluating the impact of potential events on achievement of objectives. D) establishing objectives for the enterprise.

11) Which control would best prevent payments made to fictitious vendors? A) Allow payments only to approved vendors. B) Restrict access to any payment or approval documents. C) Have an independent bank reconciliation. D) Make sure all documents are in order before approving payments.

12 39) Modest Expectations Investment Services (MEIS) allows customers to manage their investments over the Internet. If customers attempt to spend more money than they have in their account, an error message is displayed. This is an example of a A) reasonableness test. B) field check. C) validity check. D) limit check.

12) The ________ is a legal contract that defines responsibility for goods that are in transit. A) bill of lading B) packing slip C) back order D) picking list

12) Which type of payroll report contains information such as the employees' gross pay, payroll deductions, and net pay in a multicolumn format? A) payroll register B) deduction register C) employee earnings statement D) federal W-4 form

13 50) The first major business activity in the expenditure cycle is A) ordering inventory, supplies, or services. B) a customer sale. C) shipping goods to customers. D) receiving goods from vendors.

13) Customers that send their payments electronically directly to the billing company's bank are using A) electronic funds transfer (EFT). B) electronic data interchange (EDI). C) procurement cards. D) an electronic lockbox.

13) Upon getting into your new car, you suddenly became worried that you might become injured in an auto accident. You decided to buckle your seat belt in response. You chose to ________ the risk of being injured in an auto accident. A) reduce B) share C) avoid D) accept

13) Virtualization refers to the ability of A) running multiple systems simultaneously on one physical computer. B) eliminating the need for a physical computer. C) using the Internet to perform all needed system functions. D) using web-based security to protect an organization.

14 4) ________ is a simple, yet effective, method for catching or preventing many types of employee fraud. A) Requiring all employees to take annual vacations B) Monitoring employee bank accounts and net worth C) Monitoring employee behavior using video cameras D) Explaining that fraud is illegal and will be severely punished to employees

14 55) Ideally, inventory purchases occur in response to ________ in a JIT inventory system. A) customer demand B) optimal demand C) forecast demand D) supplier demand

14) A way to incorporate the advantages of Electronic Data Interchange with the Electronic Funds Transfer is A) Financial Electronic Data Interchange. B) e-commerce. C) to use procurement cards. D) an electronic lockbox.

14) Upon getting into your new car, you suddenly became worried that you might become injured in an auto accident. In response, you decided to drive 5 miles under the speed limit. You chose to ________ the risk of being injured in an auto accident. A) reduce B) share C) avoid D) accept

15 59) MacDougalKids is a mid-sized manufacturer of organic baby food. MacDougalKids uses a JIT inventory management approach. Which of the following factors would likely be least important when selecting inventory suppliers? A) product price B) product quality C) vendor delivery dependability D) All would be equally important

15 6) A facility that is pre-wired for necessary telecommunications and computer equipment, but doesn't have equipment installed, is known as a A) cold site. B) hot site. C) remote site. D) subsidiary location.

15) The organization chart for Renata Corporation includes a controller and an information processing manager, both of whom report to the vice president of finance. Which of the following would be a control weakness? A) assigning the programming and operating of the computer system to an independent control group which reports to the controller B) providing for maintenance of input data controls by an independent control group which reports to the controller C) periodically rotating assignment of application processing among machine operators, who all report to the information processing manager D) providing for review and distribution of system-generated reports by an independent control group which reports to the controller

15) This network access control determines which IP packets are allowed entry to a network and which are dropped. A) access control list B) deep packet inspection C) stateful packet filtering D) static packet filtering

15) Which of the following is not a basic principle of the COSO ERM framework? A) Companies are formed to create value for society. B) Management must decide how much uncertainty it will accept to create value. C) Uncertainty results in risk. D) Uncertainty results in opportunity.

16 9) Whitewater Rapids provides canoes to tourists eager to ride Whitewater river's rapids. Management has determined that there is one chance in a thousand of a customer being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss with insurance? A) $50 B) $650 C) $50,000 D) $650,000

16) The largest differences between the COSO Integrated Control (IC) framework and the COSO Enterprise Risk Management (ERM) framework is A) IC is controls-based, while the ERM is risk-based. B) IC is risk-based, while ERM is controls-based. C) IC is required, while ERM is optional. D) IC is more applicable to international accounting standards, while ERM is more applicable to generally accepted accounting principles.

17 14) The maximum acceptable down time after a computer system failure is determined by a company's A) recovery time objective. B) recovery point objective. C) recovery objective. D) maximum time recovery objective.

17 17) Consider the following revenue cycle scenario: The company has been exposed to customer dissatisfaction and the suggested control procedure to be implemented is to install and use bar- code scanners. What is the threat? A) The company may be shipping the wrong merchandise. B) The company may be shipping the wrong quantities of merchandise. C) The company may be shipping orders to the wrong address. D) All of the above threats may apply to this scenario.

17) The document a customer returns with their payment and that identifies the source and the amount of the payment is called a A) remittance advice. B) remittance list. C) credit memorandum. D) debit memorandum.

17) The most efficient way to conceal asset misappropriation is to A) write-off a customer receivable as bad debt. B) alter monthly bank statements before reconciliation. C) alter monthly physical inventory counts to reconcile to perpetual inventory records. D) record phony payments to vendors.

17) Which of the following is generally not shown on a receiving report? A) price of the items B) quantity of the items C) purchase order number D) counted and inspected by

18) Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her second martini, she began expressing her feelings about her work environment. Recently, every employee of the firm was required to attend a sexual harassment workshop. The level of control that the company is using in this case is a(n) A) boundary system. B) diagnostic control system. C) interactive control system. D) belief system.

18) Separating the shipping and billing functions is designed to reduce the threat of A) failure to bill customers. B) billing customers for wrong quantities. C) billing customers before merchandise has been shipped. D) shipping the wrong merchandise.

19) The process that allows a firewall to be more effective by examining the data in the body of an IP packet, instead of just the header, is known as A) deep packet inspection. B) stateful packet filtering. C) static packet filtering. D) an intrusion prevention system.

19) When a customer pays off the balance on an invoice, the payment is credited to the ________ file. A) customer master B) sales transaction C) cash receipts master D) All of the above are correct.

2 5) A customer failed to include her account number on her check, and the accounts receivable clerk credited her payment to a different customer with the same last name. Which control could have been used to most effectively to prevent this error? A) closed-loop verification B) duplicate values check C) validity check D) reconciliation of a batch control total

2 7) It was 8:03 A.M. when Jiao Jan, the Network Administrator for South Asian Technologies, was informed that the intrusion detection system had identified an ongoing attempt to breach network security. By the time that Jiao had identified and blocked the attack, the hacker had accessed and downloaded several files from the company's server. Using the notation for the time-based model of security, in this case A) D > P B) P > D C) P > C D) C > P

2 8) Materials requirements planning (MRP) A) reduces the uncertainty about when materials are needed, thereby reducing the need to carry large levels of inventory. B) is able to compute exactly the cost of purchasing by taking into account all costs associated with inventory carrying. C) requires vendors to deliver inventory to the production site exactly when needed and in the correct quantities. D) None of the above is correct.

2) Comparing quantities on a vendor invoice to quantities on the receiving report would not prevent or detect which of the following situations? A) receiving and accepting inventory not ordered B) theft of inventory by receiving department employees C) update of wrong inventory items due to data entry error D) order for an excessive quantity of inventory

2) Perpetrators do not typically A) attempt to return or pay back stolen amounts soon after the initial theft, but find they are unable to make full restitution. B) use trickery or lies to gain the confidence and trust of others at the organization they defraud. C) become bolder and more greedy the longer the theft remains undetected. D) begin to rely on stolen amounts as part of their income.

2) The COSO Enterprise Risk Management Integrated Framework stresses that A) risk management activities are an inherent part of all business operations and should be considered during strategy setting. B) effective risk management is comprised of just three interrelated components; internal environment, risk assessment, and control activities. C) risk management is the sole responsibility of top management. D) risk management policies, if enforced, guarantee achievement of corporate objectives.

2) The following control can reduce the distribution of fraudulent paychecks. A) Have internal audit investigate unclaimed paychecks. B) Allow department managers to investigate unclaimed paychecks. C) Immediately mark "void" across all unclaimed paychecks. D) Match up all paychecks with time cards.

2) Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework? A) analyzing past financial performance and reporting B) providing sufficient resources to knowledgeable employees to carry out duties C) disciplining employees for violations of expected behavior D) setting realistic targets for long-term performance

2) Which of the following is not an example of the fraud triangle characteristic concerned with rationalization? A) revenge against the company B) intent to repay "borrowed" funds in the future C) sense of entitlement as compensation for receiving a lower than average raise D) belief that the company won't suffer because an insurance company will reimburse losses

2) Which of the following is the greatest risk to information systems and causes the greatest dollar losses? A) human errors and omissions B) physical threats such as natural disasters C) dishonest employees D) fraud and embezzlement

20 25) With regards to systems availability, deploying and using multiple components provides an AIS with A) fault tolerance. B) cost savings. C) enhanced processing speed. D) maximum sales.

20 8) Which of the following duties could be performed by the same individual without violating segregation of duties controls? A) approving accounting software change requests and testing production scheduling software changes B) programming new code for accounting software and testing accounting software upgrades C) approving software changes and implementing the upgraded software D) managing accounts payable function and revising code for accounting software to more efficiently process discount due dates on vendor invoices

20) Cancellation and storage of documents means A) documents are defaced and stored. B) documents are defaced before being shredded. C) cancellation data are copied from documents before they are stored. D) data are copied from a document and stored, after which the document is shredded.

20) Identify the statement below which is true. A) Cloud computing is a control technique for system availability. B) Cloud computing eliminates the need for backup of applications and data. C) Cloud computing eliminates the need for companies to own their own software and servers. D) Cloud computing refers to the practice of storing application files and backup data on satellites "in the clouds."

21 19) The management at Barks-a-Million is considering a new inventory control system. The current system is inadequate because it frequently causes stockouts that interrupt production and lead to excess stock of other materials — resulting in markdowns and high carrying costs. The new system will focus on reducing or completely eliminating carrying costs, most likely employing A) a just-in-time inventory system. B) a reorder point. C) materials requirements planning. D) the economic order quantity.

21) Anong Mali is the purchasing manager at Wattana Technologies. She has responsibility for reviewing and authorizing purchase orders. Receiving reports are prepared by shipping and receiving based on the relevant purchase order(s). Purchase orders, receiving reports, and vendor invoices are reconciled by accounts payable, which authorizes payment. Which of the following would correct control weaknesses related to these activities? A) Controls are adequate under the current system. B) Accounts payable should authorize purchase orders. C) Receiving reports should be reviewed and corrected by the purchasing manager. D) Vendor invoices should be reviewed by the purchasing manager to ensure that they are correct.

22 22) The receiving clerk at Wattana Technologies examines incoming shipments and reconciles their contents with the relevant purchase orders. A receiving report is then sent to accounts receivable and the vendor's invoice is approved for payment. Which of the following would correct control weaknesses related to these activities? A) Accounts payable should reconcile the purchase order and the receiving report. B) The invoice should be approved for payment by the shipping clerk after the purchase order and receiving report are reconciled. C) Invoices, purchase orders, and receiving reports should be reconciled by the receiving clerk. D) Controls are adequate under the current system.

23) A(n) ________ system posts an approved invoice to the vendor account and stores it in an open invoice file until payment is made by check. A) nonvoucher B) voucher C) cycle D) evaluated receipt settlement

23) The activities involved in soliciting and processing customer orders within the revenue cycle are known as the A) sales order entry process. B) shipping order process. C) revenue process. D) marketing process.

