SMG AC 250 Midterm | Course Paper

Unlock access to all the studying documents.

View Full Document

The COSO enterprise risk management framework can be useful in:

A. Systems audits.

B. Investigative audits.

C. Both systems audits and investigative audits.

D. Neither systems audits nor investigative audits.

As the term is used in the Audit Clarity Project, “applicable financial reporting

framework” can mean: (i) IFRS, (ii) COSO, (iii) US GAAP.

A. I and II only

B. I and III only

C. II and III only

D. I, II and III

Which of the following demonstrates the least professional behavior based on Bell’s

characteristics?

A. Developing a presentation based on the characteristics of the audience

B. Correctly applying FASB standards for short-term investments

C. Completing continuing professional education courses

D. Ignoring principles from management and finance

Arrange the steps in the systems development life cycle in their usual order of

occurrence.A.TestB.Operations and maintenanceC.ImplementationD.DesignE.Build

F.Requirements analysis

G.Initiation/planning

MCL Corporation recently hired a consultant to design and implement a new

information system. The consultant was trying to decide whether to discard the old

system all at once and put the new system in its place, or to make the transition more

gradual. After making that choice, which of the following should the consultant do

based on the steps in the systems development life cycle?

A. Present MCL with an invoice.

B. Teach MCL employees how the system works.

C. Arrange for the system to be audited.

As an internal control for source documents, transaction limits are most likely to ___ an

error.

A. Prevent

B. Detect

C. Correct

D. Eliminate

An ASP specializes in software applications for government agencies. It is best

described as which type of ASP?

A. Enterprise

B. Vertical market

C. Volume business

D. Application

Common causes of ERP implementation failure include:

A. Poor leadership from top management.

B. Unrealistic expectations.

C. Both poor leadership from top management and unrealistic expectations.

D. Neither poor leadership from top management nor unrealistic expectations.

Carter suggested a four-part taxonomy for classifying computer crime; COBIT

identified a series of enablers to make the best possible use of information and

information technology vis–vis the needs of organizational stakeholders. Which of the

following pairs a COBIT enabler with an element of Carter’s taxonomy?

A. Information and target, because the “target” category focuses on system information.

B. Instrumentality and processes, because the “instrumentality” category always

involves at least two business processes.

C. Associated and principles/policies/frameworks, because the “associated” category

involves comprising organizational policies.

D. All of these are good pairings of COBIT enablers and Carter categories.

Modules in an ERP system that contain information about inventory include all the

following except:

A. Customer relationship management

B. Human resource management

C. Supply chain management

D. Financial management

Which of the following statements would you expect to read in a company memo

arguing against the use of the systems development life cycle as a form of internal

control?

A. The risks associated with the SDLC are unknown.

B. The SDLC does not help achieve all four objectives of internal control.

C. The SDLC is not recognized by COSO.

D. The SDLC has no relationship to internal control.

Booksellers of Bufluffia is a small, independent bookstore that both publishes and sells

very specialized titles. They currently have about 50 clients; they publish and sell 30

different books at present. The company’s management has asked you to create database

tables to support their operations. Which table(s) should be in third normal form?

A. The client table only

B. The books table only

C. Both the client table and the books table

D. Neither the client table nor the books table

As a form of internal control, an SSAE 16 audit is least likely to address which of the

following risks associated with ASPs?

A. Compromised data

B. Inability to pay monthly fees

C. Financial costs associated with setting up a computer network

D. Cost of purchasing software

The difference between “error” and “information manipulation” as business risks

associated with information technology is:

A. The person’s intent

B. The kind of information involved

C. The potential dollar amount of the loss

D. The classification on Carter’s taxonomy