MET MG 83582 | Course Paper

Unlock access to all the studying documents.

View Full Document

An integrated REA diagram merges multiple copies of some entities in order to

A) minimize the repetition of agent entities.

B) maximize the legibility of the diagram by avoiding the need to have relationship

lines cross one another.

C) keep the diagram less complex.

D) maintain a clear representation of the activities that are represented by the diagram.

Rebus Fashions provides haircuts to men and women. Rebus charges $10 per haircut,

no matter what type of haircut the customer selects. Rebus uses an REA database to

record information that is important to the firm. Rebus has an M:N table named

“Customer-Sale” where it keeps information about customer sales. Identify the attribute

below that most likely does not belong in the Customer-Sale table.

A) Date of sale.

B) Time hair cut was finished.

C) Price of haircut.

D) All of the above are appropriate attributes for the Customer table.

Significant system changes were implemented two months ago. The changes were

well-planned, well-designed, thoroughly tested before and after conversion, and several

employee training sessions were conducted. Still, the changes haven’t resulted in any

productivity increases, cost savings, or process improvements. Management is puzzled

and needs to find out why the system isn’t successful. The best action for management

to take is

A) conduct face-to-face interviews with managers, key personnel, and randomly

selected employees from each functional area impacted by the system changes in an

attempt to discover why the changes aren’t effective.

B) make sure the system changes were well documented and review the documentation

to see if perhaps some important feature or process was overlooked during the design

phase.

C) e-mail a series of questions to all employees, asking for input about further changes

that would bring about the desired results.

D) advise employees that consultants will be conducting observation sessions over the

next two weeks to determine if employees have fully implemented changes and whether

there is any evidence of resistance to the changes.

________ is the risk that exists before management takes any steps to mitigate it.

A) Inherent risk

B) Residual risk

C) Risk appetite

D) Risk assessment

At a minimum, a switch to IFRS from GAAP will affect companies’ accounting

information system by

A) requiring companies to increase the processing power of their existing accounting

information systems.

B) requiring IT departments to hire programmers that are fluent in languages besides

English.

C) requiring the creation of additional fields in research and development (R&D)

records to capture information about the stage of research and development that costs

are incurred in.

D) requiring firms to completely redesign their existing accounting information systems

because current systems are not compatible with IFRS accounting principles.

What is used as the basis for management to make a “go/no go” decision regarding

whether to proceed from the physical design phase to the implementation and

conversion phase of the systems development life cycle?

A) Conceptual system design report.

B) Physical systems design report.

C) Systems design report.

D) Implementation planning design report.

If the time an attacker takes to break through the organization’s preventive controls is

greater than the sum of the time required to detect the attack and the time required to

respond to the attack, then security is

A) effective.

B) ineffective.

C) overdone.

D) undermanaged.

Many companies offer their employees a “cafeteria” approach to voluntary benefits in

which employees can pick and choose the benefits they want. This plan is normally

called a(n)

A) elective plan.

B) menu options benefit plan.

C) flexible benefit plan.

D) buffet plan.

The ________ disseminates information about fraud, errors, breaches and other

improper system uses and their consequences.

A) chief information officer

B) chief operations officer

C) chief security officer

D) computer emergency response team

In a revenue cycle with proper controls, the ________ who reports to the ________, is

not involved in any cash handling activities.

A) accounts receivable clerk; treasurer

B) accounts receivable clerk; controller

C) cashier; controller

D) cashier; treasurer

Which of the following is not one of the ways data may need to be modified during data

conversion?

A) Resolve data inconsistencies.

B) Validate new files.

C) Identify files to be converted.

D) Remove unnecessary fields from data files.

Which of the following is not one of the six objectives of an information systems audit?

A) Security provisions exist to protect data from unauthorized access, modification, or

destruction.

B) Obtaining evidence to provide reasonable assurance the financial statements are not

materially misstated

C) Programs have been developed and acquired in accordance with management’s

authorization.

D) Program modifications have received management’s authorization and approval.

Key differences exist when an integrated Enterprise Resource Planning system (ERP)

replaces an existing AIS or legacy system. For example, ________ are more accurate

and timely, enabling sales order entry staff to provide customers more accurate

information about delivery dates.

A) inventory records

B) cash receipts

C) credit approval decisions

D) exception reports

All of the elements of the system come together in which step of the systems

development life cycle?

A) Conceptual design.

B) Implementation and conversion.

C) Physical design.

D) Systems analysis.

A separate network located outside the organization’s internal information system that

permits controlled access from the Internet to selected resources is known as a(n)

A) demilitarized zone.

B) intrusion detection system.

C) intrusion prevention system.

D) firewall.

The first step of the risk assessment process is generally to

A) identify controls to reduce all risk to zero.

B) estimate the exposure from negative events.

C) identify the threats that the company currently faces.

D) estimate the risk probability of negative events occurring.

Which type of information below should not be maintained by the AIS in accounting

for fixed assets?

A) Identification/serial number .