23) The most common input-related vulnerability is A) buffer overflow attack. B) hardening. C) war dialing. D) encryption.

23) The receiving clerk at Wattana Technologies examines incoming shipments and checks their purchase order numbers. A receiving report is then sent to accounts payable, where it is reconciled with the relevant purchase orders and invoices and payment is authorized. Which of the following would correct control weaknesses related to the clerk's activities? A) Controls are adequate under the current system. B) Vendor invoices should be approved for payment by the purchasing manager. C) Purchase orders and receiving reports should be reconciled by the purchasing manager. D) Vendor invoices should be approved for payment by the shipping clerk after the purchase order and receiving report are reconciled.

23) What is the primary objective of ensuring systems and information are available for use whenever needed? A) to minimize system downtime B) to minimize system expense C) to maximize system processing speed D) to maximize sales

24) Direct deposit of employee paychecks is one way an organization can improve efficiency and reduce payroll-processing costs. Which statement regarding direct deposit is false? A) The cashier does not authorize the transfer of funds from the organization's checking account to a payroll checking account. B) The cashier does not have to sign employee paychecks. C) Employees who are part of a direct deposit program receive a copy of their paycheck indicating the amount deposited. D) Employees who are part of a direct deposit program receive an earnings statement on payday rather than a paper check.

24) Laz Chance wears roller blades and headphones when he is at work at the Squishy Things Toy Company. He is a product packer. The headphones give him computer-generated instructions so he knows the location of each item and quantity that should be included in the order. These instructions are the equivalent of a A) picking ticket. B) bill of lading. C) packing slip. D) sales order.

24) Which of the below keeps a record of the network traffic permitted to pass through a firewall? A) intrusion detection system B) vulnerability scan C) log analysis D) penetration test

25 5) To ensure compliance with copyrights and to protect itself from software piracy lawsuits, companies should ________. A) periodically conduct software audits B) update the operating system frequently C) buy software from legitimate suppliers D) adopt cloud operating platforms

26 33) What is the main reason a list of potential alternative suppliers be maintained? A) in case the primary supplier is out of stock B) so the firm can sample different suppliers C) in case the primary supplier is more expensive D) to segregate purchasing suppliers

26) This determines if characters are of the proper type. A) field check B) alpha-numeric check C) range check D) reasonableness test

27 1) Perhaps the most striking fact about natural disasters in relation to AIS controls is that A) many companies in one location can be seriously affected at one time by a disaster. B) losses are absolutely unpreventable. C) there are a large number of major disasters every year. D) disaster planning has largely been ignored in the literature.

27) A payroll clearing account is used to A) check the accuracy of payroll costs. B) speed up payroll transaction processing. C) reduce the transaction costs associated with payroll transaction processing. D) eliminate the need to manually record payroll transactions.

27) A well-known hacker started his own computer security consulting business shortly after being released from prison. Many companies pay him to attempt to gain unauthorized access to their network. If he is successful, he offers advice as to how to design and implement better controls. What is the name of the testing for which the hacker is being paid? A) penetration test B) vulnerability scan C) deep packet inspection D) buffer overflow test

28) Which of the following is a key control regarding the minimization of system downtime? A) fault tolerance B) disaster recovery plans C) backup procedures D) all of the above

29) When purchasing miscellaneous supplies, companies can reduce costs, improve efficiency, and combat employee fraud by A) using procurement cards. B) implementing a JIT inventory system. C) requiring employees to personally purchase items then reimbursing employees at the end of each month. D) paying amounts out of petty cash.

3) Which of the following would probably be the least effective control to mitigate the risk of paying a phony invoice payable for inventory purchases that were never made? A) Only pay from original invoices. B) Require three-way match for all inventory purchase invoices. C) Cancel all invoices and supporting documentation when paid. D) Establish strict access and authorization controls for the approved vendor master file.

3) Why is computer fraud often much more difficult to detect than other types of fraud? A) because massive fraud can be committed in only seconds, leaving little-to-no evidence B) because most perpetrators invest their illegal income rather than spend it, concealing key evidence C) because most computer criminals are older and more cunning than perpetrators of other types of fraud D) because perpetrators usually only steal very small amounts of money at a time, requiring a long period of time to pass before discovery

30) The accounts receivable clerk destroys all invoices for sales made to family and friends and does not record the sales in the accounts receivable subsidiary ledgers. The family and friends usually give the clerk cash as a "thank you." Which procedure will not prevent or detect this fraud? A) Send monthly statements to all customers with balances owed. B) Reconcile sales invoices in the billing department to the total debits to accounts receivable subsidiary ledgers. C) Sequentially prenumber all invoices and prepare a sequence check at the end of each day. D) Reconcile the accounts receivable control account to the accounts receivable subsidiary ledger.

32) Noseybook is a social networking site that boasts over a million registered users and a quarterly membership growth rate in the double digits. As a consequence, the size of the information technology department has been growing very rapidly, with many new hires. Each employee is provided with a name badge with a photo and embedded computer chip that is used to gain entry to the facility. This is an example of a(n) A) authentication control. B) biometric device. C) remote access control. D) authorization control.

34) A growing number of companies require some of their upper level executives to spend time performing job duties of rank-and-file employees. When the CEO of Loews Hotels assumed the role of bellman, he discovered A) that the company's polyester uniform caused him to sweat a great deal. B) evidence of fraud in several hotel locations. C) instances where company employees fell asleep on the job. D) situations where employees were not treating customers properly.

34) If a firm does not use an ERP, the best way to mitigate the risk of the destruction of master data is to A) implement backup and disaster recovery procedures. B) use an ERP. C) proper segregation of duties. D) use of multiple master data files.

35) Ngai Nhung is the sales manager at Hung Technologies. At lunch with the company CEO, Ngai complained that a recent shipment from a vendor had been unsatisfactory and was returned. As a result, Hung's purchasing manager needed to send a ________ to the supplier. A) debit memo B) purchase order C) blanket purchase order D) receiving report

37) This control protects records from errors that occur when two or more users attempt to update the same record simultaneously. A) concurrent update controls B) cross-footing balance test C) data conversion controls D) recalculation of batch totals

38) Accountants can help executive compensation plan boards A) comply with legal and regulatory requirements. B) by identifying the best ways to keep the details of compensation plans out of the hands of external parties. C) avoid paying excessive amounts of "perks" to executives. D) distribute information regarding how well each executive is performing their job.

38) Modest Expectations Investment Services (MEIS) allows customers to manage their investments over the Internet. If customers attempt to sell more shares of a stock than they have in their account, an error message is displayed. This is an example of a A) reasonableness test. B) field check. C) validity check. D) limit check.

39) Form 941 A) is filed each quarter to reconcile monthly tax payments with total tax liability for the quarter. B) is used in preparing labor-related reports for government agencies. C) is used for employee information and annual payroll reports. D) is used to document compliance with applicable regulations.

39) Restricting access to the approved supplier list can A) help reduce the risk of fraudulent disbursements. B) cause purchase order approval delays. C) eliminate the risk of duplicate payment. D) improve the efficiency of the expenditure cycle.

4) A monthly statement sent to customers serves a control purpose by A) providing an opportunity for customers to verify the balance owed and activity on the account. B) triggering the process to record a customer payment. C) summarizing invoices and amounts due for customers. D) reminding customers of the balance due and due date.

4) According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for A) hiring and firing the external auditors. B) performing tests of the company's internal control structure. C) certifying the accuracy of the company's financial reporting process. D) overseeing day-to-day operations of the internal audit department.

4) Regularly reviewing an accounts receivable aging report can help management do what? A) spot firms who are falling behind in their payments B) identify customers who have not purchased anything lately C) improve the speed which customers make payments D) determine whether the firm's pricing policy is effective

4) SAS No. 99 requires that auditors A) plan audits based on an analysis of fraud risk. B) detect all material fraud. C) alert the Securities and Exchange Commission of any fraud detected. D) take all of the above actions.

4) Which of the following is not a management characteristic that increases pressure to commit fraudulent financial reporting? A) close relationship with the current audit engagement partner and manager B) pay for performance incentives based on short-term performance measures C) high management and employee turnover D) highly optimistic earnings projections

47) For strongest segregation of duties, the credit manager should never report to A) the marketing department. B) the accounting department. C) the credit department. D) the IT department.

5 11) The data entry control that would best prevent entering an invoice received from a vendor who is not on an authorized supplier list is A) a validity check. B) an authorization check. C) a check digit. D) closed-loop verification.

5 2) Verifying the identity of the person or device attempting to access the system is an example of A) authentication. B) authorization. C) identification. D) threat monitoring.

5) Knowledge management systems (KMS) permit organizations to A) store employee solutions to specific problems in a shared database. B) learn from individuals external to the organization. C) perform background checks on potential employees. D) gain competitive business intelligence on competitors.

5) Researchers have compared the psychological and demographic characteristics of white-collar criminals, violent criminals, and the general public. They found that A) few differences exist between white-collar criminals and the general public. B) white-collar criminals eventually become violent criminals. C) most white-collar criminals invest their illegal income rather than spend it. D) most white-collar criminals are older and not technologically proficient.

51) The most important element of any preventive control is A) the people. B) the performance. C) the procedure(s). D) the penalty.

54) Although there are some similarities between JIT and MRP, identify one major difference below. A) production scheduling B) reducing the opportunity for inventory theft C) reducing inventory carrying costs D) requires more analysis than EOQ

56) A JIT inventory system would be especially useful for a company that manufactures A) toys associated with new movie releases. B) toothpaste. C) alarm clocks. D) motor oil.

6 15) A validity check is an example of A) a data entry control. B) an output control. C) a data transmission control. D) an input control.

6 25) The employer pays a portion of some payroll taxes and employee benefits. Both the employee and employer pay which benefit or tax listed below? A) social security taxes B) federal income taxes C) state income taxes D) none of the above

6) Evaluated receipt settlement approves payment of vendor invoices after reconciling the purchase order and the A) receiving report. B) vendor invoice. C) sales invoice. D) disbursement voucher.

6) For recording time spent on specific work projects, manufacturing companies usually use a A) job time ticket. B) time card. C) time clock. D) labor time card.

6) The fraud that requires the least computer knowledge or skill involves A) altering or falsifying source data. B) unauthorized use of computers. C) tampering with or copying software. D) forging documents like paychecks.

7 19) A batch total is an example of which control below? A) data entry control B) data transmission control C) processing control D) output control

7 9) Identify the statement below that is not true of the 2013 COSO Internal Control updated framework. A) It more efficiently deals with control implementation and documentation issues. B) It more effectively deals with control implementation and documentation issues. C) It provides users with more precise guidance. D) It adds many new examples to clarify the framework concepts.

7) Suppose management wanted to increase the speed of processing customer payments. One way to speed up payment transaction processing is to A) use a FEDI. B) use JEDI analysis software. C) eliminate credit sales. D) extend the amount of credit offered to customers.

7) What agency did the United States create to use cyber weapons and to defend against cyber attacks? A) U.S. Cyber Command B) Department of Network Security C) Department of Cyber Defense D) Department of Technology Strategy

7) When a computer system's files are automatically duplicated on a second data storage system as they are changed, the process is referred to as A) real-time mirroring. B) batch updating. C) consistency control. D) double-secure storage.

7) When a customer places an order (on account) for a certain product, what should be done before the order is checked for inventory availability? A) The customer's available credit should be checked. B) The sales order should be created and written to a file. C) Shipping should be notified of an order in process. D) A picking list should be generated for the warehouse.

8 32) The Gwallter Reece Chihuahua Sweater Co. (GRCCo) was established in 2013. It recently signed a large contract with PetCo pet stores. GRCCo will be required to track and forecast sweater sales. The technology that is used for communication between GRCCo and PetCo is A) electronic data interchange. B) vendor-managed inventory. C) sales force automation. D) optical character recognition.

