CIS 77069 | Course Paper

Unlock access to all the studying documents.

View Full Document

The word “integrated” in the term “integrated accounting software” means:

a) The software is color blind

b) The software can interface with non-accounting software such as spreadsheets.

c) The software combines several accounting functions in one package.

d) all of these are terms of integrated accounting software

Answer:

Which of the following is not an objective of the purchasing process?

a) Inventory control

b) Fastest possible processing of payments to vendors

c) Maintaining vendor records

d) Forecasting cash outflows

Answer:

Which of the following is an objective of the purchasing process?

a) Collecting information for the financial statements

b) Making timely and accurate vendor payments

c) Forecasting cash requirements

d) Tracking bills of lading

Answer:

Which of the following does not destroy data but merely replicates itself repeatedly

until the user runs out of internal memory or disk space?

a) Computer virus

b) Worm program

c) Java applet

d) Salami technique

Answer:

Which of these is correct about the terms “e-business” and “e-commerce.”

a) They are exact synonyms

b) They are exact opposites

c) e-business is a subset of e-commerce

d) e-commerce is a subset of e-business

Answer:

Which of the following statements is true regarding timely performance reports?

a) In many companies, these reports are the major means of providing information to

management concerning the actual operations of the companies’ internal control

systems

b) These reports should only include monetary data

c) Since these reports fail to provide feedback to management on the operations of

previously implemented internal control procedures, other techniques are needed to

provide this feedback to managers

d) The complexity that a computer introduces into a company’s information system will

typically prevent the preparation of timely performance reports for the company’s

management

Answer:

Which of these is not a stage in the systems development life cycle?

a) Planning and investigation

b) Analysis

c) Design and acquisition

d) Implementation, followup, and maintenance

e) All of these are stages in the systems development life cycle

Answer:

The operator, in mounting the magnetic tape containing the cash receipts for the

processing run to update accounts receivable, mounted the receipts tape from the

preceding rather than the current day. The error was not detected until after the

processing run was completed. The best control procedure would be a:

a) Header label check

b) Trailer label check

c) Parity check

d) Hash total check

Answer:

For the following terms find the correct definition below and place the letter of that

response in the blank space next to the term. Each definition is used only once there are

two terms that are not used.

1) ______ ideal control

2) ______ scenario planning

3) ______ COBIT

4) ______ detective controls

5) ______ SOX, Section 404

6) ______ control activities

7) ______ fidelity bond

8) ______ risk matrix

9) ______ preventive controls

10) ______ Val IT

11) ______ control environment

12) ______ separation of duties

13) ______ corporate governance

14) ______ internal control

15) ______ corrective controls

Definitions:

A. Managing an organization in a fair, transparent and accountable manner to protect

the interests of all the stakeholder groups

B. A framework for IT governance

C. The purpose of this control is to reduce the risk of loss caused by employee theft

D. The policies, plans, and procedures management uses to protect company assets

E. Software that interfaces with suppliers and customers

F. A control procedure that reduces to practically zero the risk of an undetected error or

irregularity

G. A process whereby management identifies possible events that represent a problem

to the firm and then identifies appropriate responses to those problems

H. Establishes the tone of a company and influences the control awareness of the

company’s employees

I. An example of this control is to assign these three functions to different employees:

authorizing transactions, recording transactions, and maintaining custody of assets

J. An example of this type of control is a firewall to prevent unauthorized access to the

company’s network

K. An example of this type of control is a change to the company’s procedures for

creating backup copies of important business files

L. When companies have production or work completed in countries like India, China,

Canada, Mexico, or Malaysia

M. Examples of this type of control are: log monitoring and review, system audits, file

integrity checkers, and motion detection

N. The purpose of this procedure is to classify each potential risk by mitigation cost and

also by likelihood of occurrence

O. The purpose of this framework is to achieve effective governance of IT

P. Reaffirms that management is responsible for an adequate internal control structure

Q. Includes a combination of manual and automated controls such as approvals,

authorizations, verifications, reconciliations, reviews of operating performance, and

segregation of duties

Answer:

For the following terms find the correct definition below and place the letter of that

response in the blank space next to the term. Each definition is used only once there are

two terms that are not used.