B) Cost.

C) Improvements.

D) Market value.

Which of the following is an example of a turnaround document?

A) A receipt a customer must use to return the goods purchased.

B) A telephone bill the customer must return with payment.

C) A paycheck stub that must be used in the employee’s tax return.

D) A customer loyalty card used every time a customer purchases goods or services.

A system that employs various types of advanced technology has more ________ risk

than traditional batch processing.

A) control

B) detection

C) inherent

D) investing

Which of the following is not an appropriate for task end users to perform?

A) Performing statistical analyses.

B) Preparing schedules and lists.

C) Retrieving information from databases.

D) Updating database records.

Ngai Nhung is the sales manager at Hung Technologies. At lunch with the company

CEO, Ngai complained that a recent shipment from a vendor had been unsatisfactory

and was returned. As a result, Hung’s purchasing manager needed to send a ________

to the supplier.

A) debit memo

B) purchase order

C) blanket purchase order

D) receiving report

The fraud that requires the least computer knowledge or skill involves

A) altering or falsifying source data.

B) unauthorized use of computers.

C) tampering with or copying software.

D) forging documents like paychecks.

From the choices below, identify the attribute below that would make the best primary

key.

A) Last name.

B) Date of entry.

C) Airport code.

D) Passport control number.

The examination of the relationships between different sets of data is called

A) top-level reviews.

B) analytical reviews.

C) reconciliation of independently maintained records.

D) comparison of actual quantities with recorded amounts.

Which of the following is not one of the rules in creating an REA data model?

A) Each event is linked to at least one resource that it affects.

B) Each event is linked to at least one other event.

C) Each event is linked to at least two participating agents.

D) All of the above are important rules.

During the sales order entry process, a ________ is performed to verify that each

transaction record contains all appropriate data items.

A) completeness test

B) redundant data check

C) field check

D) reasonableness test

What control procedure(s) should be used to reduce the risk of unauthorized disclosure

of the financial statements?

A) Multifactor authentication.

B) Physical security.

C) Encryption.

D) All of the above.

Identify one weakness of encryption below.

A) Encrypted packets cannot be examined by a firewall.

B) Encryption provides for both authentication and non-repudiation.

C) Encryption protects the privacy of information during transmission.

D) Encryption protects the confidentiality of information while in storage.

Attributes other than the primary key are

A) included to satisfy transaction processing requirements.

B) included to meet management’s information needs.

C) both A and B

D) none of the above

Of the following examples of fraud, which will be the most difficult to prevent and

detect? Assume the company enforces adequate segregation of duties.

A) A mail room employee steals a check received from a customer and destroys the

documentation.

B) The accounts receivable clerk does not record sales invoices for friends or family, so

they can receive free goods.

C) An employee puts inventory behind the dumpster while unloading a vendor’s

delivery truck, then picks up the inventory later in the day and puts it in her car.

D) A credit manager issues credit cards to himself and a staff accountant in the

accounting office, and when the credit card balances are just under $1,000, the staff

accountant writes off the accounts as bad debt. The credit manager then issues new

cards.

Using an REA database design, which is the most likely primary key for the Pay for

Goods table?

A) Cash transaction number.

B) Check number.

C) Invoice number.

D) Receiving report number.

Identify the activity below that the external auditor should not be involved.

A) Examining system access logs.

B) Developing the information system.

C) Examining logical access policies and procedures.

D) Making recommendations to management for improvement of existing internal

controls.

Which of the following controls can minimize the threat of loss or destruction of data?

A) Training and experience in applying IFRS and XBRL.

B) Responsibility accounting.

C) Backup and disaster recovery procedures.

D) Restriction of access to general ledger.

Describe the three steps to the implementation of an REA diagram in a relational

database.

What are some of the distinguishing characteristics of fraud perpetrators?

Identify and briefly discuss the points at which a “go/no go” decision is made in the

systems analysis process.

A client approached Paxton Uffe and said, “Paxton, I need for my customers to make

payments online using credit cards, but I want to make sure that the credit card data isn’t

intercepted. What do you suggest?” Paxton responded, “The most effective solution is

to implement .

How can an AIS add value to the organization?

What is social engineering? Provide an example.

Describe the possible relationships between entities, in terms of cardinalities.

Discuss the various types of feasibility analysis, and calculate economic feasibility

using capital budgeting techniques.

Audit tests and procedures traditionally have been performed on a sample basis. Do

options exist for auditors to test significantly more (or all) transactions?

Describe the three principles that apply to the information and communication process.

When doing an information systems audit, auditors must review and evaluate the

program development process. What errors or fraud could occur during the program

development process?

Describe the preventive, detective, and corrective controls that can be used to protect an

organization’’s information.

What role does the AIS play in the production cycle?

Explain why the auditor’s role in program development and acquisition should be

limited.

Explain specifically what is meant by the following statement: “Accountants can and

should participate in all stages of the database design process.”

Explain how virtualization, cloud computing, and the Internet of Things affect

information security.