8) Downloading a master list of customers and selling it to a competitor is an example of A) data fraud. B) output theft. C) download fraud. D) fraudulent financial reporting.

8) During the sales order entry process, a ________ is performed to verify that each transaction record contains all appropriate data items. A) completeness test B) redundant data check C) field check D) reasonableness test

8) Identify the item below that is not a desired result of an employee bonus systems. A) Employees may recommend unnecessary services to customers in order to exceed set sales quotas and earn a bonus. B) Employees may look for ways to improve service. C) Employees may analyze their work environment and find ways to cut costs. D) Employees may work harder and may be more motivated to exceed target goals to earn a bonus.

8) Multi-factor authentication A) involves the use of two or more basic authentication methods. B) is a table specifying which portions of the systems users are permitted to access. C) provides weaker authentication than the use of effective passwords. D) requires the use of more than one effective password.

8) Which of the following fraudulent acts generally takes most time and effort? A) lapping accounts receivable B) selling stolen inventory to get cash C) stealing inventory from the warehouse D) creating false journal entries to overstate revenue

8) Which type of control is associated with making sure an organization's control environment is stable? A) general B) application C) detective D) preventive

9 18) The process of maintaining a table listing all established connections between the organization's computers and the internet to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer is known as A) stateful packet filtering. B) deep packet inspection. C) access control list. D) static packet filtering.

9 36) To minimize the number of checks that need to be written to pay vendor invoices, a company should use A) a voucher system. B) a just-in-time inventory system. C) a nonvoucher system. D) an evaluated receipt settlement system.

9) A copy of a database, master file, or software that will be retained indefinitely as a historical record is known as a(n) A) archive. B) cloud computing. C) differential backup. D) incremental backup.

9) All of the following are controls that should be implemented in a payroll process, except A) supervisors distribute paychecks since they should know all employees in their department. B) someone independent of the payroll process should reconcile the payroll bank account. C) sequential numbering of paychecks and accounting for the numbers. D) restrict access to blank payroll checks and documents.

9) In many cases of fraud, the ________ takes more time and effort than the ________. A) concealment; theft B) theft; concealment C) conversion; theft D) conversion; concealment

9) ________ attempts to minimize or eliminate carrying and stockout costs. A) Just-in-time inventory B) Materials requirements planning C) Economic order quantity D) Evaluated receipt settlement

: Reflective Thinking 7) The purpose of a general ledger payroll clearing account is A) to check the accuracy and completeness of payroll recording and its allocation to cost centers. B) to make the bank reconciliation easier. C) to make sure that all employees are paid correctly each week. D) to prevent the cashier from having complete control of the payroll cycle.

15 39) On April 1, 2012, students enrolled in an economics course at Harvard University received an e-mail stating that class would be cancelled. The e-mail claimed to be from the professor, but it wasn't. Computer forensic experts determined that the e-mail was sent from a computer in one of the campus labs at 6:32 A.M. They were then able to uniquely identify the computer that was used by means of its network interface card's ________ address. Security cameras revealed the identity of the student responsible for spoofing the class. A) IDS B) TCP/IP C) MAC D) DMZ

15) An effective way an organization can eliminate paper paychecks while maintaining adequate accounting records is to A) pay in cash only. B) pay with money orders. C) use direct deposit. D) use Electronic Funds Transfer.

15) Duc An Incorporated provides free coffee to employees. Starbucks delivers coffee packages, sugar, creamer, and filters each week. Every month, Starbucks sends Duc An an invoice. This arrangement is best described as a A) set purchase order. B) fixed purchase order. C) blanket purchase order. D) standard purchase order.

16 10) While this type of backup process takes longer than the alternative, restoration is easier and faster. A) archive B) cloud computing C) differential backup D) incremental backup

16) Which of the following will limit a firm's potential loss exposure from paycheck forgery? A) segregation of check distribution from payroll duties B) prompt redeposit of unclaimed paychecks C) a separate payroll bank account D) direct deposit of checks

17 12) As a result of an internal risk assessment, Allstate Insurance decided it was not profitable to provide hurricane insurance in the state of Florida. Allstate apparently chose to ________ the risk of paying hurricane claims in Florida. A) reduce B) share C) avoid D) accept

17) A user review an example of A) a data entry control. B) a data transmission control. C) an output control. D) a processing control.

17) Petty cash is disbursed by the Manuela Luisina in the Cashier's Office. Manuela also maintains records of disbursements, places requests to the Finance Department to replace expended funds, and periodically reconciles the petty cash balance. This represents a(n) ________ segregation of duties. A) ideal B) effective C) ineffective D) limited

17) Which organization provides payroll processing as well as other HRM services, like employee benefit design and administration? A) title companies B) payroll service bureau C) professional employer organization D) paycheck distribution companies

18 17) The accounting department at Aglaya Telecom records an average of 5,000 transactions per hour. By cost-benefit analysis, managers have concluded that the maximum acceptable loss of data in the event of a system failure is 50,000 transactions. The firm's recovery point objective is therefore A) 50,000 transactions. B) 5,000 transactions. C) 10 hours. D) 4 hours.

18 8) What is the best way to prevent the acceptance of goods that were never ordered? A) Order only from approved vendors. B) Enforce an appropriate conflict of interest policy in place. C) Match the packing slip to a purchase order before accepting delivery. D) Require specific authorization from the purchasing manager before accepting any goods.

18) In the ________ method of tracking accounts receivable, customers pay according to the amount showing on their monthly statement and payments are applied against the total account balance. A) specific identification B) open-invoice C) balance forward D) remittance advice

18) The management at Barks-a-Million is considering a new inventory control system. The current system is inadequate because it frequently causes stockouts that interrupt production and lead to excess stock of other materials — resulting in markdowns and high carrying costs. The new system, which will focus on forecasting demand for Sad Clown's products, will likely employ A) a just-in-time inventory system. B) the economic order quantity. C) materials requirements planning. D) a reorder point.

19) Many companies offer their employees a "cafeteria" approach to voluntary benefits in which employees can pick and choose the benefits they want. This plan is normally called a(n) A) elective plan. B) menu options benefit plan. C) flexible benefit plan. D) buffet plan.

19) The Director of Information Technology for the city of Tampa, Florida formed a company to sell computer supplies and software. All purchases made on behalf of the City were made from her company. She was later charged with fraud for overcharging the City, but was not convicted by a jury. The control issue in this case arose because the Director had both ________ and ________ duties. A) custody; authorization B) custody; recording C) recording; authorization D) management; custody

2) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Cash is counted and compared with the number of tickets sold. Which of the following situations does this control detect? A) Some customers presented tickets purchased on a previous day when there wasn't a ticket taker at the theater entrance (so the tickets didn't get torn.) B) A group of kids snuck into the theater through a back door when customers left after a show. C) The box office cashier accidentally gives too much change to a customer. D) The ticket taker admits his friends without tickets.

2) Best Friends, Incorporated is a publicly traded company where three BFF's (best friends forever) serve as its key officers. This situation A) is a violation of the Sarbanes-Oxley Act. B) violates the Securities and Exchange Act. C) increases the risk associated with an audit. D) must be changed before your audit firm could accept the audit engagement.

2) The ________ normally triggers the billing process in the revenue cycle. A) sales order received from the sales department B) picking ticket received from the sales department C) packing slip received from the shipping department D) journal voucher received from the shipping department

2) Which of the following is not a principle related to information and communicating in the updated COSO Integrated Control framework? A) Communicate relevant internal control matters to external parties. B) Obtain or generate relevant, high-quality information to support internal control. C) Surround internal control processes with information technology that enables discrepancies to be identified. D) Internally communicate the information necessary to support the other components of internal control.

2) Which of the following will not reduce the likelihood of an occurrence of fraud? A) encryption of data and programs B) use of forensic accountants C) adequate insurance coverage D) required vacations and rotation of duties

20 16) The management at Barks-a-Million is considering a new inventory control system. The current system is inadequate because it frequently causes stockouts that interrupt production and lead to excess stock of other materials — resulting in markdowns and high carrying costs. The new system will focus on ensuring that these costs are minimized. The new inventory control system will likely employ A) a reorder point. B) a just-in-time inventory system. C) the economic order quantity. D) materials requirements planning.

20) Pay rate information should be stored in A) employees' personnel files. B) employee subsidiary ledgers. C) the payroll master file. D) electronic time cards.

21 31) Which of the following poses an internal control problem? A) Physical inspection of inventory quantity and condition is outsourced to a firm that specializes in this service. B) Products are released from inventory after a warehouse employee and a shipping clerk both sign the pick list. C) Sales representatives have authority to increase customers' credit limits in $1,000 increments. D) When customer payments are received in the mail, checks are sent to the cashier's office and remittance advices are sent to the accounts receivable department.

22 16) Which of the following is an independent check on performance? A) The Purchasing Agent physically reviews the contents of shipments and compares them with the purchase orders he has placed. B) Production teams perform quality evaluations of the products that they produce. C) The General Manager compares budgeted amounts with expenditure records from all departments. D) Petty cash is disbursed by Fred Haynes. He also maintains records of disbursements, places requests to finance to replace expended funds, and periodically reconciles the petty cash balance.

22 33) Which of the following is incorrect with regards to a data archive? A) Archives can be a copy of a database. B) Archives should be stored in different locations. C) Archives are usually encrypted. D) Physical and logical controls are the primary means of protecting archive files.

23) As each payroll transaction is processed, the system should also A) allocate labor costs to appropriate general ledger accounts B) use cumulative totals generated from a payroll to create a summary journal entry to be posted to the general ledger C) both A and B above D) The HRM system should not perform either activity A or B.

25) The shipping department at Eka Toys follows policies that determine which carrier will deliver orders according to the size, weight, and destination of the shipment. It maintains standing agreements with shippers that specify legal responsibility for the shipment while it is in transit. The terms of the shipping agreements are documented on A) picking tickets. B) packing slips. C) bills of lading. D) RFID tags.

25) Using financial incentives requires organizations to A) pay employees less than they would have to if pay was a fixed salary. B) better monitor employee attendance. C) link the payroll system to other cycles to calculate incentive payments. D) better monitor employee effort.

26) Source data automation is often effective in reducing A) unintentional errors. B) intentional errors. C) accuracy. D) theft.

28) The ________ disseminates information about fraud, errors, breaches and other improper system uses and their consequences. A) chief information officer B) chief operations officer C) chief security officer D) computer emergency response team

29) This batch processing data entry control sums a non-financial numeric field. A) record count B) financial total C) hash total D) sequence check

3 11) Identify one aspect of systems reliability that is not a source of concern with regards to a public cloud. A) confidentiality B) privacy C) efficiency D) availability

3) "Cooking the books" is typically accomplished by all the following except A) overstating inventory. B) accelerating recognition of revenue. C) inflating accounts payable. D) delaying recording of expenses.

3) Following is the result of batch control totals on employee Social Security numbers in a payroll processing transaction: Correct Values From Masterfile V alues Entered During Processing 487358796 487358796 534916487 534916487 498374526 498374526 514873420 514873420 534196487 534916487 678487853 678487853 471230589 471230589 3719438158 3720158158 The difference in the control totals is 720,000. Which data entry control would best prevent similar data entry errors in the future? A) Modules 11 B) validity check C) check digit D) sequence check

3) Kuzman Jovan called a meeting of the top management at Jovan Capital Management. Number one on the agenda was computer system security. "The risk of security breach incidents has become unacceptable," he said, and turned to the Chief Information Officer. "What do you intend to do?" Which of the following is the best answer? A) Evaluate and modify the system using COBOL. B) Evaluate and modify the system using the CTC checklist. C) Evaluate and modify the system using the Trust Services framework D) Evaluate and modify the system using the COSO Internal Control Framework.