1) ______ Input-processing-output

2) ______ POS system

3) ______ data transcription

4) ______ MICR coding

5) ______ biometric verification

6) ______ legacy system

7) ______ gigabyte

8) ______ terabyte

9) ______ worm

10) ______ RFID

Definitions:

A. Automated data recording for input

B. Potential bottleneck for processing accounting data

C. An older AIS, typically using a mainframe computer

D. 1 billion bytes

E. The data processing cycle for processing most accounting transactions

F. A type of CD encoding

G. 1 trillion bytes

H. Threshold hamming distance

I. Data communications using radio waves

J. Used by banks for automated data input

K. 1 thousand bytes

L. 1 million bytes

Answer:

Which of the following is not a characteristic associated with professional service

organizations?

a) Lack of a profit motive

b) Absence of inventories

c) Importance of human resources

d) Difficulty in measuring the quantity and quality of output

Answer:

Decision trees normally flow from:

a) Top to bottom

b) Left to right

c) Right to left

d) Inside outwards

Answer:

Regarding COBIT, which of the statements is true?

a) COBIT means Cost Objectives for Information and Related Technology

b) COBIT rejects the definition of internal control from the COSO report

c) COBIT states that a company’s management should play a minor role in establishing

an internal control system

d) COBIT classifies people as one of the primary resources managed by various IT

processes

Answer:

Suppose a company established training programs that teach employees to perform their

job functions more efficiently and effectively. This is an example of which type of

control?

a) Detective

b) Preventive

c) Corrective

d) none of the above

Answer:

Which of these is not an example of a control break?

a) Changing a name of a client

b) Change in department in an employee listing

c) Change in service classification in a phone book listing

d) Change in zip code in an address listing

e) none of these

Answer:

When erroneous data are detected by computer program controls, such data may be

excluded from processing and printed on an error report. The error report should most

probably be reviewed and followed up by the:

a) Supervisor of computer operations

b) Systems analyst

c) Data control group

d) Computer programmer

Answer:

In entering the billing address for a new client in Emil Company’s computerized

database, a clerk erroneously entered a nonexistent zip code. As a result, the first

month’s bill mailed to the new client was returned to Emil Company. Which one of the

following would mostlikely have led to discovery of the error at the time of entry into

Emil Company’s computerized database?

a) Limit test

b) Validity test

c) Parity test

d) Record count test

Answer:

Database management systems are important to accountants because:

a) They automate file storage tasks and enable managers to generate worthwhile

financial reports

b) They eliminate data redundancy

c) They are unique data structures which accountants have never used before

d) They are easy to develop and therefore save money

e) They are energy efficient

Answer:

The 1992 COSO report identifies five components for an effective internal control

system. Which of those five includes the methods used to record, process, summarize,

and report a company’s transactions?

a) Control procedures

b) Control environment

c) Control activities

d) Information and communication

Answer:

Which of the following is not a control to ensure the physical safety of a company’s

data processing center?

a) Strategic placement of the computer center

b) The use of password codes

c) The use of identification badges

d) all of the above are computer facility controls

Answer:

Which of the following is not true regarding selecting a new AIS?

a) It is usually cheaper to build a new AIS software program than to purchase it

b) It is much easier today to learn about software options because of the Internet

c) It is always a good idea to get expert help in choosing an ERP system

d) Middle-range and high-end AIS software are not available in shopping malls

Answer:

The term “enrollment” is most closely associated with which of the following?

a) ABA system

b) Biometric system

c) POS system

d) Joystick

e) PDA

Answer:

Information technology governance:

a) Is a component of IT auditing

b) Has one objective to ensure that IT is used strategically to fulfill an organization’s

mission

c) Is intended to ensure both the strategic use of IT and control over IT resources

d) Is primarily intended to deter IT fraud

Answer:

Which of these would be an example of a “resource” in the REA framework?

a) Equipment

b) Inventory

c) Cash

d) all of these are possible examples of resources

Answer:

For the following terms find the correct definition below and place the letter of that

response in the blank space next to the term. Each definition is used only once there are

two terms that are not used.

1) _______ CFE

2) ______ SAR

3) ______ CISA

4) ______ ERP

5) ______ XBRL

6) _______ ISACA

7) _______ IT

8) _______ REA

9) _______ KPI

10) _______ VAR

Definitions:

A. A professional auditing organization

B. A special type of systems consultant who is licensed to sell particular software

packages and provide organizations with consulting services related to that software

C. An enterprise-wide accounting system

D. Federally-mandated reporting of suspicious accounting activities

E. An important database design approach

F. Key productivity report

G. A language for creating, transforming, and communicating financial information

H. An auditing certification

I. An acronym often used to describe the computer department of an organization

J. A type of knowledge worker

K. A certification that requires individuals to meet certain qualification set by the

Association of Certified Fraud Examiners

L. An important performance indicator

Answer:

Most system flowcharting symbols:

a) Have not been standardized

b) Have been standardized by the Society of System Analysts

c) Have been standardized by the National Bureau of Standards

d) Are unique to the organization that uses them

Answer:

A POS device is usually attached to a:

a) Printer

b) Bank check

c) Cash register

d) Keyboard

e) Computer mouse

Answer:

The TRW Credit Data Case is an example of:

a) The round-off trick

b) An outsider ripping off a corporate computer

c) Valuable information computer crime

d) none of the above

Answer:

Which of these is not commonly used for biometric identification?

a) Fingerprints

b) Breath sampling

c) Retinal scans

d) Iris scans

Answer:

The term “EDRM” is mostly-closely associated with:

a) Records management

b) Points-of-sale processing

c) Banking

d) Electronic data recording and merchandising

Answer:

Enterprise controls:

a) Are controls in Enterprise Resource Planning Systems

b) Are controls required by the AICPA

c) Affect only application controls

d) Affect many general and application controls

Answer:

For the following terms find the correct definition below and place the letter of that

response in the blank space next to the term. Each definition is used only once.

1)______ automated workpaper software

2)______ Certified Information Systems Auditor (CISA)

3)______ computer-assisted audit techniques (CAATs)

4)______ continuous auditing

5)______ COBIT

6)______ fraud triangle

7)______ generalized audit software

8)______ general-use softwareSQL

9)______ information technology (IT) auditing

10)______ information systems risk assessment

11)______ integrated test facility

12)______ IT governance

13)______ parallel simulation

14)______ penetration testing

15)______ program change control

16)______ Sarbanes-Oxley Act

17)______ third party assurance services

Definitions:

A. Involves evaluating the computer’s role in achieving audit and control objectives

B. The use of computer processes or controls to perform audit functions, such as sorting

data to detect duplicate accounts payable invoice numbers

C. A certification given by the Information Systems Audit and Control Association

D. Method by which an auditor can evaluate the desirability of IT-related controls for a

particular aspect of business risk

E. To evaluate risk and design controls to protect against unauthorized access

F. Provides auditors and businesses with guidance in managing and controlling for

business risk associated with IT environments

G. A language that auditors use to retrieve a client’s data and display these data in a

variety of formats for audit purposesA productivity tool used by auditors to improve

their work

H. These programs enable auditors to review computer files without continually

rewriting processing programs

I. These programs can help auditors create common-size income statements and balance

sheets that show account balances as percentages

J. A more comprehensive test technique that is used to audit an AIS in an operational

setting

K. The auditor uses live input data, rather than test data, in a program actually written or

controlled by the auditor

L. A set of internal control procedures developed to protect against unauthorized

program changes

M. XBRL can support this concept

N. The process of using IT resources effectively to meet organizational objectives

O. Usually refers to motive, opportunity, and rationalization of inappropriate behavior

in organizations

P. An important feature of this legislation is commonly referred to as Section 404

Reviews

Q. Specialized audits of Internet systems and Web sites

Answer:

One problem with internal auditing is that it is akin to self-regulation (i.e., the auditor

cannot be impartial because both the auditor and the subsystem being audited work for

the same company).

Answer:

One of the techniques for controlling batch processing is the use of hash totals.

Answer:

The changes that a user makes to the data in a form at run time do not alter the data in

the underlying database table.

Answer:

It is relatively easy to determine the acquisition costs of an ERP system.

Answer:

The domain address of a web page is the equivalent of its universal resource locator

(URL).

Answer:

Another name for a URL is the term “domain address.”

Answer:

The purpose of PERT is to coordinate the activities in a project, such as a systems

implementation project.

Answer:

Watching for tell-tale signs may help detect computer crime.

Answer:

Microsoft Access can create a well-functioning database for you using Wizards, and

there is no need to understand database design or normalization.

Answer:

Name several conditions when prototyping a system is useful.

Answer:

The production process begins with a request for raw materials and ends with the

transfer of finished goods to warehouses.

Answer:

An example of an input mask for an Access data field is “000\-00\-0000.”

Answer:

An ABC inventory system refers to an “activity-based costing” system.

Answer:

Database security is no longer important because DBMSs are already so safe.

Answer:

What do the acronyms COSO and COBIT stand for?

Answer:

Input controls attempt to assure the accuracy and completeness of the data fed into the

CPU for processing.

Answer:

Databasescannot store more than one value in the same data field of the same record.

Answer:

A computer mouse is an example of an input device.

Answer:

Equipment that gathers accounting data at the point at which a sale is made are

sometimes called POS devices.

Answer: