Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
E-R diagrams can be used to represent the contents of any kind of database.
SOX suggested the fraud hotline as a mechanism for employees to report fraud and
abuse.
An accounting information system requires at least one computer.
The SEC requires U.S. companies to use XBRL when submitting their filings.
Steganography malware uses encryption to increase its effectiveness.
There is a direct relationship between inherent risk and detection risk.
In a system with effective separation of duties, it is difficult for any single employee to
embezzle successfully.
Many systems development projects requirements do not change because users often
have a good understanding of all the things they want the software to do.
It is impossible to encrypt information transmitted over the Internet.
Encryption is one of the many ways to protect information in transit over the internet.
ERP systems make it easier for an organization to implement an activity based costing
approach.
Shipping efficiency can often be improved by replacing RFID tags with bar codes.
A Deloitte & Touche survey found that most chief information officers do not expect to
replace their current systems with commercially available packages.
Training can also reduce the risk of system downtime.
Corporate strategy should affect the way a firm deploys an accounting information
system.
Auditors have the ability to change inherent risk.
When properly deployed, accounting information systems can provide firms with a
competitive advantage.
Logs need to be analyzed regularly to detect problems in a timely manner.
An organization that sells digital products, such as access to view online videos, does
not need an inventory table in its database.
Auditors often use reperformance to test a company's internal control.
A 16 year old hacker was able to access the systems of U.S. Missile Command and
accidently launched a small nuclear missile, which fortunately, failed to detonate.
The choice of cardinalities is often arbitrary to reflect facts about the organization being
modeled and its business practices.
Employees who are transferred internally is often a more costly alternative because they
already will need to be trained.
Data dictionary can be used as part of the audit trail.
It is not as efficient to enter data on paper, then enter the data into the system compared
to requiring users to enter data directly into the system without using a paper source
document.
Standard XBRL taxonomies can cover most accounting situations.
Social engineering attacks often take place over the Internet.
Law enforcement uses key logging software, a form of malware, to detect crime.
Guidelines that an organization can follow to prevent behavioral problems when
implementing a system is often inexpensive and not as time-consuming as one may
have thought.
RFPs for exact hardware and software specifications have higher total costs and require
more time to prepare and evaluate.
Since most systems are moving away from using paper documents, form design is not
as an important consideration in system development.
Which of the following statements is false regarding the use of incentives, commissions
and bonuses in the payroll system?
A) Using incentives, commissions, and bonuses requires linking the payroll system and
the information systems of sales and other cycles in order to collect the data used to
calculate bonuses.
B) Bonus/incentive schemes must be properly designed with realistic, attainable goals
that can be objectively measured.
C) Incentive schemes can result in undesirable behavior.
D) Incentive schemes can create fraud.
A(n) ________ system prepares and mails monthly statements to customers throughout
the entire month, instead of just at the end of the month.
A) continuous
B) open-invoice
C) cycle billing
D) balance forward
This document appears to be a
A) Materials Requisition.
B) Production Order.
C) Bill of Materials.
D) Move Ticket between production and warehouse functions.
Pay rate information should be stored in
A) employees' personnel files.
B) employee subsidiary ledgers.
C) the payroll master file.
D) electronic time cards.
An organization that has an antiquated accounting information system has more
________ risk than an organization that has a more advanced system.
A) control
B) detection
C) inherent
D) investing
The Cape Fear Rocket Club heads out to the dunes of Cape Fear, Oregon every August
to pierce the sky with their fiery projectiles. An enterprising seller of t-shirts has
devised a series of designs that capture the spirit of the event in silk-screened splendor.
His employees can be found on many of the major intersections selling his products out
of the backs of pickup trucks. What is the best way for this business to ensure that sales
data entry is efficient and accurate?
A) well-designed paper forms
B) source data automation
C) turnaround documents
D) sequentially numbered forms
Sales order number is most likely to be a foreign key in which entity of an expanded
revenue cycle REA diagram?
A) Call on Customers.
B) Fill Customer Order.
C) Ship Order.
D) Take Customer Order.
Firms should consider developing custom software only if
A) it will be used for critical functions like accounts receivable.
B) it will contribute to development of a significant competitive advantage.
C) the firm has the necessary expertise available in-house.
D) the available canned software is very expensive.
An integrated REA diagram merges multiple copies of ________ and ________ entities
but retains multiple copies of ________ entities.
A) resource; event; agent
B) event; agent; resource
C) resource; agent; event
D) event; resource; agent
Which of the following is not a management characteristic that increases pressure to
commit fraudulent financial reporting?
A) Close relationship with the current audit engagement partner and manager
B) Pay for performance incentives based on short-term performance measures
C) High management and employee turnover
D) Highly optimistic earnings projections
When a computer criminal gains access to a system by searching through discarded
records, this is referred to as
A) data diddling.
B) dumpster diving.
C) eavesdropping.
D) data squatting.
The use of a data warehouse in strategic decision making is often referred to as
A) business intelligence.
B) managerial accounting.
C) data analysis.
D) analytical modeling.
A ________ shows how a project will be completed, including tasks and who will
perform them as well as a timeline and cost estimates.
A) performance evaluation
B) project development plan
C) steering committee
D) strategic master plan
Which of the following controls would be the least effective in preventing paying the
same invoice twice?
A) Only pay from original invoices.
B) Cancel each document in the voucher package once the check is prepared and
mailed.
C) Only pay vendor invoices that have been matched and reconciled to a purchase order
and a receiving report.
D) Allow only the accounts payable department to authorize payment for vendor
invoices and allow only the cash disbursements department to cut and mail checks to
vendors.
Compatibility tests utilize a(n) ________, which is a list of authorized users, programs,
and data files the users are authorized to access or manipulate.
A) validity test
B) biometric matrix
C) logical control matrix
D) access control matrix
Who should communicate frequently with users and hold regular meetings to consider
ideas and discuss progress so there are no surprises upon project completion?
A) Information systems steering committee.
B) Management.
C) Project development team.
D) Accountants.
An effective project development team consists of
A) systems analysts.
B) accountants.
C) users.
D) all of the above
According to the Trust Services Framework, the reliability principle of integrity is
achieved when the system produces data that
A) is available for operation and use at times set forth by agreement.
B) is protected against unauthorized physical and logical access.
C) can be maintained as required without affecting system availability, security, and
integrity.
D) is complete, accurate, and valid.
In the time-based model of information security, P represents
A) the time it takes to respond to and stop the attack.
B) the time it takes for the organization to detect that an attack is in progress.
C) the time it takes an attacker to break through the various controls that protect the
organization's information assets.
D) the time it takes to assess threats and select risk response.
Under CAN-SPAM legislation, an organization that receives an opt-out request from an
individual has ________ days to implement steps to ensure they do not send out any
additional unsolicited e-mail to the individual again.
A) 2
B) 5
C) 7
D) 10
One of the key objectives of segregating duties is to
A) ensure that no collusion will occur.
B) achieve an optimal division of labor for efficient operations.
C) make sure that different people handle different transactions.
D) make sure that different people handle different parts of the same transaction.
The Trust Services Framework reliability principle that states access to the system and
its data should be controlled and restricted to legitimate users is known as
A) availability.
B) security.
C) privacy.
D) integrity.
In preparing a DFD, when data are transformed through a process, the symbol used
should be
A) a circle.
B) an arrow.
C) a square.
D) two horizontal lines.
In the expenditure cycle, good control dictates that expenditures should be paid by
check. This may not be feasible when minor purchases are made. To facilitate quick
payment for minor purchases, a(n) ________ should be set up and maintained using
________.
A) special bank account; disbursement vouchers
B) imprest fund; vouchers
C) cash box; small denomination bills
D) petty cash fund; procurement cards
A chart of accounts is an example of (select all that apply)
A) sequence codes.
B) block codes.
C) group codes.
D) mnemonic codes.
The process of maintaining a table listing all established connections between the
organization's computers and the internet to determine whether an incoming packet is
part of an ongoing communication initiated by an internal computer is known as
A) packet filtering.
B) deep packet inspection.
C) access control list.
D) access control matrix
Which of the following would be true when implementing this REA diagram into a
relational database?
A) The primary key for Employee would be a foreign key for Cash Receipts.
B) The primary key for Cash Receipts would be a foreign key for Cash.
C) The primary key for Parts would be a foreign key for Service Request.
D) The primary key for Sales would be a foreign key for Service Request.
Identify the statement below that is false with regards to basic requirements of a
relational database model.
A) Primary keys can be null.
B) Foreign keys, if not null, must have values that correspond to the value of a primary
key in another table.
C) All non-key attributes in a table should describe a characteristic about the object
identified by the primary key.
D) Every column in a row must be single-valued.
In an REA diagram for the HR/Payroll cycle, the relationship between Employees and
Training is typically M:N for all except which of the following reasons?
A) One employee may attend the same training event more than once.
B) Each employee may attend more than one training event.
C) Each training event may have more than one employee attend.
D) One training event may be offered more than once.
An accounting information system (AIS) processes ________ to provide users with
________.
A) data; information
B) data; transactions
C) information; data
D) data; benefits
Identify the notation often used to represent cardinality information.
A) Dotted lines.
B) Greek characters.
C) Crow's feet.
D) Color coding.
Not all journal entries affect cash flow. Adjusting entries that reflect events that have
already occurred, but have no effect on cash, are classified as
A) accruals.
B) deferrals.
C) revaluations.
D) corrections.
Which of the following duties could be performed by the same individual and not
violate segregation of duty controls?
A) handling cash and posting to customer accounts
B) issuing credit memos and maintaining customer accounts
C) handling cash and authorizing credit memos
D) handling cash receipts and mailing vendor payments
Identify the false statement below.
A) Retail stores do not have a production cycle.
B) Financial institutions have installment-loan cycles.
C) Every organization should implement every transaction cycle module.
D) A service company does not have an inventory system.
Describe a system flowchart. Describe a program flowchart. How are the two
interrelated?
Describe the disadvantages of test data processing.
What is PLM and how management can use it to improve product design?
Discuss the revenue cycle threat of stockouts, carrying costs, and markdowns.
Explain how business process management, prototyping, agile development, and
computer-aided software engineering can help improve system development.
How can using RFID tags or bar codes on goods or products provide significant benefit
in the expenditure cycle?
What is the difference in logical view and physical view?
Discuss how cloud computing could both positively and negatively affect system
availability.
Describe the information that is contained in the data dictionary.
Describe the four main events of interest included in a typical production cycle REA
diagram.
Describe the rules that are necessary to correctly draw an integrated REA diagram.
Describe the four ways that management can use to respond to risk. Provide an example
for each of them.
Describe the concept of materiality and provide an example.
Describe the basic revenue cycle activities.
What are the actions recommended by the Treadway Commission to reduce the
possibility of fraudulent financial reporting?
Describe each of the four important principles underlying Business Process
Management (BPM).
Describe an REA data model.
Explain the differences between each type of audit risk.
Discuss the concept of a system and the issues of goal conflict and goal congruence.