3) The audit committee of the board of directors A) is usually chaired by the CFO. B) conducts testing of controls on behalf of the external auditors. C) provides a check and balance on management. D) does all of the above.

3) The traditional approach to inventory management to ensure sufficient quantity on hand to maintain production is known as A) safety stock. B) just-in-time production. C) economic order quantity. D) optimal inventory quantity.

3) Which of the following is generally not a major sourcey : of input to a payroll system? A) payroll rate changes B) time and attendance data C) checks to insurance and benefits providers D) withholdings and deduction requests from employees

30) Identify one way to improve the accuracy of inventory records that use a perpetual inventory approach A) use of an ERP system B) require the accounting department to calculate cost of goods sold periodically C) use IT to eliminate the need for manual data entry D) use of an MRP inventory system

30) If available, a 1% discount for payment within 10 days instead of 30 days represents an approximate savings of ________% annually. A) 1 B) 12 C) 18 D) 36

30) When I enter a correct customer number, the data entry screen displays the customer name and address. This is an example of A) prompting. B) preformatting. C) closed-loop verification. D) error checking.

31) Falk Noam is the internal auditor for Matan Incorporated. Before investigating the HRM / payroll cycle at Matan, Falk decided to read up on the proper segregation of duties regarding payroll disbursement processes. For strongest segregation of duties, the ________ should periodically observe the paycheck distribution process. A) accounts payable department B) cashier C) internal audit department D) external auditor

31) Is it best practice for an organization to practice periodically restoring a system from its backup files? A) No, doing so might introduce errors into the system's data. B) No, doing so takes the system offline and prevents customers from being able to access the system. C) Yes, doing so verifies the procedure and backup media are working correctly. D) Yes, doing so improves the efficiency of the system.

32) The least effective control for preventing an organization from processing fraudulent credit memo is to A) match each credit memo with a receiving report. B) require approval for each credit memo by the credit manager. C) reconcile total of credit memos to total debits posted to customers' subsidiary ledgers. D) sequentially prenumber all credit memos and perform a sequence check at the end of each day.

34) Ngai Nhung is the sales manager at Hung Technologies. At lunch with the company CEO, Ngai proudly announced that he had received a ________ from a client. The client had just requested a large quantity of components from Hung. A) blanket purchase order B) voucher C) purchase order D) purchase requisition

34) What control are file labels an example of? A) data entry controls B) output controls C) processing controls D) source data controls

35) Information technology managers are often in a bind when a new exploit is discovered in the wild. They can respond by updating the affected software or hardware with new code provided by the manufacturer, which runs the risk that a flaw in the update will break the system. Or they can wait until the new code has been extensively tested, but that runs the risk that they will be compromised by the exploit during the testing period. Dealing with these issues is referred to as A) change management. B) hardening. C) patch management. D) defense in depth.

36) Identify one organization that quickly recovered from September 11th, 2001 due to its disaster recovery and business continuity plan. A) New York Stock Exchange B) NASDAQ C) New York Fire Department D) United Airlines

36) Sonja Greer called the IT Help Desk in a bad mood. "I'm trying to open an Excel file, but I get a message that says that the file is locked for editing. Why is this happening to me?" The answer is likely that A) the file is corrupted due to a computer virus. B) Sonja probably opened the file as read-only. C) concurrent update controls have locked the file. D) there is no problem. Sonja is editing the file, so it is locked.

37) The most effective way to protect network resources that are exposed to the internet, yet reside outside of a network is A) a firewall. B) employee training. C) a demilitarized zone. D) stateful packet filtering.

38) All employees of E.C. Hoxy are required to pass through a gate and present their photo identification cards to the guard before they are admitted. Entry to secure areas, such as the Information Technology Department offices, requires further procedures. This is an example of a(n) A) authentication control. B) authorization control. C) physical access control. D) hardening procedure.

39) Procurement cards differ from corporate credit cards in which of the following ways? A) Credit limits can be set for procurement cards, but not corporate credit cards. B) Credit cards can be used to make purchases without an explicit sign off by supervisors, but procurement cards require a sign off. C) Procurement cards can only be used with approved vendors, but credit cards can be used anywhere. D) Procurement card invoices are sent separately for each card, whereas corporate credit cards are consolidated into a single invoice.

39) Research suggests which of the following is key to improving total customer satisfaction? A) price of product B) speed of shipping C) quality and nature of customer contact after the sale D) quality and nature of customer contact before the sale

4 16) A major cost in the purchasing function is the number of purchase orders processed. One technique that may reduce purchasing-related expenses is to have suppliers compete with each other to meet demand at the lowest price. The name of this technique is A) an EDI auction. B) a trading exchange. C) a reverse auction. D) a supplier consortium.

4) A disaster recovery plan typically does not include A) scheduled electronic vaulting of files. B) backup computer and telecommunication facilities. C) a system upgrade due to operating system software changes. D) uninterruptible power systems installed for key system components.

4) The most vital control in preventing unauthorized changes to the payroll master file is A) hiring totally honest people to access and make changes to this file. B) segregation of duties between the preparation of paychecks and their distribution. C) segregation of duties between the authorization of changes and the physical handling of paychecks. D) having the controller closely review and then approve any changes to the master file.

41) This control entails verifying that the proper number of bits are set to the value 1 in each character received. A) echo check B) field check C) parity check D) trailer record

42) The packing slip A) lists the quantity, price, and description of each item included in the shipment. B) lists the price and description of each item included in the shipment. C) lists the quantity and description of each item included in the shipment. D) lists the quantity and price of each item included in the shipment.

47) A demilitarized zone A) routes electronic communications within an organization. B) connects an organization's information system to the Internet. C) permits controlled access from the Internet to selected resources. D) serves as the main firewall.

47) Once a purchase request is approved, what is the next step? A) The system creates a purchase order. B) The accounts payable department approves the purchase request, creating a purchase order. C) The inventory master file is accessed to find the preferred supplier(s). D) The department that created the purchase request may buy the requested item(s).

48) For strongest segregation of duties, a sales representative should never be allowed to A) discuss the company's products. B) negotiate the sales price. C) approve a sale on credit. D) send a customer a gift.

5) According to generally accepted accounting principles, a sale is recognized when A) cash is received from the customer. B) inventory is removed from the warehouse. C) inventory becomes the legal property of the customer. D) a sales order is approved by sales, inventory control, and credit departments.

5) Identify the statement below which is true. A) Requiring two signatures on checks over $20,000 is an example of segregation of duties. B) Although forensic specialists utilize computers, only people can accurately identify fraud. C) Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of Enterprise Risk Management processes. D) Re-adding the total of a batch of invoices and comparing the total with the first total you calculated is an example of an independent check.

5) Intentional or reckless conduct that results in materially misleading financial statements is called A) financial fraud. B) misstatement fraud. C) fraudulent financial reporting. D) audit failure fraud.

50) Why does COBIT5 DSS-05.06 stress the importance of restricting physical access to network printers? A) because hackers can use them to print out sensitive information B) because hackers often hide inside large network printers until night C) because document images are often stored on network printers D) because network printers are easier to hack into than computers

58) MacDougalKids is a mid-sized manufacturer of organic baby food. MacDougalKids uses the EOQ inventory management approach. Which of the following factors would likely be least important when selecting inventory suppliers? A) product price B) product quality C) vendor delivery dependability D) All would be equally important.

6) Internal control is often referred to as a(n) ________, because it permeates an organization's operating activities and is an integral part of management activities. A) event B) activity C) process D) system

6) The first step of the risk assessment process is generally to A) identify controls to reduce all risk to zero. B) estimate the exposure from negative events. C) identify the threats that the company currently faces. D) estimate the risk probability of negative events occurring.

6) Which control would be most appropriate to address the problem of inaccurate payroll processing? A) encryption B) direct deposit C) cross-footing of the payroll register D) an imprest payroll checking account

6) Which electronic files are either read or updated when goods are ordered from a vendor? A) inventory, vendors, and accounts payable B) vendors and accounts payable C) inventory, vendors, and open purchase orders D) open purchase orders and accounts payable

6) ________ is not a basic activity of the revenue cycle. A) Sales order entry B) Shipping C) Receiving D) Billing

7 10) Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security? A) training B) controlling physical access C) controlling remote access D) host and application hardening

7) The SEC and FASB are best described as external influences that directly affect an organization's A) hiring practices. B) philosophy and operating style. C) internal environment. D) methods of assigning authority.

7) Which of the following is not an example of something monitored by a responsibility accounting system? A) budgets B) quotas C) vendor analysis D) quality standards

7) Why was the original 1992 COSO - Integrated Control framework updated in 2013? A) Congress required COSO to modernize. B) U.S. stock exchanges required more disclosure. C) to more effectively address technological advancements D) to comply with International accounting standards

8) A "zero balance check" refers to which of the following control procedures? A) a type of batch total B) cross-footing the payroll register C) the payroll clearing account shows a zero balance once all entries are posted D) trial balance showing that debits equal credits

8) Which attribute below is not an aspect of the COSO ERM Framework internal environment? A) enforcing a written code of conduct B) holding employees accountable for achieving objectives C) restricting access to assets D) avoiding unrealistic expectations

9) All of the following are required for an act to be legally classified as fraudulent except A) a falsehood is made. B) about a material fact. C) to inflict pain. D) resulting in a financial loss.

9) Identify a party below who was involved with developing the Trust Services Framework. A) FASB B) United States Congress C) AICPA D) IMA

9) Which of the following is not a common control for ensuring inventory is secure and inventory counts are accurate? A) control of physical access to the inventory storage areas B) transfers of inventory with proper documentation C) sending "blind" copies of purchase orders to inventory control for data entry D) making physical counts of inventory at least once per year

9) Which of the following is not a way to make fraud less likely to occur? A) Adopt an organizational structure that minimizes the likelihood of fraud. B) Create an organizational culture that stresses integrity and commitment to ethical values. C) Create an audit trail so individual transactions can be traced. D) Effectively supervise employees.

30) Why are accurate cumulative earnings records important?

Accurate records of cumulative earnings are necessary because social security and other deductions have maximum earnings amounts upon which taxes are paid; and the appropriate amount of income and payroll taxes should be remitted to the government agencies. At the end of each calendar year, businesses must prepare and mail summary earnings statements to every employee with earnings that year.

1 21) In a revenue cycle with proper controls, the ________ who reports to the ________, is not involved in any cash handling activities. A) accounts receivable clerk; treasurer B) accounts receivable clerk; controller C) cashier; controller D) cashier; treasurer

1 4) Economic Order Quantity (EOQ) includes several variables that must be taken into consideration when calculating the optimal order size. One variable, the costs associated with holding inventory, is referred to as A) ordering costs. B) carrying costs. C) the reorder point. D) stockout costs.

1) Basic segregation of duties requires the credit manager reports to the ________ and the treasurer report to the ________. A) treasurer; controller B) treasurer; vice president of finance C) controller; vice president of finance D) marketing manager; vice president of finance

1) What is the most effective way to ensure information system availability? A) high bandwidth B) maintain a hot site C) maintain a cold site D) frequent backups

1) Which of the decisions below is not ordinarily found as part of the revenue cycle? A) What credit terms should be offered? B) How often should accounts receivable be subjected to audit? C) How can customer payments be processed to maximize cash flows? D) What are the optimal prices for each product or service?

10 22) The process of turning off unnecessary features in the system is known as A) deep packet inspection. B) hardening. C) intrusion detection. D) war dialing.

10 40) A picking ticket is generated by the A) shipping process. B) sales order entry process. C) packing process. D) billing process.

10) A neural network is a software program that has A) the ability to read text. B) the ability to learn. C) the capability to extract information from an individual's brain. D) the capability to inject information into an individual's brain.

10) Checking the quantity of inventory available before accepting a sales order is a good practice for all of the reasons except to A) determine which items may need to be back ordered. B) verify the accuracy of the perpetual inventory records. C) inform the customer about availability and delivery times. D) update inventory records to reduce the quantity available by the number of items ordered.

10) Just-In-Time (JIT) inventory is best characterized by A) frequent deliveries of large quantities to be held at the work centers. B) frequent deliveries of smaller quantities of items to the work centers. C) less frequent deliveries of large quantities of goods to central receiving. D) infrequent bulk deliveries of items directly to work centers.

10) The primary purpose of the Foreign Corrupt Practices Act of 1977 was A) to require corporations to maintain a good system of internal control. B) to prevent the bribery of foreign officials by American companies. C) to require the reporting of any material fraud by a business. D) All of the above are required by the act.

11) An accounting policy that requires a purchasing manager to sign off on all purchases over $5,000 is an example of A) general authorization. B) specific authorization. C) special authorization. D) generic authorization.

11) Special software packages called ________ can help an organization manage customer service. A) EDI systems B) CRM systems C) POS systems D) VMI systems

11) The benefits of a lockbox arrangement with a bank are maximized when A) the bank is located nearby to the company, so remittance advices can be delivered to the company every day. B) several banks around the country are used, in order to minimize the time payments spend in the mail. C) an arrangement is made with only one bank, so all remittance advices can be batched for processing. D) the bank deposits the payments and accesses the customer's information system to record the payments.

11) Which of the following is not classified as a voluntary deduction? A) pension plan contributions B) social security withholdings C) insurance premiums D) deductions for a charity organization

13 43) Which of the following is an example of a turnaround document? A) a receipt a customer must use to return the goods purchased B) a telephone bill the customer must return with payment C) a paycheck stub that must be used in the employee's tax return D) a customer loyalty card used every time a customer purchases goods or services

13) A surprise count of an imprest petty cash fund should find the total of ________ equal to the amount authorized for the fund. A) cash and credit memos B) cash and vouchers C) cash D) cash and checks

13) The maximum amount of time between backups is determined by a company's A) recovery time objective. B) recovery point objective. C) recovery objective. D) maximum time recovery objective.

13) The results of an internal audit finds that there is a problem with inaccurate time data being entered into the payroll system. What is an applicable control that can help prevent this event from occurring in the future? A) proper segregation of duties B) automation of data collection C) sound hiring procedures D) review of appropriate performance metrics

13) Two documents usually accompany goods shipped to a customer. What are the two documents? A) a bill of lading and an invoice B) a packing slip and a bill of lading C) an invoice and a packing slip D) an invoice and a sales order

13) Which characteristic of the fraud triangle often stems from a lack of internal controls within an organization? A) pressure B) opportunity C) rationalization D) concealment

13) Which of the following is least likely to be a major criterion in vendor selection? A) prices of goods B) credit rating of the vendor C) quality of goods D) ability to deliver on time

13) Which type of payroll report lists the voluntary deductions for each employee? A) payroll register B) deduction register C) earnings statement D) federal W-4 form

14) A ________ shows how a project will be completed, including tasks and who will perform them as well as a timeline and cost estimates. A) performance evaluation B) project development plan C) steering committee D) strategic master plan

15) Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at Oanez Dinnerware A) asked their auditors to make recommendations for the redesign of their information technology system and to aid in the implementation process. B) hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit. C) selected the company's Chief Financial Officer to chair the audit committee. D) did not mention to auditors that the company had experienced significant losses due to fraud during the past year.

15) Which of the following threats is not specific to the purchase requisition process of the expenditure cycle? A) stockouts B) purchasing from unauthorized vendors C) requisitioning goods not needed D) All of the above are threats in the purchase requisition process.

16) It has been discovered that credit sales have been made to customers with a poor credit rating. If this continues, the company will face increasing uncollectible receivables and losses due to bad debts. Separation of duties between ________ and ________ should help resolve the problem. A) shipping; billing duties B) credit approval; marketing C) billing; credit approval D) marketing; accounts receivable

16) Parity checks are an example of a(n) A) data entry control. B) data transmission control. C) output control. D) processing control.

18) Which of the following is not a benefit of using a payroll service bureau or a professional employer organization? A) freeing up of computer resources B) increased internal control C) reduced costs D) wider range of benefits

19) All of the following edit checks for online editing of accounts receivable transactions would probably be included except A) validity checks on customer ID and invoice numbers. B) check digit verification on the amount of the sale. C) closed loop verification on the customer ID. D) field checks on the values in dollar fields.

2 9) Which type of control prevents, detects, and corrects transaction errors and fraud? A) general B) application C) detective D) preventive

2 9) ________ are used to transmit time and attendance data directly to the payroll processing system. A) Badge readers B) Electronic time clocks C) Magnetic cards D) none of the above

2) Because many HRM / payroll master databases typically contain only descriptive information (such as which employees possess which skills), many firms have deployed ________ to more effectively leverage employees knowledge and skills. A) relational databases B) knowledge management systems C) Resources, Events, and Agents (REA) databases D) cardinality systems

2) Identify the most correct statement with regards to an event. A) An event identified by management will occur. B) An event identified by management may or may not occur. C) An event identified by management may not trigger other events. D) It is easy to determine which events are most likely to occur.

2) One of the basic activities in the expenditure cycle is the receiving and storage of goods, supplies, and services. What is the counterpart of this activity in the revenue cycle? A) sales order entry process B) shipping function C) cash collection activity D) cash payments activity

2) Which is the best control to prevent invoicing customers for more than the actual quantity shipped? A) Use the information from the sales order to prepare the sales invoice. B) Use the information from the packing slip to prepare the sales invoice. C) Use the information from the bill of lading to prepare the sales invoice. D) Use the information from the picking ticket to prepare the sales invoice.

21 29) Which COBIT5 management practice addresses system backup procedures? A) DSS01.06 B) DSS04.07 C) DSS03.05 D) DSS04.04

21) The payroll transaction file should contain A) entries to add new hires. B) time card data. C) changes in tax rates. D) All of the above are correct.

21) This is used to identify rogue modems (or by hackers to identify targets). A) war chalking B) war dialing C) war driving D) none of the above

22) A ________ ensures input data will fit into the assigned field. A) limit check B) size check C) range check D) validity check

25) This determines the correctness of the logical relationship between two data items. A) range check B) reasonableness test C) sign check D) size check

26) The manager of Cezary Foods was purchasing inventory from Bogumil Distributors online. The manager entered the items and quantities, completed the checkout and payment process, but received the following error message before the order could be processed: "Please enter your phone number." This message is likely the result of a A) validity check. B) completeness test. C) closed-loop verification. D) customer relationship management software application.

26) Which of the following is not a common design feature of housing mission-critical servers and databases? A) adequate air-conditioning systems to reduce the likelihood of damage due to overheating B) overhead sprinklers to provide protection from fire C) cables with special plugs that cannot be easily removed D) surge-protection devices to provide protection against temporary power fluctuations

29) Falk Noam is the internal auditor for Matan Incorporated. Before investigating the HRM / payroll cycle at Matan, Falk decided to read up on the proper segregation of duties regarding payroll disbursement processes. For strongest segregation of duties, the ________ should distribute paychecks. A) accounts payable department B) cashier C) internal audit department D) external auditor

29) In 2007, a major U.S. financial institution hired a security firm to attempt to compromise its computer network. A week later, the firm reported that it had successfully entered the system without apparent detection and presented an analysis of the vulnerabilities that had been found. This is an example of a A) preventive control. B) detective control. C) corrective control. D) standard control.

3 12) When would an MRP inventory approach be a preferred to a JIT inventory approach? A) when a product has a short life cycle B) when demand for inventory is fairly predictable C) when demand for inventory is very unpredictable D) MRP is always a preferred method over JIT.

3 13) A(n) ________ measures company progress by comparing actual performance to planned performance. A) boundary system B) diagnostic control system C) interactive control system D) internal control system

3) According to the ERM, ________ deal with the effectiveness and efficiency of company operations, such as performance and profitability goals. A) compliance objectives B) operations objectives C) reporting objectives D) strategic objectives

3) Identify the firm below where employees' knowledge is likely to be more valuable than the value of a company's tangible assets. A) international airline B) law firm C) automobile manufacturer D) railroad

3) Identify the preventive control below. A) reconciling the bank statement to the cash control account B) approving customer credit prior to approving a sales order C) maintaining frequent backup records to prevent loss of data D) counting inventory on hand and comparing counts to the perpetual inventory records

3) On Tuesday morning, Chen Lee, Chief Information Officer at American Trading Corporation (ATC), got some bad news. The hard drive use to store system data backups was lost while it was being transported to an offsite storage location. Chen called a meeting of her technical staff to discuss the implications of the loss. Which of the following is most likely to relieve her concerns over the potential cost of the loss? A) ATC has a comprehensive disaster recovery plan. B) The hard drive was encrypted and password protected. C) The shipper has insurance that will reimburse ATC for the cost of the hard drive. D) ATC has a copy of the hard drive onsite, so a new copy for storage offsite can easily be prepared.

3) Which of the following is not an objective of a disaster recovery plan? A) Minimize the extent of the disruption, damage or loss. B) Permanently establish an alternative means of processing information. C) Resume normal operations as soon as possible. D) Train employees for emergency operations.

34) Identify the most accurate statement below. A) Several purchase requisitions are often created to fill one purchase order. B) Several purchase orders are often created to fill one purchase requisition. C) Every purchase requisition should lead to the creation of one purchase order. D) Every purchase order should lead to the creation of one purchase requisition.

34) When new employees are hired by Pacific Technologies, they are assigned user names and passwords and provided with laptop computers that have an integrated fingerprint reader. In order to log in, the user's fingerprint must be recognized by the reader. This is an example of a(n) A) authorization control. B) biometric device. C) remote access control. D) defense in depth.

35) Executive immersion experiences are important because A) CEOs often have no idea what rank-and-file employees do on a daily basis. B) employees who have positive attitudes contribute to increasing company profits. C) many employees feel upper management is out of touch. D) it is important for organizations to take social responsibility seriously.

35) If a firm uses an ERP, the best way to mitigate the risk of the destruction of master data is to A) frequently update the ERP system. B) implement the ERP system in three separate instances. C) periodically audit the ERP system. D) integrate the ERP system with all IT functions.

36) A reverse auction would likely be best suited to the purchase of A) central processing units (CPUs). B) soybeans. C) designer clothing. D) automobiles.

36) Identify a useful tool for monitoring accounts receivable. A) ERP exception report B) accounts receivable aging report C) accounts receivable tolerance report D) customer credit limit report

37) Evaluated receipt settlement increases efficiency by A) eliminating the need for receiving reports. B) eliminating the need for vendor invoices. C) eliminating the need for purchase orders. D) eliminating the need to prepare and mail checks.

37) Involving accountants in executive compensation plans is often especially helpful A) in keeping track of the executive compensation plan. B) in identifying the appropriate metrics to use when linking compensation to performance. C) in reducing the total amount of compensation paid to executives. D) in suggesting the appropriate amount of compensation executives should be paid.

38) An important control that can be used to reduce the risk of employee kickbacks is A) surveillance cameras. B) job rotation. C) off-site restrooms. D) use of ID badges.

38) It costs ________ times as much to acquire a new customer as it does to make a sale to an existing customer. A) two B) five C) eight D) ten

4 17) Irene Pacifica was relaxing after work with a colleague at a local watering hole. Well into her second martini, she began expressing her feelings about her company's budgeting practices. It seems that as a result of controls put in place by the company, her ability to creatively manage his department's activities have been curtailed. The level of control that the company is using in this case is a(n) A) boundary system. B) diagnostic control system. C) interactive control system. D) belief system.

