Accounting Information System

In 2009, _____ of the projects failed or were challenged.

• 49%
• 82%
• 68%
• 35%

Which of the following least reflects the purpose of a business rule in the conversion process?

• Assuring that all products meet quality standards
• Ensuring no production without a customer order
• Segregating authorizing, issuing, and conversion work duties
• Limiting who can view and change records in the system

Time that employees devote to self-training on new technology is an example of direct operating costs.

• True
• False

The 15-15 Rule states that if a project is more than 15 percent over budget or 15 percent off the desired schedule, it will likely never recoup the time or cost necessary to be considered successful.

• True
• False

In Unified Modeling Language (UML) the options for maximum multiplicity values are 1 and *.

• True
• False

Information is defined as being data organized in a meaningful way to be useful to the user.

• True
• False

Encryption and hashing are similar process to maintain data confidentiality.

• True
• False

The Products table would include a foreign key to link it to Product Categories.

• True
• False

A well-designed and well-functioning AIS can be expected to create value by providing relevant information helpful to management to increase revenues and reduce expenses.

• True
• False

The systems development life cycle has five phases: Planning, Analysis, Design, Implementation and Maintenance.

• True
• False

Obligatory business rules state what should not occur.

• True
• False

A customer intended to order 100 units of a product A, but incorrectly ordered nonexistent product B. Which of the following controls most likely would detect this error?

• Hash total
• Validity check
• Parity check
• Record count

The role of accountants in accounting information systems include all except:

• Manager
• User
• Operator
• Evaluator

Business models provide value in all of the following areas except which one?

• Eliciting requirements for new systems
• Specifying systems requirements
• Employee performance appraisal
• Managing complexity

Parallel or concurrent tasks are tasks that be done at the same time.

• True
• False

Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization?

• Allowing for greater management oversight of incompatible activities.
• Requiring accountants to pass a yearly background check.
• Replacing personnel every three or four years.
• Disclosing lack of segregation of duties to external auditors during the annual review.

Which of the following is not a value proposition characteristic expected to influence customer value?

• Innovation
• Product attributes
• Image
• Relationship

Symmetric-key encryption method is used to authenticate users.

• True
• False

Which of the following correctly describes the Referential Integrity Rule?

• The primary key of a table must have data values (cannot be null)
• Values of a specific attribute must be of the same type
• Each attribute in a table must have a unique name
• The data value for a foreign key could be null

The association between Purchase Orders and Cash Disbursements would be implemented with a linking table.

• True
• False

Which of the following statements about switches is correct?

• Hub is smarter than Switch.
• A Switch contains multiple ports.
• Switch is widely used in WANs.
• Switches provide more security protections than hubs do for a company's internal network.

The 15-15 Rule states that if a project is more than 15 percent over budget or 15 percent off the desired schedule, it will:

• Have a small likelihood of ever being adopted by system users.
• Likely never recoup the time or cost necessary to be considered successful.
• Likely only have 15% of the desired benefits.
• Likely be cancelled by the project sponsor.

Which of the following statements regarding the purposes of an operating system is correct?

• To allocate computer resources to users and applications
• All of the choices are correct
• To ensure the integrity of a system
• To control the flow of multiprogramming and tasks of scheduling in the computer

Which of the following best describes the purpose of a swimlane?

• Depicts the sequence of tasks in a process.
• Depicts interactions between organizations in a process.
• Depicts different departments of the same organization in a process.
• Depicts different organizations involved in a process.

Encryption is a preventive control ensuring data confidentiality and privacy during transmission and for storage.

• True
• False

Which of the following is an example of project risk?

• The technology will not work as expected.
• The IT project is not aligned with the company's strategy.
• The financial benefits may not be delivered.
• The IT project may exceed budget.

In Microsoft Access, we use "Tables" for:

• Data entry
• Data storage
• Date retrieve
• Two of the choices

Which of the following best describes the purpose of an event in a Business Process Modeling Notation (BPMN) activity diagram?

• Shows where the work takes place.
• Affects the flow of the business process.
• Describes the sequence of workflow.
• Controls branching and merging.

Which of the following would be least likely to be represented with a Unified Modeling Language (UML) Class?

• The number of trucks used in the delivery
• The customer receiving the delivery
• The employee driving the truck
• Trucks

The appropriate cost of capital to use in valuing an IT project is the same regardless of the project riskiness.

• True
• False

Which of the following symbols depicts an activity?

• A circle with a double line perimeter
• An arrow
• A circle with a wide single line perimeter
• A rectangle

Segregation of duties reduces the risk of errors and irregularities in accounting records.

• True
• False

The triple constraints of project management are also referred to as Dempster's triangle.

• True
• False

Which of the following passwords would be most difficult to crack?

