Question 1
The transaction cycle that includes the events of hiring employees and paying them is known as the
revenue cycle.
expenditure cycle.
human resources cycle.
financing cycle.
Question 2
Data must be converted into information to be considered useful and meaningful for decision-making. There are six characteristics that make information both useful and meaningful. If information is free from error or bias and accurately represents the events or activities of the organization, it is representative of the characteristic of
relevancy.
timeliness.
understandability.
reliability.
Question 3
The primary objective of accounting is to
implement strong internal controls.
provide useful information to decision makers.
prepare financial statements.
ensure the profitability of an organization
Question 4
The business owners obtain financing from outside investors, which results in an inflow of cash into the company. This transaction is considered to be part of which cycle?
the revenue cycle
the payroll cycle
the production cycle
the financing cycle
Question 5
Information that is free from error or bias and accurately represents the events or activities of the organization is
relevant.
reliable.
verifiable.
timely
Question 6
Hector Sanchez works in the accounting department of a multinational manufacturing company. His job includes updating accounts receivable based on sales orders and remittance advices. His responsibilities are part of the company’s
revenue cycle.
expenditure cycle.
financing cycle.
production cycle
Question 7
An audit trail
provides the means to check the accuracy and validity of ledger postings.
begins with the general journal.
is automatically created in every computer-based information system.
is a summary of recorded transactions
Question 8
What usually initiates data input into a system?
The transaction system automatically checks each hour to see if any new data is available for input and processing.
The performance of some business activity generally serves as the trigger for data input.
A general ledger program is queried to produce a trial balance at the end of an accounting period.
Data is only input when a source document is submitted to the accounting department
Question 9
The general ledger account that corresponds to a subsidiary ledger account is known as a
dependent account.
attribute account.
entity account.
control account.
Question 10
The efficiency of recording numerous business transactions can be best improved by the use of
prenumbered source documents.
specialized journals.
posting references.
subsidiary ledgers
Question 11
Chas Mulligan has been hired by Yardley Security as an assistant to the internal auditor. He has been asked to document the existing accounting information system, and focus on the activities and flow of data between activities. He decides to begin with a summary description of the sources and uses of data in the organization and how they are processed by the system. The documentation tool that he should employ for this purpose is a
data flow diagram.
document flowchart.
system flowchart.
program flowchart.
Question 12
In general, a data destination will be shown by
an arrow pointing away.
an arrow pointing in.
arrows pointing both ways.
no arrows, only two horizontal lines.
Question 13
A data flow diagram
is a graphical description of the source and destination of data that shows how data flow within an organization.
is a graphical description of the flow of documents and information between departments or areas of responsibility.
is a graphical description of the relationship among the input, processing, and output in an information system.
is a graphical description of the sequence of logical operations that a computer performs as it executes a program
Question 14
A flowchart that depicts the relationships among the input, processing, and output of an AIS is
an internal control flowchart.
a document flowchart.
a system flowchart.
a program flowchart.
Question 15
Chuck and Jill Scruggs travel in their motor home six months of the year and buy unique artifacts. Within hours after the Scruggs make a purchase, they have photographed it, written a description of it, and posted it for sale on eBay with a reservation price. Anything that does not sell within a week is shipped back to Austin, Texas, for display in The House of Curiosities, a retail business that the Scruggs operate during the balance of the year. Which symbol should be used to represent the transfer of data to eBay in a context diagram of this process?
A) rectangle
B) circle
C) arrow up and right
D) parallel horizontal lines
Question 16
The ________ handles the link between the way data are physically stored and each user’s logical view of that data.
data warehouse
data dictionary
database management (DBMS) software
schema
Question 17
The logical structure of a database is described by the
data dictionary.
schema.
database management system.
internal level.
Question 18
The database requirement that foreign keys must be null or have a value corresponding to the value of a primary key in another table is formally called the
entity integrity rule.
referential integrity rule.
rule of keys.
foreign key rule
Question 19
A set of individual user views of the database is called the
conceptual-level schema.
internal-level schema.
external-level schema.
meta-schema.
Question 20
Inability to add new data to a database without violating the basic integrity of the database is referred to as the
update anomaly.
insert anomaly.
integrity anomaly.
delete anomaly.
Question 21
The US Justice Department defines computer fraud as
any crime in which a computer is used.
an illegal act in which knowledge of computer technology is essential.
any act in which cash is stolen using a computer.
an illegal act in which a computer is an integral part of the crime
Question 22
Which of the following is the greatest risk to information systems and causes the greatest dollar losses?
human errors and omissions
physical threats such as natural disasters
dishonest employees
fraud and embezzlement
Question 23
The most efficient way to conceal asset misappropriation is to
write-off a customer receivable as bad debt.
alter monthly bank statements before reconciliation.
alter monthly physical inventory counts to reconcile to perpetual inventory records.
record phony payments to vendors.
Question 24
Most fraud perpetrators are insiders because
insiders are more dishonest than outsiders.
insiders know more about the system and its weaknesses than outsiders.
outsiders are more likely to get caught than insiders.
insiders have more need for money than outsiders
Question 25
The simplest and most common way to commit a computer fraud is to
alter computer input.
alter computer output.
modify the processing.
corrupt the database
Question 26
Telefarm Industries is a telemarketing firm that operates in the Midwest. The turnover rate among employees is quite high. Recently, the information technology manager discovered that an unknown employee had used a Bluetooth-enabled mobile phone to access the firm’s database and copy a list of customers from the past three years that included credit card information. Telefarm was a victim of
Bluesnarfing.
splogging.
vishing.
typosquatting.
Question 27
Illegally obtaining and using confidential information about a person for economic gain is known as
eavesdropping.
identity theft.
packet sniffing.
piggybacking.
Question 28
A fraud technique that slices off tiny amounts from many projects is called the ________ technique.
Trojan horse
round down
salami
trap door
Question 29
Computer fraud perpetrators that modify programs during systems development, allowing access into the system that bypasses normal system controls are using
a Trojan horse.
a trap door.
the salami technique.
superzapping.
Question 30
Which of the following is the easiest method for a computer criminal to steal output without ever being on the premises?
dumpster diving
by use of a Trojan horse
using a telescope to peer at paper reports
electronic eavesdropping on computer monitors
Question 31
What is one reason why AIS threats are increasing?
LANs and client/server systems are easier to control than centralized, mainframe systems.
Many companies do not realize that data security is crucial to their survival.
Computer control problems are often overestimated and overly emphasized by management.
Many companies believe that protecting information is a strategic requirement.
Question 32
The SEC and FASB are best described as external influences that directly affect an organization’s
hiring practices.
philosophy and operating style.
internal environment.
methods of assigning authority
Question 33
According to the ERM, these objectives help ensure the accuracy, completeness and reliability of internal and external company reports.
Compliance objectives
Operations objectives
Reporting objectives
Strategic objectives
Question 34
According to the ERM, these deal with the effectiveness and efficiency of company operations, such as performance and profitability goals.
Compliance objectives
Operations objectives
Reporting objectives
Strategic objectives
Question 35
When undertaking risk assessment, the expected loss is calculated like this.
Impact times expected loss
Impact times likelihood
Inherent risk times likelihood
Residual risk times likelihood
Question 36
Compatibility tests utilize a(n) ________, which is a list of authorized users, programs, and data files the users are authorized to access or manipulate.
validity test
biometric matrix
logical control matrix
access control matrix
Question 37
In 2007, a major U.S. financial institution hired a security firm to attempt to compromise its computer network. A week later, the firm reported that it had successfully entered the system without apparent detection and presented an analysis of the vulnerabilities that had been found. This is an example of a
preventive control.
detective control.
corrective control.
standard control
Question 38
The process that allows a firewall to be more effective by examining the data in the body of an IP packet, instead of just the header, is known as
deep packet inspection.
stateful packet filtering.
static packet filtering.
an intrusion prevention system
Question 39
This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.
Access control list
Internet protocol
Packet switching protocol
Transmission control protocol
Question 40
A special purpose hardware device or software running on a general purpose computer, which filters information that is allowed to enter and leave the organization’s information system, is known as a(n)
demilitarized zone.
intrusion detection system.
intrusion prevention system.
firewall.
Question 41
Jeff Davis took a call from a client. “Jeff, I need to interact online and real time with our affiliate in India, and I want to make sure that our communications aren’t intercepted. What do you suggest?” Jeff responded “The best solution will be to implement
a virtual private network.”
a private cloud environment.”
an asymmetric encryption system with digital signatures.”
multifactor authentication
Question 42
On March 3, 2008, a laptop computer belonging to Folding Squid Technology was stolen from the trunk of Jiao Jan’s car while he was attending a conference in Cleveland, Ohio. After reporting the theft, Jiao considered the implications of the theft for the company’s network security and concluded there was nothing to worry about because
the computer was protected by a password.
the computer was insured against theft.
it was unlikely that the thief would know how to access the company data stored on the computer.
the data stored on the computer was encrypted
Question 43
One way to circumvent the counterfeiting of public keys is by using
a digital certificate.
digital authority.
encryption.
cryptography
Question 44
An electronic document that certifies the identity of the owner of a particular public key.
Asymmetric encryption
Digital certificate
Digital signature
Public key
Question 45
Which of the following descriptions is not associated with symmetric encryption?
A shared secret key
Faster encryption
Lack of authentication
Separate keys for each communication party
Question 46
This tests a numerical amount to ensure that it does not exceed a predetermined value.
Completeness check
Limit check
Range check
Sign check
Question 47
User reviews are an example of a(n)
data entry control.
data transmission control.
output control.
processing control
Question 48
A copy of a database, master file, or software that will be retained indefinitely as a historical record is known as a(n)
archive.
cloud computing.
differential backup.
incremental backup
Question 49
This determines the correctness of the logical relationship between two data items.
Range check
Reasonableness test
Sign check
Size check
Question 50
When I enter a correct customer number, the data entry screen displays the customer name and address. This is an example of
prompting.
preformatting.
closed-loop verification.
error checking.
Version 2
Question 1
Refer to the chart above. At what point, measured in terms of the net cost of information, does information overload begin?
0
5
10
12
Question 2
Which of the following statements below shows the contrast between data and information?
Data is the output of an AIS.
Information is the primary output of an AIS.
Data is more useful in decision-making than information.
Data and information are the same
Question 3
The primary objective of accounting is to
implement strong internal controls.
provide useful information to decision makers.
prepare financial statements.
ensure the profitability of an organization
Question 4
Transaction cycles can be summarized on a high level as “give-get” transactions. An example of “give-get” in the revenue cycle would be
give cash, get goods.
give goods, get cash.
give cash, get labor.
give cash, get cash.
Question 5
An example of inbound logistics would consist of
the activities that transform inputs into final products or services.
the activities that help customers to buy the organization’s products or services.
the activities that provide post-sale support to customers.
the activities that consist of receiving, storing, and distributing the materials used as inputs by the organization to create goods and/or services it sells
Question 6
Which of the following is an example of source data automation?
a utility bill
POS (point-of-sale) scanners in retail stores
a bill of lading
a subsidiary ledger
Question 7
A general journal
would be used to record monthly depreciation entries.
simplifies the process of recording large numbers of repetitive transactions.
records all detailed data for any general ledger account that has individual sub-accounts.
contains summary-level data for every account of the organization
Question 8
Hector Sanchez works in the accounting department of a multinational manufacturing company. His job includes updating accounts payable based on purchase orders and checks. His responsibilities are part of the company’s
revenue cycle.
expenditure cycle.
financing cycle.
production cycle
Question 9
The efficiency of recording numerous business transactions can be best improved by the use of
prenumbered source documents.
specialized journals.
posting references.
subsidiary ledgers.
Question 10
To be effective, the chart of accounts must
be as concise as possible.
begin with account 001.
utilize only one coding technique.
contain sufficient detail to meet the information needs of the organization.
Question 11
The Union Soup Kitchen is a non-profit organization that collects, stores, prepares and provides food to the homeless in Erie, Pennsylvania. Donations of food are recorded in a database and a receipt is provided to the donor. When food is used, the database is updated so that it always reflects the amounts and types of food that are available. In a data flow diagram, which type of symbol would be used to represent the flow of data from the donor into the system?
rectangle
circle
arrow up and right
parallel horizontal lines
Question 12
In a document flowchart of a manual payroll processing system, “update employee file” will be shown by a(n) ________ symbol, and “prepare payroll check” will be shown by a(n) ________ symbol.
input; output
input; manual operation
manual operation; output
manual operation; manual operation
Question 13
When preparing a document flowchart, the names of organizational departments or job functions should appear in the
column headings.
right-hand margin.
written narrative accompanying the flowchart.
title of the flowchart.
Question 14
Chas Mulligan has been hired by Yardley Security as an assistant to the internal auditor. He has been asked to thoroughly document the existing accounting information system in preparation for making recommendations for improvements to internal controls. He decides to begin with a description of the information stored in paper records, their sources, and their destinations. The documentation tool that he should employ for this purpose is a
data flow diagram.
document flowchart.
system flowchart.
program flowchart
Question 15
A DFD created at the highest-level or summary view is referred to as a
process diagram.
overview diagram.
content diagram.
context diagram
Question 16
The ________ acts as an interface between the database and the various application programs.
data warehouse
database administrator
database management system
database system
Question 17
The problem of changes (or updates) to data values in a database being incorrectly recorded is known as
an update anomaly.
an insert anomaly.
a delete anomaly.
a memory anomaly
Question 18
The update anomaly in file-based systems or unnormalized database tables
occurs because of data redundancy.
restricts addition of new fields or attributes.
results in records that cannot be updated.
is usually easily detected by users.
Question 19
When the human resources manager wants to gather data about vacation and personal day usage by employees and by departments, the manager would use which language?
Data Query Language
Data Manipulation Language
Data Report Language
Data Definition Language
Question 20
In a well-structured database, the constraint that ensures the consistency of the data is known as the
entity integrity rule.
referential integrity rule.
logical view.
consistency integrity rule
Question 21
In a ________ scheme, customer receipts are stolen and then subsequent payments by other customers are misapplied to cover the theft of the original receipts.
kiting
laundering
bogus expense
lapping
Question 22
Opportunity to commit fraud is comprised of three stages. The stage that often takes most time and effort would include
stealing inventory from the warehouse.
selling stolen inventory to get cash.
lapping accounts receivable.
creating false journal entries to overstate revenue
Question 23
Which characteristic of the fraud triangle often stems from a lack of internal controls within an organization?
pressure
opportunity
rationalization
concealment
Question 24
Intentional or reckless conduct that results in materially misleading financial statements is called
financial fraud.
misstatement fraud.
fraudulent financial reporting.
audit failure fraud
Question 25
Why is computer fraud often more difficult to detect than other types of fraud?
Rarely is cash stolen in computer fraud.
The fraud may leave little or no evidence it ever happened.
Computers provide more opportunities for fraud.
Computer fraud perpetrators are just more clever than other types of criminals
Question 26
In the 1960s, techniques were developed that allowed individuals to fool the phone system into providing free access to long distance phone calls. The people who use these methods are referred to as
phreakers.
hackers.
hijackers.
superzappers
Question 27
The call to tech support was fairly routine. A first-time computer user had purchased a brand new PC two months ago and it was now operating much more slowly and sluggishly than it had at first. Had he been accessing the Internet? Yes. Had he installed any “free” software? Yes. The problem is likely to be a(an)
virus.
zero-day attack.
denial of service attack.
dictionary attack.
Question 28
Developers of computer systems often include a user name and password that is hidden in the system, just in case they need to get into the system and correct problems in the future. This is referred to as a
Trojan horse.
key logger.
spoof.
back door
Question 29
I work in the information technology department of a company I’ll call CMV. On Wednesday morning, I arrived at work, scanned in my identity card and punched in my code. This guy in a delivery uniform came up behind me carrying a bunch of boxes. I opened the door for him, he nodded and went on in. I didn’t think anything of it until later. Then I wondered if he might have been
pretexting.
piggybacking.
posing.
spoofing
Question 30
When a computer criminal gains access to a system by searching records or the trash of the target company, this is referred to as
data diddling.
dumpster diving.
eavesdropping.
piggybacking
Question 31
Go-Go Corporation, a publicly traded company, has three brothers who serve as President, Vice President of Finance and CEO. This situation
increases the risk associated with an audit.
must be changed before your audit firm could accept the audit engagement.
is a violation of the Sarbanes-Oxley Act.
violates the Securities and Exchange Act
Question 32
A(n) ________ helps top-level managers with high-level activities that demand frequent and regular attention.
boundary system
diagnostic control system
interactive control system
internal control system
Question 33
When undertaking risk assessment, the expected loss is calculated like this.
Impact times expected loss
Impact times likelihood
Inherent risk times likelihood
Residual risk times likelihood
Question 34
Generally in a risk assessment process, the first step is to
identify the threats that the company currently faces.
estimate the risk probability of negative events occurring.
estimate the exposure from negative events.
identify controls to reduce all risk to zero.
Question 35
The primary purpose of the Foreign Corrupt Practices Act of 1977 was
to require corporations to maintain a good system of internal control.
to prevent the bribery of foreign officials by American companies.
to require the reporting of any material fraud by a business.
All of the above are required by the act
Question 36
A special purpose hardware device or software running on a general purpose computer, which filters information that is allowed to enter and leave the organization’s information system, is known as a(n)
demilitarized zone.
intrusion detection system.
intrusion prevention system.
firewall.
Question 37
Multi-factor authentication
involves the use of two or more basic authentication methods.
is a table specifying which portions of the systems users are permitted to access.
provides weaker authentication than the use of effective passwords.
requires the use of more than one effective password.
Question 38
Which of the following is an example of a corrective control?
Physical access controls
Encryption
Intrusion detection
Incident response teams
Question 39
The Trust Services Framework reliability principle that states that users must be able to enter, update, and retrieve data during agreed-upon times is known as
availability.
security.
maintainability.
integrity
Question 40
In 2007, a major U.S. financial institution hired a security firm to attempt to compromise its computer network. A week later, the firm reported that it had successfully entered the system without apparent detection and presented an analysis of the vulnerabilities that had been found. This is an example of a
preventive control.
detective control.
corrective control.
standard control
Question 41
Which of the following is not one of the three important factors determining the strength of any encryption system?
Key length
Key management policies
Encryption algorithm
Privacy
Question 42
Jeff Davis took a call from a client. “Jeff, I need for my customers to make payments online using credit cards, but I want to make sure that the credit card data isn’t intercepted. What do you suggest?” Jeff responded “The best solution will be to implement
a virtual private network.”
a private cloud environment.”
an encryption system with digital signatures.”
a data masking program
Question 43
These are used to create digital signatures.
Asymmetric encryption and hashing
Hashing and packet filtering
Packet filtering and encryption
Symmetric encryption and hashing
Question 44
Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers’ personal information?
Providing free credit report monitoring for customers
Inform customers of the option to opt-out of data collection and use of their personal information
Allow customers’ browsers to decline to accept cookies
Utilize controls to prevent unauthorized access to, and disclosure of, customers’ information
Question 45
Jeff Davis took a call from a client. “Jeff, I need to interact online and real time with our affiliate in India, and I want to make sure that our communications aren’t intercepted. What do you suggest?” Jeff responded “The best solution will be to implement
a virtual private network.”
a private cloud environment.”
an asymmetric encryption system with digital signatures.”
multifactor authentication
Question 46
Sequentially prenumbered forms is an example of a(n)
data entry control.
data transmission control.
processing control.
input control.
Question 47
Error logs and review are an example of
data entry controls.
data transmission controls.
output controls.
processing controls
Question 48
This determines if all required data items have been entered.
Completeness check
Field check
Limit check
Range check
Question 49
A facility that is pre-wired for necessary telecommunications and computer equipment, but doesn’t have equipment installed, is known as a
cold site.
hot site.
remote site.
subsidiary location
Question 50
User reviews are an example of a(n)
data entry control.
data transmission control.
output control.
processing control
Here’s the SOLUTION