4) A power outage is an example of a(n) ________ threat. A) natural and political disasters B) software errors and equipment malfunctions C) unintentional acts D) system inefficiency

4) The ________ should always be included with a merchandise shipment to a customer. A) picking ticket B) packing slip C) sales invoice D) remittance advice

4) The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the A) control activities. B) organizational structure. C) budget framework. D) internal environment.

4) Which of the following is not a key method of monitoring performance? A) performing internal control evaluation B) employing a chief risk officer C) implementing effective supervision D) monitoring system activities

4) Why is computer fraud often more difficult to detect than other types of fraud? A) Rarely is cash stolen in computer fraud. B) The fraud may leave little or no evidence it ever happened. C) Computers provide more opportunities for fraud. D) Computer fraud perpetrators are just more clever than other types of criminals.

40) A workforce inventory report A) is filed each quarter to reconcile monthly tax payments with total tax liability for the quarter. B) is used in preparing labor-related reports for government agencies. C) is used for employee information and annual payroll reports. D) is used to document compliance with applicable regulations.

40) The Spontaneous Combustion Rocket Shoppe in downtown Fargo, North Dakota, generates three quarters of its revenue from orders taken over the Internet. The revenue clearing account is debited by the total of cash and credit receipts and credited by the total of storefront and Internet sales. This is an example of a A) data integrity test. B) zero-balance test. C) trial balance audit. D) cross-footing balance test.

41) A picking ticket is generated by the A) shipping process. B) sales order entry process. C) packing process. D) billing process.

42) Which of the following is not a threat to the revenue cycle billing process? A) accounts receivable errors B) loss of customers C) failure to bill D) inaccurate credit memos

44) Which of the following is a control is an important way to prevent buffer overflow vulnerabilities? A) limit check B) size check C) range check D) field check

44) Which of the following is not a general threat to the revenue cycle? A) inaccurate master data B) loss of customers C) poor performance D) unauthorized disclosure of sensitive information

46) A border router A) routes electronic communications within an organization. B) connects an organization's information system to the Internet. C) permits controlled access from the Internet to selected resources. D) serves as the main firewall.

5 20) What is one of the best ways to improve the overall efficiency and effectiveness of the receipt and storage of ordered items? A) requiring all suppliers to have the carrier verify quantities and item numbers before shipment B) requiring all suppliers to include RFID tags on their items C) requiring all suppliers to use EDI to expedite the receiving department function D) requiring all delivery trucks to have satellite data terminals to expedite the receiving department function

5) A facility that contains all the computing equipment the organization needs to perform its essential business activities is known as a A) cold site. B) hot site. C) remote site. D) subsidiary location.

5) If duties are properly segregated, the authorization function is performed by ________, the recording function is performed by ________, and cash handling is performed by the ________. A) accounts payable; purchasing; cashier B) purchasing; accounts payable; cashier C) purchasing; cashier; accounts payable D) purchasing; accounts payable; treasurer

5) Regularly reviewing an accounts receivable aging report can help management do what? A) identify customers who have not purchased anything lately B) determine whether changes are needed in the firm's credit policies C) improve the speed which customers make payments D) determine whether the firm's pricing policy is effective

5) Which of the following is not one of the essential criteria for successfully implementing each of the principles that contribute to systems reliability, as discussed in the Trust Services Framework? A) developing and documenting policies B) effectively communicating policies to all outsiders C) designing and employing appropriate control procedures to implement policies D) monitoring the system and taking corrective action to maintain compliance with policies

57) Which of the following factors is not of key importance when selecting inventory suppliers? A) product price B) vendor corporate structure C) product quality D) vendor delivery dependability

6) Identify the opportunity below that could enable an employee to commit fraud. A) An employee's spouse loses her job. B) An employee has a close association with suppliers or customers. C) An employee suddenly acquires lots of credit cards. D) An employee is upset that he was passed over for a promotion.

6) Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter A) unintentional errors. B) employee fraud or embezzlement. C) fraud by outsiders. D) disgruntled employees.

6) What was the first known cyber-attack intended to harm a real-world physical target? A) Sasser B) Stuxnet C) Michelangelo D) Doomsday

7 28) A voucher package should include A) a purchase requisition, vendor invoice, and receiving report. B) a purchase order, vendor invoice, and receiving report. C) a purchase requisition, purchase order, and receiving report. D) a bill of lading and vendor invoice.

7) Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit rejected transactions are an example of a ________ control. A) corrective; detective B) detective; corrective C) preventive; corrective D) detective; preventive

7) What is a key feature of materials requirements planning (MRP)? A) minimize or entirely eliminate carrying and stockout costs B) reduce required inventory levels by scheduling production rather than estimating needs C) determine the optimal reorder point D) determine the optimal order size

7) What is the best control to mitigate the threat of paying prices that are too high for goods ordered? A) Require the receiving department to verify the existence of a valid purchase order. B) Use only approved suppliers and solicit competitive bids. C) Only pay invoices that are supported by the original voucher package. D) Use bar-code technology to eliminate data entry errors.

7) Which of the following is a control related to design and use of documents and records? A) locking blank checks in a drawer or safe B) sequentially prenumbering sales invoices C) reconciling the bank statement to the general ledger D) comparing physical inventory counts with perpetual inventory records

7) Which of the following is not a requirement of effective passwords? A) Passwords should be changed at regular intervals. B) Passwords should be no more than 8 characters in length. C) Passwords should contain a mixture of upper and lowercase letters, numbers and characters. D) Passwords should not be words found in dictionaries.

8 14) This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination. A) access control list B) Internet protocol C) packet switching protocol D) transmission control protocol

8) How is credit approval generally handled for established customers with a documented payment history? A) A new credit application is requested. B) General authorization by a sales clerk C) Specific authorization by the credit manager D) A formal credit check should be made for each sale.

8) Which type of threat causes the greatest dollar losses? A) software errors and equipment malfunctions B) unintentional acts C) intentional acts D) system inefficiency

8) Whitewater Rapids provides canoes to tourists eager to ride Whitewater river's rapids. Management has determined that there is one chance in a thousand of a customer being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss without insurance? A) $50 B) $650 C) $50,000 D) $650,000

8) ________ enables a system to continue functioning in the event that a particular component fails. A) An incremental backup procedure B) Fault tolerance C) Preventive maintenance D) A concurrent update control

9 15) What is the most prevalent opportunity within most companies to commit fraud? A) lack of any internal controls B) failure to enforce the internal controls C) loopholes in the design of internal controls D) management's failure to believe employees would commit fraud

9 27) This tests a numerical amount to ensure that it does not exceed a predetermined value. A) completeness check B) limit check C) range check D) sign check

9) The inventory tracking system shows that 12 iPods were on hand before a customer brings three iPods to the register for purchase. The cashier accidentally enters the quantity sold as 30 instead of 3. Which data entry control would most effectively prevent this error? A) limit check B) sign check C) field check D) validity check

9) What is a typical procedure for processing sales orders from new customers or customers making a purchase that causes their credit limit to be exceeded? A) General authorization to approve the order is given to sales clerks. B) Specific authorization must be granted by the credit manager. C) The sale should be rejected. D) The sales clerk should order a report from a credit bureau before approving the order.

1) Before a shipping notice is prepared during the revenue cycle, shipping department personnel should match the inventory received from the warehouse to the A) sales order. B) picking tickets. C) picking ticket and sales order. D) sales order and bill of lading.

1) Identify the statement below which is not a useful control procedure regarding access to system outputs. A) restricting access to rooms with printers B) coding reports to reflect their importance C) allowing visitors to move through the building without supervision D) requiring employees to log out of applications when leaving their desk

1) Seble wants to open a floral shop in a downtown business district. She doesn't have funds enough to purchase inventory and pay six months'' rent up front. Seble approaches a good friend, Zhou, to discuss the possibility of Zhou investing funds and becoming a 25% partner in the business. After a lengthy discussion Zhou agrees to invest. Eight months later, Zhou and Seble have a major argument. In order for Zhou to sue Seble for fraud, all the following must be true except A) Zhou's decision to invest was primarily based on Seble's assertion that she had prior floral retail experience. B) Seble told Zhou she had worked at a floral shop for several years, when in fact she did not have any prior experience in floral retail. C) before Zhou invested, Seble prepared a detailed business plan and sales forecasts, and provided Zhou with copies. D) Zhou's 25% share of the business is worth substantially less than her initial investment.

1) Which of the following is least likely to result in computer fraud? A) releasing data to unauthorized users B) allowing computer users to test software upgrades C) allowing computer operators full access to the computer room D) storing backup tapes in a location where they can be quickly accessed

1) ________ is not a risk responses identified in the COSO Enterprise Risk Management Framework. A) Acceptance B) Avoidance C) Monitoring D) Sharing

10 31) This control ensures that the correct and most current files are being updated. A) cross-footing balance test B) data flab C) file labels D) write-protect mechanism

10) Whitewater Rapids provides canoes to tourists eager to ride Whitewater river's rapids. Management has determined that there is one chance in a thousand of a customer being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. Based on cost-benefit analysis, what is the most that the business should pay for the insurance? A) $50 B) $500 C) $600 D) $650

11 26) This is an authorized attempt by an internal audit team or an external security consultant to attempt to break into the organization's information system. A) log analysis B) intrusion detection system C) penetration test D) vulnerability scan

11 9) The amount of risk a company is willing to accept in order to achieve its goals and objectives is A) inherent risk. B) residual risk. C) risk appetite. D) risk assessment.

11) Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies. A) Foreign Corrupt Practices Act of 1977 B) The Securities Exchange Act of 1934 C) The Sarbanes-Oxley Act of 2002 D) The Control Provision of 1998

11) Logic errors are an example of which type of threat? A) natural and political disasters B) software errors and equipment malfunctions C) unintentional acts D) system inefficiency

11) The threat of violation of employment laws relates directly to which activity? A) payroll processing B) collecting employee time data C) hiring and recruiting D) all of the above

12 30) Which of the following is commonly true of the default settings for most commercially available wireless access points? A) The security level is set at the factory and cannot be changed. B) Wireless access points present little danger of vulnerability so security is not a concern. C) Security is set to the lowest level that the device is capable of. D) Security is set to the highest level that the device is capable of.

12) Form design is one example of a(n) A) output control. B) processing control. C) input control. D) data entry control.

12) One fraudulent scheme covers up a theft by creating cash through the transfer of money between banks. This is known as A) lapping. B) misappropriation of assets. C) kiting. D) concealment.

12) Which of the following was not an important change introduced by the Sarbanes-Oxley Act of 2002? A) new roles for audit committees B) new rules for auditors and management C) new rules for information systems development D) the creation of the Public Company Accounting Oversight Board

12) ________ copies all changes made since the last full backup. A) Archive B) Cloud computing C) Differential backup D) Incremental backup

13 4) ________ objectives help ensure the accuracy, completeness and reliability of internal and external company reports, Applying the ERM framework. A) Compliance objectives B) Operations objectives C) Reporting objectives D) Strategic objectives

13) A ________ is created to guide and oversee systems development and acquisition. A) performance evaluation B) project development plan C) steering committee D) strategic master plan

14) A(n) ________ helps top-level managers with high-level activities that demand frequent and regular attention. A) boundary system B) diagnostic control system C) interactive control system D) internal control system

14) What control should be put in place that assigns responsibility for EFT payments made to vendors? A) Encrypt all EFT transmissions. B) Time stamp all EFT transactions. C) Establish a control group to monitor EFT transactions for validity and accuracy. D) Number all EFT transactions.

14) Which type of payroll report includes the details of the current paycheck and deductions as well as year-to-date totals? A) payroll register B) deduction register C) earnings statement D) federal W-4 form

14) True or False: Cloud computing can potentially generate significant cost savings for an organization.

TRUE

2 9) True or False: A disgruntled employee in Australia hacked into a sewage system, causing a quarter of a million gallons of raw sewage to flood a hotel and a park.

TRUE

24) True or False: It is impossible to eliminate the risk of downtime.

TRUE

32) True or False: It is important to physically count inventory, at least periodically, even in a perpetual inventory system.

TRUE

4) True or False: Batch processing continues to be widely used to process payroll transactions.

TRUE

5) True or False: The COSO ERM contains all five of the same COSO-Integrated Framework components.

TRUE

50) True or False: A credit sale should always be reviewed by a credit manager if it exceeds the customer's credit limit.

TRUE

52) True or False: Under the EOQ inventory approach, carrying costs are usually ignored for low-cost/low-usage items.

TRUE

31) Explain the functions of the payroll register, deduction register, and earnings statement.

The payroll register is a report that lists each employee's gross pay, payroll deductions, and net pay for each pay period. The deduction register lists the voluntary deductions for each employee. The earnings statement lists the amount of gross pay, deductions, and net pay for the current period, as well as providing year-to-date totals.

19 21) Discuss how cloud computing could both positively and negatively affect system availability.

Cloud computing significantly reduces the risk that a single event would result in system unavailability, since the 'cloud' consists of banks of redundant servers, in multiple locations. However, since users don't own the cloud, if a provider goes out of business, users may find it very difficult to access applications and data stored in the cloud. Additionally, users should evaluate the security and availability controls of the cloud provider before transacting business.

1 5) Which of the following measures can protect a company from AIS threats? A) Take a proactive approach to eliminate threats. B) Detect threats that do occur. C) Correct and recover from threats that do occur. D) All of the above are proper measures for the accountant to take.

1) The Gwallter Reece Chihuahua Sweater Co. (GRCCo) was established in 2013. It recently signed a large contract with PetCo pet stores. GRCCo will be required to track and forecast sweater sales by linking in to PetCo's sales database. GRCCo will then be responsible for shipping products to PetCo as needed. The relationship between GRCCo and PetCo is an example of A) sales force automation. B) electronic data interchange. C) optical character recognition. D) vendor-managed inventory.

1) The best example of an effective payroll transaction file hash total would most likely be A) sum of net pay. B) total number of employees. C) sum of hours worked. D) total of employees' social security numbers.

1) To accomplish the objectives set forth in the expenditure cycle, a number of key management decisions must be addressed. Which of the decisions below is not ordinarily found as part of the expenditure cycle? A) How can cash payments to vendors be managed to maximize cash flow? B) What is the optimal level of inventory and supplies to carry on hand? C) Where should inventories and supplies be held? D) What are the optimal prices for each product or service?

1) Which of the below is not a component of the COSO ERM? A) monitoring B) control environment C) risk assessment D) compliance with federal, state, or local laws

10) Misappropriation of assets is a fraudulent act that involves A) dishonest conduct by those in power. B) misrepresenting facts to promote an investment. C) using computer technology to perpetrate. D) theft of company property.

10) Which of the following is not one of the five principles of COBIT5? A) meeting stakeholder needs B) covering the enterprise end-to-end C) enabling a holistic approach D) improving organization efficiency

10) Which of the following is the best way to hide theft of assets? A) creating "cash" through the transfer of money between banks B) conversion of stolen assets into cash C) stealing cash from customer A and then using customer B's balance to pay customer A's accounts receivable D) charging the stolen asset to an expense account

11 5) Why do many fraud cases go unreported and unprosecuted? A) Major fraud is a public relations nightmare. B) Fraud is difficult, costly, and time-consuming to investigate and prosecute. C) Law enforcement and the courts are often so busy with violent crimes that little time is left for fraud cases. D) all of the above

11) The COBIT5 framework primarily relates to A) best practices and effective governance and management of private companies. B) best practices and effective governance and management of public companies. C) best practices and effective governance and management of information technology. D) best practices and effective governance and management of organizational assets.

11) What is the key difference between the MRP and JIT inventory management approaches? A) Only JIT reduces costs and improves efficiency. B) MRP is especially useful for products such as fashion apparel. C) JIT is more effectively used with products that have predictable patterns of demand. D) MRP schedules production to meet estimated sales needs; JIT schedules production to meet customer demands.

11) Which of the following preventive controls are necessary to provide adequate security for social engineering threats? A) controlling remote access B) encryption C) host and application hardening D) awareness training

11) ________ involves copying only the data items that have changed since the last partial backup. A) Archive B) Cloud computing C) Differential backup D) Incremental backup

12) A special purpose hardware device or software running on a general purpose computer, which filters information that is allowed to enter and leave the organization's information system, is known as a(n) A) demilitarized zone. B) intrusion detection system. C) intrusion prevention system. D) firewall.

12) Applying the COBIT5 framework, governance is the responsibility of A) internal audit. B) external audit. C) management. D) the board of directors.

12) What is a potential threat to the specific activity of payroll processing? A) hiring unqualified employees B) poor system performance C) violations of employment laws D) unauthorized changes to the payroll master file

13 33) When new employees are hired by Pacific Technologies, they are assigned user names and appropriate permissions are entered into the information system's access control matrix. This is an example of a(n) A) authentication control. B) biometric device. C) remote access control. D) authorization control.

13) Sequentially prenumbered forms are an example of a(n) A) data entry control. B) data transmission control. C) processing control. D) input control.

13) This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet. A) access control list B) Internet protocol C) packet switching protocol D) transmission control protocol

14 2) Which of the following statements is true with regards to system availability? A) Human error does not threaten system availability. B) Threats to system availability can be completely eliminated. C) Proper controls can maximize the risk of threats causing significant system downtime. D) Threats to system availability include hardware and software failures as well as natural and man-made disasters.

14 36) The most effective method for protecting an organization from social engineering attacks is providing A) a firewall. B) stateful packet filtering. C) a demilitarized zone. D) employee awareness training.

14 6) Matching customer account numbers and inventory item numbers to the numbers in the customer and inventory master files is an example of a A) completeness test. B) field check. C) reasonableness test. D) validity check.

14) Once a vendor is selected for a product, the vendor's identity is recorded in the A) purchase requisition transaction file. B) purchase requisition master file. C) inventory transaction file. D) inventory master file.

14) Turnaround documents are an example of a(n) A) data entry control. B) output control. C) processing control. D) input control.

14) Which of the following is a control that can be implemented to help prevent paychecks being issued to a "phantom" or "ghost" employee? A) The cashier should sign all payroll checks. B) Sequentially prenumber all payroll checks. C) Use an imprest account to clear payroll checks. D) Paychecks should be physically distributed by someone who does not authorize time data or record payroll.

15 10) Segregation of duties controls dictates that the collection and recording functions be kept separate from each other. However, the accounts receivable department needs to know when customers pay their invoices. What is a solution to this potential internal control problem? A) Establish a lockbox arrangement with a bank. B) Have customers send a remittance advice with their payment. C) Have mailroom personnel prepare a remittance list which can be forwarded to accounts receivable. D) all of the above

15) The accounting department at Synergy Hydroelectric records an average of 12,500 transactions per hour. By cost-benefit analysis, managers have concluded that the maximum acceptable loss of data in the event of a system failure is 25,000 transactions. If the firm's recovery time objective is 120 minutes, then the worst case recovery time objective is A) 1 hour. B) 2 hours. C) 3 hours. D) 4 hours.

15) The average annual management salary at Iyov Management is $80,000. If the average turnover rate for employees is ten per year, what is the approximate average annual cost of turnover? A) $80,000 B) $400,000 C) $800,000 D) $1,200,000

16 11) Which of the following is not a way to improve fraud detection? A) Install fraud detection software. B) Implement a fraud hotline. C) Employ a computer security officer. D) Implement computer-based controls over input, processing, storage, and output activities.

16) A method for tracking accounts receivable that matches specific invoices and payments from the customer is called a(n) ________ method. A) specific identification B) balance forward C) cycle billing D) open-invoice

16) Compatibility tests utilize a(n) ________, which is a list of authorized users, programs, and data files the users are authorized to access or manipulate. A) validity test B) biometric matrix C) logical control matrix D) access control matrix

17 4) Which of the following controls would be the least effective in preventing paying the same invoice twice? A) Only pay from original invoices. B) Cancel each document in the voucher package once the check is prepared and mailed. C) Only pay vendor invoices that have been matched and reconciled to a purchase order and a receiving report. D) Allow only the accounts payable department to authorize payment for vendor invoices and allow only the cash disbursements department to cut and mail checks to vendors.

17) The management at Barks-a-Million is considering a new inventory control system. The current system is inadequate because it frequently causes stockouts that interrupt production and lead to excess stock of other materials — resulting in markdowns and high carrying costs. The new system will focus on ensuring that orders are placed with sufficient lead time to prevent stockouts by using A) a just-in-time inventory system. B) the economic order quantity. C) materials requirements planning. D) a reorder point.

17) The process that screens individual IP packets based solely on the contents of the source and/ or destination fields in the packet header is known as A) access control list. B) deep packet inspection. C) stateful packet filtering. D) static packet filtering.

18) A receiving clerk notes that a delivery of 10 units has been received, but the purchase order specified 12 units. A debit memo will need to be prepared to adjust for the difference between the quantity ordered and received. Who should prepare this document? A) the receiving clerk B) the controller C) the vendor D) the purchasing department manager

19 4) One of the key objectives of segregating duties is to A) ensure that no collusion will occur. B) achieve an optimal division of labor for efficient operations. C) make sure that different people handle different transactions. D) make sure that different people handle different parts of the same transaction.

19) Identify in which of the following scenarios a company could adjust the balance due the vendor by issuing a debit memo. A) quantity different from that ordered B) damage to the goods C) goods that fail inspection for quality D) All of the above are possible scenarios.

19) Probably the most important change management control is A) monitoring user rights and privileges during the change process. B) testing all changes thoroughly prior to implementation on a stand-alone computer. C) updating all documentation to reflect changes made to the system. D) management's careful monitoring and review.

2) According to the ERM, high level goals that are aligned with and support the company's mission are A) compliance objectives. B) operations objectives. C) reporting objectives. D) strategic objectives.

2) According to the Trust Services Framework, the reliability principle of integrity is achieved when the system produces data that A) is available for operation and use at times set forth by agreement. B) is protected against unauthorized physical and logical access. C) can be maintained as required without affecting system availability, security, and integrity. D) is complete, accurate, and valid.

2) How does the U.S. Justice Department define computer fraud? A) as any crime in which a computer is used B) as any act in which cash is stolen using a computer C) as an illegal act in which a computer is an integral part of the crime D) as an illegal act in which knowledge of computer technology is essential

2) Which department should have the sole ability to provide information to the AIS about hiring, terminations, and pay rate changes? A) payroll B) timekeeping C) production D) HRM

20) A type of business document in which part of the original document is returned to the source for further processing is called a ________ document. A) feedback B) returnable C) closed-loop D) turnaround

20) Anong Mali is the purchasing manager at Wattana Technologies. She has responsibility for reviewing and authorizing purchase orders. She also reviews receiving reports, approves or corrects them, and authorizes the cashier to pay vendor invoices. Which of the following would correct control weaknesses related to these activities? A) Controls are adequate under the current system. B) Vendor invoices should be reviewed by accounts receivable and then cancelled when paid. C) Vendor invoices should be reviewed by the purchasing manager to ensure that they are correct. D) Accounts payable should reconcile purchase orders, receiving reports, and invoices.

21 12) A document that shows all projects that must be completed and the related IT needs in order to achieve long-range company goals is known as a A) performance evaluation. B) project development plan. C) data processing schedule. D) strategic master plan.

21) Check digit verification is an example of a(n) A) data transmission control. B) output control. C) processing control. D) input control.

23) Which of the following duties could be performed by the same individual and not violate segregation of duty controls? A) handling cash and posting to customer accounts B) issuing credit memos and maintaining customer accounts C) handling cash and authorizing credit memos D) handling cash receipts and mailing vendor payments

24) Internal file labels can be used to prevent the loss of data in the revenue cycle since they A) record off-site storage locations. B) keep competitors from accessing files. C) organize the on-site physical storage site. D) reduce the possibility of erasing important files.

25) One objective of accounts payable is to authorize payment only for goods or services actually ordered and received. The best way to process supplier invoices is to use A) electronic funds transfer for small, occasional purchases from suppliers. B) a nonvoucher system. C) EDI for all small, occasional purchases from suppliers. D) a disbursement voucher system.

25) The process that uses automated tools to identify whether a system possesses any well- known security problems is known as a(n) A) intrusion detection system. B) log analysis. C) penetration test. D) vulnerability scan.

26) Identify the following item that should contribute to the efficiency of a payroll system. A) segregation of check distribution from payroll duties B) prompt redeposit of unclaimed paychecks C) a separate payroll bank account D) direct deposit of checks

26) What is not an advantage of using disbursement vouchers? A) Disbursement vouchers reduce the number of checks written. B) Disbursement vouchers can be prenumbered which simplifies the tracking of all payables. C) Disbursement vouchers facilitate separating the time of invoice approval from the time of invoice payment. D) There are no disadvantages to using disbursement vouchers.

27) Bogumil Distributors is an Internet-based wholesaler. Customers enter their orders online. The manager of Cezary Foods was entering an order when the following error message popped up: "Your order exceeds your available credit. You will be contacted within 8 hours." This message is the result of a A) sign check. B) validity check. C) reasonableness test. D) limit check.

27) To protect against malware, it is important that antivirus software automatically examine ________ introduced into a system. A) CDs B) e-mail C) flash drives D) all of the above

27) Which of the following documents would be likely to yield the greatest cost saving by converting from paper to electronic? A) payroll register B) earnings statement C) deduction register D) time card

29) A clerk at a grocery store scanned the bar code for a low cost bag of frozen chicken wings then gave his friend an expensive brand-name bag of frozen chicken wings.Which of the following controls would best prevent the clerk from getting away with doing this? A) physical inventory count B) segregation of duties C) limited physical access to bar codes D) use of RFID tags

3) Identify the threat below that is not one of the four types of threats faced by accounting information systems. A) natural and political disasters B) software errors and equipment malfunctions C) unintentional acts D) system inefficiency

3) Nolwenn Limited has been diligent in ensuring that their operations meet modern control standards. Recently, they have extended their control compliance system by incorporating policies and procedures that require the specification of company objectives, uncertainties associated with objectives, and contingency plans. Nolwenn Limited is transitioning from a ________ to a ________ control framework. A) COSO-Integrated Framework; COBIT B) COBIT; COSO-Integrated Framework C) COBIT; COSO-ERM D) COSO-Integrated Framework; COSO-ERM E) COSO-ERM; COBIT

3) When using electronic documents, ________ increase(s) the accuracy of data entry. A) access controls B) separation of duties C) general controls D) application controls

3) Which of the following is not a key decision that needs to be made in the revenue cycle? A) How should merchandise be delivered to customers? B) Should credit be extended to customers? C) How can customer payments be processed to maximize cash flow? D) Which vendor should inventory be purchased from?

31) In recent years, many of the attacks carried out by hackers have relied on this type of vulnerability in computer software. A) code mastication B) boot sector corruption C) weak authentication D) buffer overflow

33) Ngai Nhung is the sales manager at Hung Technologies. At lunch with the company CEO, Ngai proudly announced that he had negotiated a(n) ________ with a client that represented the customer's long-term commitment to buy components from Hung. A) purchase order B) evaluated receipt settlement C) voucher D) blanket purchase order

33) This data entry control compares the ID number in transaction data to a master file to verify that the ID number exists. A) reasonableness test B) user review C) data matching D) validity check

34) Loreen Tina is the chief lawyer for Tamara Incorporated. The CEO of Tamara Incorporated asks Loreen whether the company should periodically delete all company e-mail. If Loreen is well-versed in AIS best practices, she would mostly likely respond, A) Yes, if we are ever sued, the other attorney will not be able to comb through our e-mail for evidence. B) Yes, since e-mail requires a lot of storage space, deleting it periodically will reduce the amount of information we need to store. C) No, deleting an organization's e-mail is against the law. D) No, if we are ever sued we will not be able to draw upon our e-mail records to defend ourselves.

38) In the expenditure cycle, Financial Electronic Data Interchange (FEDI) increases efficiency by 1. A) eliminating the need for receiving reports. 2. B) eliminating the need for vendor invoices. 3. C) eliminating the need for purchase orders. 4. D) eliminating the need to prepare and mail checks.

4 7) ________ is a data entry input control that involves summing the first four digits of a customer number to calculate the value of the fifth digit, then comparing the calculated number to the number entered during data entry. A) Validity check B) Duplicate data check C) Closed-loop verification D) Check digit verification

4) Who does the payroll system issue checks to? A) employees and to banks participating in direct deposit B) a company payroll bank account C) government agencies D) All of the above are correct.

41) Professional employer organizations (PEOs) are especially attractive to small and mid-sized businesses for all of the following reasons except A) reduced costs. B) wider range of benefits. C) freeing up computer resources. D) improved service quality.

42) Which of the following is not a risk associated with the data input process? A) Data is invalid. B) Data is incomplete. C) Data is inaccurate. D) Data is corrupted.

49) Which of the following is not an activity performed in the expenditure cycle? A) ordering B) receiving C) cash disbursement D) shipping

5) Which of the following is not a potential effect of inaccurate data on employee time cards? A) increased labor expenses B) erroneous labor expense reports C) damaged employee morale D) inaccurate calculation of overhead costs

5) Which of the following is not one of the controls when customer payments are commingled with other mail? A) preparing a remittance list as mail is opened B) restrictively endorsing checks when received C) requiring two mail room clerks to open mail together D) requiring the controller to be personally present when mail is received and opened

5) ________ is/are an example of a detective control. A) Physical access controls B) Encryption C) Emergency response teams D) Log analysis

51) The traditional approach to inventory management generally involves A) high stockout costs. B) minimizing item cost. C) receiving goods or services just prior to the time they are needed. D) maintaining inventory levels so that production can continue even if inventory use is greater than expected.

6 24) A disbursement voucher contains A) a list of outstanding invoices. B) the net payment amount after deducting applicable discounts and allowances. C) the general ledger accounts to be debited. D) All of the above are correct.

6 6) Which of the following is an example of a corrective control? A) physical access controls B) encryption C) intrusion detection D) incident response teams

6) Of the following examples of fraud, which will be the most difficult to prevent and detect? Assume the company enforces adequate segregation of duties. A) A mail room employee steals a check received from a customer and destroys the documentation. B) The accounts receivable clerk does not record sales invoices for friends or family, so they can receive free goods. C) An employee puts inventory behind the dumpster while unloading a vendor's delivery truck, then picks up the inventory later in the day and puts it in her car. D) Mike issues credit cards to him and Maxine, and when the credit card balances are just under $1,000, Maxine writes off the accounts as bad debt. Mike then issues new cards.

7 7) Which of the following is a financial pressure that could cause an employee to commit fraud? A) a feeling of not being appreciated B) failing to receive a deserved promotion C) believing that their pay is too low relative to others around them D) having a spouse injured in a car accident and in the hospital for several weeks

7) During the sales order entry process, a ________ is performed to compare the quantity ordered with the standard amounts normally ordered. A) completeness test B) redundant data check C) field check D) reasonableness test

7) Which of the following statements is false regarding the use of incentives, commissions and bonuses in the payroll system? A) Using incentives, commissions, and bonuses requires linking the payroll system and the information systems of sales and other cycles in order to collect the data used to calculate bonuses. B) Bonus/incentive schemes must be properly designed with realistic, attainable goals that can be objectively measured. C) Incentive schemes can result in undesirable behavior. D) All of the above are true.

7) Whitewater Rapids provides canoes to tourists eager to ride Whitewater River's rapids. Management has determined that there is one chance in a thousand of a customer being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the impact of this risk without insurance? A) $50 B) $650 C) $50,000 D) $650,000

8 13) Applying the COBIT5 framework, monitoring is the responsibility of A) the CEO. B) the CFO. C) the board of directors. D) all of the above

8 23) This tests a numerical amount to ensure that it does not exceed a predetermined value nor fall below another predetermined value. A) completeness check B) field check C) limit check D) range check

8) There are "white hat" hackers and "black hat" hackers. Cowboy451 was one of the "black hat" hackers. He had researched an exploit and determined that he could penetrate the target system, download a file containing valuable data, and cover his tracks in eight minutes. Six minutes into the attack he was locked out of the system. Using the notation of the time-based model of security, which of the following must be true? A) P < 6 B) D = 6 C) P = 6 D) P > 6

9) Identify the best description of an access control matrix below. A) does not have to be updated B) is used to implement authentication controls C) matches the user's authentication credentials to his authorization D) is a table specifying which portions of the system users are permitted to access

9) The best solution for maintaining accurate automated perpetual inventory system is to use A) closed-loop verification when inventory is received from vendors and recorded. B) point of sale devices integrated with inventory records. C) periodic physical counts to reconcile with perpetual inventory records. D) RFID tags.

9) With a limited work force and a desire to maintain strong internal control, which combination of duties would result in the lowest risk exposure? A) updating the inventory subsidiary ledgers and recording purchases in the purchases journal B) approving a sales return on a customer's account and depositing customers' checks in the bank C) updating the general ledger and working in the inventory warehouse D) entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal

10) True or False: A 16 year old hacker was able to access the systems of U.S. Missile Command and accidently launched a small nuclear missile, which fortunately, failed to detonate.

FALSE

15) True or False: Cloud computing is generally more secure than traditional computing.

FALSE

32) True or False: Best practice requires backups be retained indefinitely.

FALSE

36) True or False: The HRM department should immediately delete records of employees who quit to prevent other employees from assuming their identities.

FALSE

49) True or False: A credit sale should always be denied if it exceeds the customer's credit limit.

FALSE

53) True or False: The EOQ approach to managing inventory has been gaining popularity in recent years.

FALSE

8) True or False: Shipping efficiency can often be improved by replacing RFID tags with bar codes.

FALSE

7 29) Identify the two types of payroll deductions and give two examples of each type.

Payroll deductions include: Payroll tax withholdings such as federal, state, and local income taxes, social security taxes, unemployment taxes; Voluntary deductions such as contributions to a pension plan, premium for group life, etc.

See all study sets

Chapter 15 Accounting Information Systems, Chap 12 Accounting Information Systems, Chapter 13 Accounting Information Systems, AIS FINAL REVIEW

Related study sets

UNIT 6

MHR 300 Midterm 1 Video Assignments Review

Psychology Chapter 15

ARH 303 exam 2

Bio 2 chapter 12 and 13

What is moral value and what does it reveal about the nature of the person?

ACC Exam 3

Nursing 112 Final Exam

ch 18

Oreilly fast track NHO delivery specialist

Chapter 13

unit 3 part 2

Mental Test #3

APUSH 1491-1607 Period 1

Ocean

ch. 14 marketing

World History The Reformation in Europe Lesson 1

Psyc1-LearningCurve Module 39.

Ch. 14 Questions

what is my favorite food best to disgusting