Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
An integrated REA diagram merges multiple copies of some entities in order to
A) minimize the repetition of agent entities.
B) maximize the legibility of the diagram by avoiding the need to have relationship
lines cross one another.
C) keep the diagram less complex.
D) maintain a clear representation of the activities that are represented by the diagram.
Rebus Fashions provides haircuts to men and women. Rebus charges $10 per haircut,
no matter what type of haircut the customer selects. Rebus uses an REA database to
record information that is important to the firm. Rebus has an M:N table named
"Customer-Sale" where it keeps information about customer sales. Identify the attribute
below that most likely does not belong in the Customer-Sale table.
A) Date of sale.
B) Time hair cut was finished.
C) Price of haircut.
D) All of the above are appropriate attributes for the Customer table.
Significant system changes were implemented two months ago. The changes were
well-planned, well-designed, thoroughly tested before and after conversion, and several
employee training sessions were conducted. Still, the changes haven't resulted in any
productivity increases, cost savings, or process improvements. Management is puzzled
and needs to find out why the system isn't successful. The best action for management
to take is
A) conduct face-to-face interviews with managers, key personnel, and randomly
selected employees from each functional area impacted by the system changes in an
attempt to discover why the changes aren't effective.
B) make sure the system changes were well documented and review the documentation
to see if perhaps some important feature or process was overlooked during the design
phase.
C) e-mail a series of questions to all employees, asking for input about further changes
that would bring about the desired results.
D) advise employees that consultants will be conducting observation sessions over the
next two weeks to determine if employees have fully implemented changes and whether
there is any evidence of resistance to the changes.
________ is the risk that exists before management takes any steps to mitigate it.
A) Inherent risk
B) Residual risk
C) Risk appetite
D) Risk assessment
At a minimum, a switch to IFRS from GAAP will affect companies' accounting
information system by
A) requiring companies to increase the processing power of their existing accounting
information systems.
B) requiring IT departments to hire programmers that are fluent in languages besides
English.
C) requiring the creation of additional fields in research and development (R&D)
records to capture information about the stage of research and development that costs
are incurred in.
D) requiring firms to completely redesign their existing accounting information systems
because current systems are not compatible with IFRS accounting principles.
What is used as the basis for management to make a "go/no go" decision regarding
whether to proceed from the physical design phase to the implementation and
conversion phase of the systems development life cycle?
A) Conceptual system design report.
B) Physical systems design report.
C) Systems design report.
D) Implementation planning design report.
If the time an attacker takes to break through the organization's preventive controls is
greater than the sum of the time required to detect the attack and the time required to
respond to the attack, then security is
A) effective.
B) ineffective.
C) overdone.
D) undermanaged.
Many companies offer their employees a "cafeteria" approach to voluntary benefits in
which employees can pick and choose the benefits they want. This plan is normally
called a(n)
A) elective plan.
B) menu options benefit plan.
C) flexible benefit plan.
D) buffet plan.
The ________ disseminates information about fraud, errors, breaches and other
improper system uses and their consequences.
A) chief information officer
B) chief operations officer
C) chief security officer
D) computer emergency response team
In a revenue cycle with proper controls, the ________ who reports to the ________, is
not involved in any cash handling activities.
A) accounts receivable clerk; treasurer
B) accounts receivable clerk; controller
C) cashier; controller
D) cashier; treasurer
Which of the following is not one of the ways data may need to be modified during data
conversion?
A) Resolve data inconsistencies.
B) Validate new files.
C) Identify files to be converted.
D) Remove unnecessary fields from data files.
Which of the following is not one of the six objectives of an information systems audit?
A) Security provisions exist to protect data from unauthorized access, modification, or
destruction.
B) Obtaining evidence to provide reasonable assurance the financial statements are not
materially misstated
C) Programs have been developed and acquired in accordance with management's
authorization.
D) Program modifications have received management's authorization and approval.
Key differences exist when an integrated Enterprise Resource Planning system (ERP)
replaces an existing AIS or legacy system. For example, ________ are more accurate
and timely, enabling sales order entry staff to provide customers more accurate
information about delivery dates.
A) inventory records
B) cash receipts
C) credit approval decisions
D) exception reports
All of the elements of the system come together in which step of the systems
development life cycle?
A) Conceptual design.
B) Implementation and conversion.
C) Physical design.
D) Systems analysis.
A separate network located outside the organization's internal information system that
permits controlled access from the Internet to selected resources is known as a(n)
A) demilitarized zone.
B) intrusion detection system.
C) intrusion prevention system.
D) firewall.
The first step of the risk assessment process is generally to
A) identify controls to reduce all risk to zero.
B) estimate the exposure from negative events.
C) identify the threats that the company currently faces.
D) estimate the risk probability of negative events occurring.
Which type of information below should not be maintained by the AIS in accounting
for fixed assets?
A) Identification/serial number .
B) Cost.
C) Improvements.
D) Market value.
Which of the following is an example of a turnaround document?
A) A receipt a customer must use to return the goods purchased.
B) A telephone bill the customer must return with payment.
C) A paycheck stub that must be used in the employee's tax return.
D) A customer loyalty card used every time a customer purchases goods or services.
A system that employs various types of advanced technology has more ________ risk
than traditional batch processing.
A) control
B) detection
C) inherent
D) investing
Which of the following is not an appropriate for task end users to perform?
A) Performing statistical analyses.
B) Preparing schedules and lists.
C) Retrieving information from databases.
D) Updating database records.
Ngai Nhung is the sales manager at Hung Technologies. At lunch with the company
CEO, Ngai complained that a recent shipment from a vendor had been unsatisfactory
and was returned. As a result, Hung's purchasing manager needed to send a ________
to the supplier.
A) debit memo
B) purchase order
C) blanket purchase order
D) receiving report
The fraud that requires the least computer knowledge or skill involves
A) altering or falsifying source data.
B) unauthorized use of computers.
C) tampering with or copying software.
D) forging documents like paychecks.
From the choices below, identify the attribute below that would make the best primary
key.
A) Last name.
B) Date of entry.
C) Airport code.
D) Passport control number.
The examination of the relationships between different sets of data is called
A) top-level reviews.
B) analytical reviews.
C) reconciliation of independently maintained records.
D) comparison of actual quantities with recorded amounts.
Which of the following is not one of the rules in creating an REA data model?
A) Each event is linked to at least one resource that it affects.
B) Each event is linked to at least one other event.
C) Each event is linked to at least two participating agents.
D) All of the above are important rules.
During the sales order entry process, a ________ is performed to verify that each
transaction record contains all appropriate data items.
A) completeness test
B) redundant data check
C) field check
D) reasonableness test
What control procedure(s) should be used to reduce the risk of unauthorized disclosure
of the financial statements?
A) Multifactor authentication.
B) Physical security.
C) Encryption.
D) All of the above.
Identify one weakness of encryption below.
A) Encrypted packets cannot be examined by a firewall.
B) Encryption provides for both authentication and non-repudiation.
C) Encryption protects the privacy of information during transmission.
D) Encryption protects the confidentiality of information while in storage.
Attributes other than the primary key are
A) included to satisfy transaction processing requirements.
B) included to meet management's information needs.
C) both A and B
D) none of the above
Of the following examples of fraud, which will be the most difficult to prevent and
detect? Assume the company enforces adequate segregation of duties.
A) A mail room employee steals a check received from a customer and destroys the
documentation.
B) The accounts receivable clerk does not record sales invoices for friends or family, so
they can receive free goods.
C) An employee puts inventory behind the dumpster while unloading a vendor's
delivery truck, then picks up the inventory later in the day and puts it in her car.
D) A credit manager issues credit cards to himself and a staff accountant in the
accounting office, and when the credit card balances are just under $1,000, the staff
accountant writes off the accounts as bad debt. The credit manager then issues new
cards.
Using an REA database design, which is the most likely primary key for the Pay for
Goods table?
A) Cash transaction number.
B) Check number.
C) Invoice number.
D) Receiving report number.
Identify the activity below that the external auditor should not be involved.
A) Examining system access logs.
B) Developing the information system.
C) Examining logical access policies and procedures.
D) Making recommendations to management for improvement of existing internal
controls.
Which of the following controls can minimize the threat of loss or destruction of data?
A) Training and experience in applying IFRS and XBRL.
B) Responsibility accounting.
C) Backup and disaster recovery procedures.
D) Restriction of access to general ledger.
Describe the three steps to the implementation of an REA diagram in a relational
database.
What are some of the distinguishing characteristics of fraud perpetrators?
Identify and briefly discuss the points at which a "go/no go" decision is made in the
systems analysis process.
A client approached Paxton Uffe and said, "Paxton, I need for my customers to make
payments online using credit cards, but I want to make sure that the credit card data isn't
intercepted. What do you suggest?" Paxton responded, "The most effective solution is
to implement .
How can an AIS add value to the organization?
What is social engineering? Provide an example.
Describe the possible relationships between entities, in terms of cardinalities.
Discuss the various types of feasibility analysis, and calculate economic feasibility
using capital budgeting techniques.
Audit tests and procedures traditionally have been performed on a sample basis. Do
options exist for auditors to test significantly more (or all) transactions?
Describe the three principles that apply to the information and communication process.
When doing an information systems audit, auditors must review and evaluate the
program development process. What errors or fraud could occur during the program
development process?
Describe the preventive, detective, and corrective controls that can be used to protect an
organization’’s information.
What role does the AIS play in the production cycle?
Explain why the auditor's role in program development and acquisition should be
limited.
Explain specifically what is meant by the following statement: "Accountants can and
should participate in all stages of the database design process."
Explain how virtualization, cloud computing, and the Internet of Things affect
information security.