• pass56word
• jennyjenny
• Go2Ca!ifornia4fun
• language

Which of the following is not an example of Enterprise IT?

• Business intelligence systems
• CRM systems
• Spreadsheet financial applications
• ERP systems

The Certified Information Technology Professional is the position created by the AICPA to recognize CPAs who have the ability to provide skilled professional services on Information Technology.

• True
• False

Which of the following is not a characteristic of useful information?

• Easy to understand
• Representational Faithfulness
• Timely
• Feedback value.

Type images can be used to allow process information to be summarized by category.

• True
• False

Which of the following best describes the purpose of a bill of material class?

• Links each raw material item to one or more finished good items.
• Shows the raw material usage variance.
• Shows the issues of raw material items into work in process.
• Links finished goods to production.

What is the test data technique?

• None of the choices is correct
• A and B are correct
• It uses a set of input data to validate system integrity.
• It requires auditors to prepare both valid and invalid data to examine critical logics and controls of the system
• It is an automated technique that enables test data to be continually evaluated during the normal operation of a system

Which of the following is least likely to be considered a component of a computer network?

• Application programs.
• Computers.
• Servers.
• Routers.

Review the following diagram. Which answer provides the best interpretation of the multiplicities for the association between the Quote class and the Order class?

• One Sunset Partner both prepares quotes and records orders.
• Each quote may result in many future Orders.
• Each order must result from a prior quote.
• Quotes and orders are entered into the system at the same time.

Within a WAN, a router would perform which of the following functions?

• Amplify and rebroadcast signals in a network
• Forward data packets to their internal network destination
• Provide the communication within the network
• Select network pathways within a network for the flow of data packets.

The Object Management Group maintains the standard for Unified Modeling Language (UML) Class diagrams.

• True
• False

Consider an association indicating professional licensing status between an Accountant class and a States class in a Unified Modeling Language (UML) Class diagram. The multiplicities next to the Accountants class are 0..* and the multiplicities next to the States class are 0..*. Which of the following is the best way to implement that association in your database?

• Post the primary key of States as a foreign key in Accountants.
• None of the choices.
• Post the primary key of Accountants as a foreign key in States.
• Create a linking table.

Bacchus, Inc. is a large multinational corporation with various business units around the world. After a fire destroyed the corporation headquarters and largest manufacturing site, plans for which of the following would help Bacchus ensure a timely recovery?

• Backup power.
• Business continuity.
• Network security.
• Daily backup.

Which of the following is not a form of business rules?

• Obligatory
• Prohibited
• Allowed
• Compulsory

Consider the following BPMN diagram of a subprocess. Which of the following is required to correct an error in the diagram?

• Change the intermediate error event to an exclusive gateway
• Add a sequence flow to an end event
• Change the intermediate event to a start event
• Drop the activity named Discard Errors.

Which of the following least reflects the purpose of a business rule in the purchase process?

• Ensure suppliers are paid on time
• Require segregation of order, receiving, and payment duties
• Ensure suppliers are satisfied
• Ensure an audit trail

The linking table between Purchase Orders and Products would likely indicate the quantity of each product ordered and the quantity of each product received.

• True
• False

A wireless network is comprised access points and stations. Access points logically connect stations to a firm's network.

• True
• False

Certificate Authority (CA) issues digital certificates to bond the subscriber with a public key and a private key.

• True
• False

The Purchase Orders table would have five foreign keys.

• True
• False

The PERT and Gantt charts primarily address the triple constraint of:

• Technical issues
• Cost
• Scope
• Time

The Certified Information Systems Auditor (CISA) is a professional designation generally sought by those performing IT audits.

• True
• False

The triple constraint of project management includes the constraint of:

• Technical issues
• Adoption
• Time
• Usability

Management philosophy and operating style would have a relatively less significant influence on a firm's control environment when

• The internal auditor reports directly to the controller.
• Management is dominated by one individual.
• Accurate management job descriptions delineate specific duties.
• The audit committee does not have regular meetings.

In a large pubic corporation, evaluating internal control procedures should be responsibility of:

• Security management staff who report to the chief facilities officer.
• Accounting management staff who report to the CFO.
• Internal audit staff who report to the board of directors.
• Operations management staff who report to the chief operation officer.

Which of the following is not a direct acquisition cost of an IT initiative?

• Cost of business disruption
• Cost of software development
• Cost of project management
• Cost of hardware

Information security is a critical factor in maintaining systems integrity.

• True
• False

Many companies record both purchase orders and purchases; when would such a company recognize the purchase?

• When the products are received from the supplier and accepted.
• When the supplier receives the purchase order.
• When the products are sold.
• When the purchase order is issued.

In a hierarchical data model, data elements are related in many-to-many relationships.

• True
• False

The balanced scorecard management process starts with the Formulate step.

• True
• False

CRM software often includes the use of database marketing tools to learn more about the customers and to develop strong firm-to-customer relationships.

• True
• False

In a collaboration model using BPMN, the interaction between participants is called orchestration.

• True
• False

Accounting information systems are:

• Are for computer games
• Report only accounting information.
• Records, processes and reports
• Always computerized.

An entity's ongoing monitoring activities often include

• Periodic audits by the audit committee.
• The audit of the annual financial statements.
• Control risk assessment in conjunction with quarterly reviews.
• Reviewing the purchasing function.

Supply chain management systems are an example of Network IT.

• True
• False

An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing?

• System security policy.
• Data restoration plan.
• System hardware policy.
• Disaster recovery plan.

Which of the following items can best be described as a "Resource" in the REA data model?

• Two of the choices are correct.
• Cashier
• Sales
• Cash

Which of the following is not a Business Management Support role of the Accounting/Finance Function in Business?

• Investment appraisal
• Management information
• Financial consolidation, reporting and analysis
• Planning, budgeting and forecasting

Data mining is the process of searching for patterns in the data in a data warehouse and to analyze the patterns for decision making.

• True
• False

Which of the following is not a purpose of documentation?

• Establishing accountability
• Training
• Determining staffing
• Describing current processes

Parallel simulation uses an independent program to simulate a part of an existing application program, and is designed to test the validity and to verify the accuracy of an existing application program.

• True
• False

The success of Enterprise IT investments often depends on whether the company makes complementary changes in business processes.

• True
• False

Key distribution and key management are problematic under the symmetric-key encryption.

• True
• False

The value proposition step in the analysis of an IT initiative should focus on five questions, including the timing of expected benefits.

• True
• False

Which of the following is not something a model of database structures must be able to describe?

• The entities or things in the domain of interest
• The attributes or characteristics of the entities and relationships
• The sequence that entities are accessed
• The cardinalities that describe how many instances of one entity can be related to another

Which of the following items can best be described as an "Event" in the REA data model?

• Cash collection
• None of the choices is correct
• Cash
• Cashier

Which of the following is not a step in the balanced scorecard management process?

• Translate
• Monitor
• Invest
• Adapt

Given the requirement of the Sarbanes-Oxley Act of 2002 (SOX), the Public Company Accounting Oversight Board (PCAOB) established the Securities and Exchange Commission (SEC) to provide independent oversight of public accounting firms.

• True
• False

Which of the following best describes a Business Process Modeling Notation (BPMN) message flow?

• Shows sequence of activities in a process.
• Shows branching and merging in a business process.
• Shows interactions between participants in a process.
• Affects the flow of a business process.

Which of the following is the primary reason that many auditors hesitate to use embedded audit modules?

• Embedded audit modules cannot be protected from computer viruses.
• Auditors are required to monitor embedded audit modules continuously to obtain valid results.
• Auditors are required to be involved in the system design of the application to be monitored.
• Embedded audit modules can easily be modified through management tampering.

The linking table between Supplier Categories and Product Categories would contain the attribute summarizing year-to-date purchases for each supplier category and product category combination.

• True
• False

An auditor assesses control risk because it

• affects the level of detection risk that the auditor may accept.
• indicates to the auditor where inherent risk may be the greatest.
• is relevant to the auditor's understanding of the control environment.
• provides assurance that the auditor's materiality levels are appropriate.

A pool in a BPMN model does not actually have to display any activities.

• True
• False

Internal controls guarantee the accuracy and reliability of accounting records.

• True
• False

A firm must establish control policies, procedures, and practices that ensure the firm's business objectives are achieved and its risk mitigation strategies are carried out.

• True
• False

The value of IT investments often depend on the level of complementary resources, which can change over time.

• True
• False

Which of the following is not included in Information Capital as described in the balanced scorecard learning and growth perspective?

• Applications
• Intangible assets
• IT Infrastructure
• Employees' abilities to use technology

Proper segregation of duties calls for separation of the following functions:

• Authorization, payment, and recording.
• Custody, execution, and reporting.
• Authorization, execution, and payment.
• Authorization, recording, and custody.

Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission?

• Parity check.
• Hash total.
• Check digit.
• Encryption.

Investments in business analytics systems support the balanced scorecard management process during the Link to Operations step.

• True
• False

Consider an association between a Cash Disbursements class and a Cash Accounts class in a Unified Modeling Language (UML) Class diagram. The multiplicities next to the Cash Disbursements class are 0..* and the multiplicities next to the Cash Accounts class are 1..1. Which of the following is the best way to implement that association in your database?

• None of the choices.
• Post the primary key of Cash Accounts as a foreign key in Cash Disbursements.
• Create a linking table.
• Post the primary key of Cash Disbursements as a foreign key in Cash Accounts.

Which of the following is not a use of CAATs in auditing?

• Produce terms and conditions of employment
• Test of details of transactions and balances
• Fraud examination
• Analytical review procedures

What kind of data models is most commonly used in today's business environment?

• Network data model
• Hierarchical data model
• Relational data model
• All of the choices

The chief executive officer is ultimately responsible for enterprise risk management.

• True
• False

COBIT (Control Objectives for Information and related Technology) is a generally accepted framework for IT governance in the U.S.

• True
• False

Embedded audit module is a programmed audit module that is added to the system under review.

• True
• False

Customer Relationship Management is defined as:

• A system used to manage and nurture a firm's interactions with its current and potential customers
• A system used to connect a firm's suppliers with a firm's customers.
• A system used to track a customer's past purchases
• A system used to advertise current items on sale to customers.

Which of the following is the best approach to mitigate alignment risk?

• Use the balanced scorecard framework
• Conduct training and provide incentives
• Use sensitivity analysis
• Assure top management support

The breakdown of all of the project tasks needed for completion is often called the work breakdown structure.

• True
• False

In Unified Modeling Language (UML) attributes are characteristics of individual instances of a Class.

• True
• False

Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been:

• Monitored.
• Authorized.
• Implemented.
• Tested.

Integrity of information means the information is:

• Accurate
• Complete
• Accessible
• A and B are correct.

The design phase of the SDLC begins with a business need for a new or better information system.

• True
• False

Which of the following symbols is used to depict different organizations in one Business Process Modeling Notation (BPMN) diagram?

• Pool
• Message flow
• Intermediate event
• Gateway

Which of the following statements is not correct?

• The IP address of a Web server does not change
• Each hardware device must have a MAC address
• The MAC address of a desktop computer often changes
• The IP address of a desktop computer often changes

Which of the following are considered to be mandatory information required by a regulatory body?

• The cost to build an all-new Starbucks restaurant in Abu Dhabi.
• Financial reports for the Securities and Exchange Commission
• The amount of taxes saved by a merger
• The total dollar value of fireworks that are sold on July 4.

Business rules are unrelated to COSO control activities, although they serve an important purpose.

• True
• False

To prevent invalid data input, a bank added an extra number at the end of each account number and subjected the new number to an algorithm. This technique is known as:

• A format check.
• check digit verification.
• A validation check.
• A dependency check.

Which of the following is not an approach used for the online analytical processing (OLAP).

• What-if simulations
• Exception reports
• Data mining
• Consolidation

Which of the following is not a building block for Business Process Modeling Notation (BPMN) diagrams?

• Gateways
• Sequence flows
• Associations
• Events

Which of the following best describes the purpose of an intermediate error event?

• Waits for external messages
• Ends a process
• Delays the sequence until a specified time
• Directs sequence flow when an activity aborts

Which of the following is the best description of an association?

• The number of times one class is related to another
• The lines in a UML Class diagram
• A group of classes
• The relationship between two classes

Which of the following best describes the difference between access controls and application controls?

• Access controls are "prohibited" business rules and application controls are "allowed" business rules.
• There is no difference between access and application controls.
• Access controls limit who can change records and application controls provide an audit trail of any changes.
• Access controls implement business rules and application controls do not.

What is data mining?

• The process of analyzing data to extract of information that is not affected by the raw data alone.
• None of the choices is correct.
• A particular attribute of information.
• A common term for the representation of multidimensional data.

The critical path in a PERT chart represents:

• The most important tasks of the whole project.
• The longest path of tasks needed for project completion.
• The path of processes that is critical for system adoption.
• The tasks that must be completed without errors.

Segregation of duties can be the source of IT material weaknesses when assessing the effectiveness of internal controls over the company's accounting information system.

• True
• False

In a BPMN activity diagram, which of the following best describes the purpose of an intermediate timer event?

• Indicates a delay to a specific date/time
• Indicates a delay to a relative date, such as next Thursday
• All of the choices
• Represent a time delay

Capital budgeting techniques provide precise estimates on an IT projects costs and benefits.

• True
• False

Which of the following represents an inherent limitation of internal controls?

• Shipping documents are not matched to sales invoices.
• Customer credit check not performed.
• The CEO can request a check with no purchase order.
• Bank reconciliations are not performed on a timely basis.

Process documentation does not include which of the following?

• Business rules
• External audit workpapers
• Process models
• User manuals

Which of the following statements about asymmetric-key encryption is correct?

• When using asymmetric-key encryption method, a total of two keys are necessary in electronic communication between two parties.
• Employees in the same company share the same public key.
• Most companies would like to use a Certificate Authority to manage the public keys of their employees.
• Most companies would like to manage the private keys for their employees.

Virtual private network (VPN) is a private network, provided by a third party, for exchanging information through a high capacity connection.

• True
• False

The overall attitude and awareness of a firm's top management and board of directors concerning the importance of internal control is often reflected in its

• Safeguards over access to assets.
• System of segregation of duties.
• Computer-based controls.
• Control environment.

Gateways can direct sequence flow to support looping.

• True
• False

Which of the following statements about foreign keys is not true?

• A foreign key can be a combination of attributes.
• Foreign key must match values of the linked primary key.
• A foreign key cannot be NULL.
• Foreign keys support a defined association.

A disaster recovery approach should include which of the following elements:

• Regular backups.
• Firewalls.
• Surge protectors.
• Encryption.

The data in a data warehouse are updated when transactions are processed.

• True
• False

Why do Certificate Authority (CA) play an important role in a company's information security management?

• None of the above is correct.
• Most companies use CA to manage their employees' public keys.
• Using a CA is required by SOX in managing information security.
• CA creates and maintains both the public and private keys for a company's employees.

Which of the following is the best reason that companies find it hard to assess the benefit of IT investments?

• None of the choices
• IT investments become embedded in business processes
• Difficult to assess costs
• Difficult to tie IT investments to company strategy

Conversion labor costs become part of cost of goods sold.

• True
• False

Each attribute in a table can have several names.

• True
• False

A generalization relationship models a grouping of things that share common characteristics.

• True
• False

Opportunity flowcharts identify opportunities for process improvement by separating value-added from non-value-added activities.

• True
• False

An enterprise system is a centralized database that collects data from throughout the firm. This includes data from orders, customers, sales, inventory and employees.

• True
• False

Review the following diagram. Which answer provides the best interpretation of the multiplicities for the association between the Products and Production Authorization classes?

• One employee can authorize production multiple times.
• Each production authorization is related to one product.
• Each product is related to one production authorization.
• The employee records the completion of a job and updates finished goods.

Business value includes all those items, events and interactions that determine the financial health and well-being of the firm.

• True
• False

Review of the audit log is an example of which of the following types of security control?

• Governance.
• Preventive.
• Corrective.
• Detective.

The characteristics of relevant information include predictive value, feedback value and timeliness.

• True
• False

In Microsoft Access, we use "Forms" for

• Date retrieve
• Data storage
• Two of the choices
• Data entry

The Purchase Orders table would have the same foreign keys as the Purchases table.

• True
• False

The benefits of an IT project are not necessarily measurable in financial terms.

• True
• False

Cloud computing is an internet-based computing where shared resources, software, and information is provided to firms on demand.

• True
• False

Each Purchase Order would be ultimately linked to one cash disbursement.

• True
• False

Fraud triangle includes incentive, opportunity and an attitude to rationalize the fraud.

• True
• False

Data governance is the convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a company.

• True
• False

Benefits are often estimated without complete information.

• True
• False

Which of the following is the best description of the balanced scorecard?

• All are descriptions of the balanced scorecard
• A performance measurement framework
• A formal, structured approach to link IT investment to business performance
• A strategic planning and management system

Integrated test facility (ITF) is an automated technique that enables test data to be continually evaluated during the normal operation of a system.

• True
• False

When considering internal control, an auditor should be aware of reasonable assurance, which recognizes that

• The cost of an entity's internal control should not exceed the benefits expected to be derived.
• Establishing and maintaining internal control is an important responsibility of management.
• Internal control may be ineffective due to mistakes in judgment and personal carelessness.
• Adequate safeguards over access to assets and records should permit an entity to maintain proper accountability.

The purpose of a company's firewall is to:

• Deny computer hackers access to sensitive data
• Guard against spoofing
• Filtering packets
• All of the choices

Refer to the following diagram. Which of the following answers does not provide a valid interpretation of the multiplicities for the association between the Inventory and the Product Category classes?

• Every inventory item is in at most one product category.
• Every product category includes at least one inventory item.
• Every inventory item is in at least one product category.
• Some product categories do not include inventory items.

Internal control is a process consisting of ongoing tasks and activities. It is a means to an end, not an end in itself.

• True
• False

A query using Purchase Orders and Cash Disbursements could report accounts payable by showing records where the foreign key was NULL (blank).

• True
• False

The associate between Purchase Orders and Purchases would be implemented with a linking table.

• True
• False

The association between Purchase Orders and Products would be implemented with a linking table.

• True
• False

Which of the following is not an organizational capability directly supported by Enterprise IT?

• Process integration
• Process definition
• Customer service
• Transaction automation

The association between Purchase Orders and Cash Disbursements could be implemented with a foreign key in either table but not both.

• True
• False

A continuous audit is to perform audit-related activities on a continuous basis.

• True
• False

Which of the following types of businesses is least likely to employ a conversion process?

• Machine shop
• Retail store
• Bakery
• Restaurant

Parallel simulation attempts to simulate the firm's key features or processes.

• True
• False

Review the following diagram. Which answer provides the best interpretation of the multiplicities for the association between the Product Categories and Supplier Categories classes?

• Supplier and product category information can be used to calculate year-to-date sales for each product/supplier category combination.
• Some partners may manage several product categories, and some partners may manage several supplier categories, but there is no direct link between supplier and product categories.
• Each partner can only purchase products from one supplier category and for one product category.
• Every supplier and product category can be managed by several partners, but no partner manages both.

A data warehouse is for daily operations and often includes data for the current fiscal year only.

• True
• False

Which of the following does not represent a viable data backup method?

• Disaster recovery plan
• Virtualization
• Cloud computing
• Redundant arrays of independent drives

A labor plan class would establish standard overhead allocation rates.

• True
• False

Which of the following about cloud computing is incorrect?

• Clients using cloud computing do not need to periodically backup data.
• One major issue on using cloud computing is about security.
• Cloud computing is Internet-based computing where shared resources, software, and information are provided to firms on demand.
• Cloud Computing can easily host enterprise system applications.

In Business Process Modeling Notation (BPMN), activities are named with a short verb phrase placed within the rectangle.

• True
• False

Which of the following controls would most likely assure that a company can reconstruct its financial records?

• Paper records
• Security controls such as firewalls
• Personnel understand the data very well
• Backup data are tested and stored safely

Which of the following is not included in the remediation phrase for vulnerability management?

• Control Implementation
• Policy and procedures for remediation
• Vulnerability Prioritization
• Risk Response Plan

Which of the following is not a management control for wireless networks?

• Conducting appropriate awareness training on wireless networks
• Assigning roles and responsibilities of employees for access control
• Conducting risk assessment on a regular basis
• Creating policies and procedures

Which of the following strategies will a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?

• Verification of encrypted digital certificates used to monitor the authorization of transactions.
• Continuous monitoring and analysis of transaction processing with an embedded audit module.
• Increased reliance on internal control activities that emphasize the segregation of duties.
• Extensive testing of firewall boundaries that restrict the recording of outside network traffic.

Which of following are possible options for minimum multiplicities?

• 0 and *
• 0, 1, and *
• * and 1
• 0 and 1

Associations can indicate the roles that one Class takes in its business relationship with another Class.

• True
• False

In Unified Modeling Language (UML) primary keys may be blank.

• True
• False

The business case for an IT project does not need to address risk, since risk will be factored into the discount rate.

• True
• False

A BPMN process flow can start in one pool and end in the collaborating pool.

• True
• False

Consider an association between a Deliveries class and a Shipping Companies class in a Unified Modeling Language (UML) Class diagram. The multiplicities next to the Deliveries class are 0..* and the multiplicities next to the Shipping Companies class are 1..1. Which of the following is the best way to implement that association in your database?

• Post the primary key of Shipping Companies as a foreign key in Deliveries.
• Post the primary key of Deliveries as a foreign key in Shipping Companies.
• Create a linking table.
• None of the choices.

The internal control provisions of SOX apply to which companies in the United States?

• All nonissuer companies.
• All companies.
• SEC registrants.
• All issuer (public) companies and nonissuer (nonpublic) companies with more than $100,000,000 of net worth.

Which of the following is an example of a validity check?

• After data for a transaction are entered, the computer sends certain data back to the terminal for comparison with data originally sent.
• The computer ensures that a numerical amount in a record does not exceed some predetermined amount.
• The computer flags any transmission for which the control field value did not match that of an existing file record.
• As the computer corrects errors and data are successfully resubmitted to the system, the causes of the errors are printed out.

Which of the following statements is incorrect about digital signature?

• A digital signature can ensure data integrity.
• A digital signature is an encrypted message digest.
• A digital signature is a message digest encrypted using the document creator's public key.
• A digital signature also authenticates the document creator.

PERT is actually an acronym for Program Evaluation Review Tool.

• True
• False

An example of an AIS that primarily addresses internal business processes includes:

• Enterprise systems
• Supply chain software
• B2B transaction software
• Customer relationship management software

Sound internal control dictates that immediately upon receiving checks from customers by mail, a responsible employee should

• Prepare a summary listing of checks received.
• Record the checks in the cash receipts journal.
• Add the checks to the daily cash summary.
• Verify that each check is supported by a pre-numbered sales invoice.

Refer to the following diagram. Which of the following answers provides the best interpretation of the multiplicities for the association between the Cash Receipt and Cash classes?

• Each order increases accounts receivable.
• Some cash receipts are not deposited into a bank account.
• Each cash receipt is deposited into one bank account.
• The company only has one bank account.

When the firm's value proposition meets or exceeds customers' requirements, customer satisfaction results in customer retention and new customer acquisition, which drives sales growth.

• True
• False

Which of the following outcomes is a likely benefit of information technology used for internal control?

• Recording of unauthorized transactions.
• Potential loss of data.
• Enhanced timeliness of information.
• Processing of unusual or nonrecurring transactions.

When client's accounts payable computer system was relocated, the administrator provided support through a dial-up connection to server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk?

• Security logs are not periodically reviewed for violations.
• Management procedures for user accounts are not documented.
• User passwords are not required to the in alpha-numeric format.
• User accounts are not removed upon termination of employees.

What is the primary objective of data security controls?

• To ensure that data storage media are subject to authorization prior to access, change, or destruction.
• To monitor the use of system software to prevent unauthorized access to system software and computer programs.
• To formalize standard, rules, and procedures to ensure the organization's control are properly executed.
• To establish a framework for controlling the design, security, and use of computer programs throughout an organization.

An entity doing business on the internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except:

• Data encryption.
• Digital certificates.
• Batch processing.
• Password management.

A simple information system includes all but the following elements except:

• Storage
• Processing
• Reporting
• Input

Corporate governance is a set of processes and policies in managing an organization with sound ethics to safeguard the interests of its stakeholders.

• True
• False

A supply chain:

• Is similar in function and purpose to the value chain
• Refers to the flow of materials, information, payments and services.
• Refers to the supplies needed to build products
• Does not apply to a service firm like an accounting firm.

Refer to the following diagram. Which of the following answers does not provide a valid interpretation of the multiplicities for the association between the Employees and the Product Categories classes?

• Each product category can have no managers or multiple managers.
• Some employees do not manage at least one product category.
• Each product category has one manager.
• Employees are assigned to manage product categories.

The Purchases table would have four foreign keys.

• True
• False

Which of the following statements regarding authentication in conducting e-business is incorrect?

• One key is used for encryption and decryption purposes in the authentication process.
• We need to use asymmetric-key encryption to authenticate the sender of a document or data set.
• Successful authentication can prevent repudiation in electronic transactions.
• It is a process that establishes the origin of information or determines the identity of a user, process, or device.

In a basic UML diagram of the conversion process, which of the following best describes the purpose of a duality association?

• Links work in process events to the original production authorization.
• Indicates issue of raw material into the process.
• Tracks completion of work in process and increase to finished goods inventory.
• Shows the participation of employees in the process.

All of the following are examples of internal control procedures except

• Insistence that employees take vacations
• Using pre-numbered documents
• Reconciling the bank statement
• Customer satisfaction surveys

Support activities in the value chain does not include:

• Accounting and Finance
• Human Resource Management
• Firm Infrastructure
• Procurement

Which of the following is not a question that businesses should answer before making major IT investments?

• What key business issues does it address?
• None of the choices
• What are the risks of doing the project?
• How will success be measured?

The Technology Acceptance Model defines perceived ease of use as users adopting a new or modified system to the extent they believe the system will help them perform their job better.

• True
• False

Which of the following is the best description of the Link to Operations step in the balanced scorecard management process?

• The company prepares operating budgets and prioritizes business process improvements.
• The company examines the competitive environment.
• The company evaluates the effectiveness of its strategy.
• The company establishes objectives, measures, targets, and initiatives.

A project sponsor is generally defined as:

• The system's primary user.
• A senior executive that will sponsor, or pay for, the project.
• The CEO of the company that likes technology.
• A senior executive in the company who takes responsibility for the success of the project.

The analysis phase of the SDLC involves a complete, detailed analysis of the systems needs of the end user.

• True
• False

To be valuable business partners, accountants must understand how the business delivers value to its employees.

• True
• False

Firewalls are security systems comprised of hardware and software that is built using routers, servers, and a variety of software.

• True
• False

LAN is the abbreviation for

• Local Area Network.
• Low Analytical Nets.
• Longitudinal Analogue Network.
• Large Area Network.

Consider an association between a Cash Disbursements class and a Vendors class in a Unified Modeling Language (UML) Class diagram. The multiplicities next to the Cash Disbursements class are 0..* and the multiplicities next to the Vendors class are 1..1. Which of the following is the best way to implement that association in your database?

• None of the choices.
• Post the primary key of Vendors as a foreign key in Cash Disbursements.
• Create a linking table.
• Post the primary key of Cash Disbursements as a foreign key in Vendors.

Which of the following is the best reason that a collaboration model would not be used to diagram the conversion process?

• The choreography between pools is not shown in a collaboration model.
• A collaboration model does not include swimlanes.
• The orchestration of the activities is not shown in a collaboration model.
• All conversion activities are internal to the organization.

Business rules describe appropriate actions to take based on process conditions.

• True
• False

Spam is a self-replicating program that runs and spreads by modifying other programs or files.

• True
• False

The Certified Information Technology Professional (CITP) is a professional designation for those with broad range of technology knowledge and does not require a CPA.

• True
• False

One-to-many relationships are implemented by posting a foreign key.

• True
• False

In making the business case for an IT investment, companies should assess the sensitivity of results to the assumptions.

• True
• False

A company's audit committee is responsible for fraud risk assessments.

• True
• False

Each of the following types of controls is considered to be an entity-level control, except those:

• Addressing policies over significant risk management practices
• Relating to the control environment.
• Regarding the company's annual stockholder meeting.
• Pertaining to the company's risk assessment process.

In a large multinational organization, which of the following job responsibilities should be assigned to be network administrator?

• Managing remote access.
• Installing operating system upgrades.
• Reviewing security policy.
• Developing application programs.

One-to-one relationships are implemented by creating a linking table.

• True
• False

The results of a generalized audit software simulation of the aging of accounts receivable revealed substantial differences in the aging contribution, even though grand totals reconciled. Which of the following should the IS auditor do first to resolve the discrepancy?

• Ignore the discrepancy because the grand totals reconcile and instruct the controller to correct program.
• Create test transactions and run test data on both the production and simulation program.
• Recreate the test, using different software.
• List a sample of actual data to verify the accuracy of the test program.

In the business process perspective, the firm describes its objectives for improvements in tangible and intangible infrastructure.

• True
• False

The goal of information security management is to maintain confidentiality, integrity and availability of a firm's information.

• True
• False

The correct order of effects in the value chain are:

• Inbound Logistics -> Outbound Logistics -> Marketing & Sales
• Inbound Logistics -> Operations -> Outbound Logistics
• Inbound Logistics -> Operations -> Service
• Inbound Logistics -> Operations -> Shipping

Which of the following is not a best practice in preparing Unified Modeling Language (UML) Class diagrams?

• Avoid crossing lines whenever possible.
• Model each process separately.
• Opt for simplicity.
• Avoid confusing abbreviations.

Which of the following is not a major consideration when assessing business requirements for IT initiatives?

• Potential technological solutions
• Project risks
• Complementary business process changes
• Gaps in performance indicated by the strategy map

Outbound logistics are the activities associated with receiving and storing raw materials and other partially completed materials, and distributing those materials to manufacturing when and where they are needed.

• True
• False

In a BPMN collaboration model of the purchase process, which of the following is the appropriate term for the message flows between pools?

• Orchestration
• Choreography
• Intermediate events
• Collaboration

The goal of information security management is to enhance the confidence, integrity and authority (CIA) of a firm's management.

• True
• False

Refer to the following diagram. Which of the following answers does not provide a valid interpretation of the multiplicities for the association between the Employees and the Sales classes?

• Some employees participate in several sales.
• Several employees participate in each sale.
• Some employees do not participate in sales.
• Only one employee participates in each sale.

Which of the following is not a criterion for selection of a primary key?

• The primary key cannot be NULL (blank).
• Primary keys with sequential values make it easier to spot gaps in the data.
• The primary key should be controlled by the organization assigning it.
• Longer key values are better than shorter key values.

The Cash Disbursements table would have three foreign keys.

• True
• False

An enterprise resource planning system has which of the following advantages over multiple independent functional systems?

• Increased amount of data redundancy since more than one module contains the same information.
• Modifications can be made to each module without affecting other modules.
• Increased responsiveness and flexibility while aiding in the decision-making process.
• Reduction in costs for implementation and training.

Refer to the following diagram. Which of the following answers provides the best interpretation of the multiplicities for the association between the Order class and the Products class?

• Each product has been ordered at least once.
• Each order must specify the same products as the previous quote.
• An order may include many products.
• An order does not have to include a product.

Segregation of duties is an example of a COSO control activity.

• True
• False

Business Process Modeling Notation (BPMN) start events are shown using ovals and flowchart start events are shown using circles.

• True
• False

In Unified Modeling Language (UML) the options for minimum multiplicity values are 0, 1, and 2.

• True
• False

Common IT techniques that are needed to implement continuous auditing include

• All of the choices.
• Transaction logging and query tools
• Computer-assisted audit techniques.
• Data warehouse and data mining

Which of the following is not an Accounting/Finance Operations role of the Accounting/Finance Function in Business?

• Stakeholder assurance
• People management
• Financial close-completing period end accounts
• Financial consolidation, reporting and analysis

Application controls limit access to viewing and changing records in a system.

• True
• False