Exam 5

Question 1

Identification of Control Activities: Principle 10

Answer 1

recognizes that a major task for an organization is to identify what control activities are desirable for that particular organization .

Question 2

Identification of Control Activities: Principle 12

Answer 2

discusses the importance of developing policies and procedures to ensure control activities are in place and working .

Question 3

Isolation

Answer 3

Data, programs, documentation, and information processing facilities should be isolated to protect them from potential hazards (e.g., unauthorized access), and access privileges should be restricted and monitored.

Question 4

Redundancy

Answer 4

Backup copies of programs and data should be made for security reasons. Critical computations should be repeated as a check on accuracy.

Question 5

Comparison

Answer 5

Comparisons between data provide a check on accuracy and may signal problems to be investigated.

Question 6

Assistance

Answer 6

Control problems often result from the inability to handle a job, inadequate training, and lack of ongoing guidance.

Question 7

Oversight

Answer 7

Supervision of employees, internal audits, and external audits encourage careful work and reduce the likelihood that inappropriate activity will occur. Independent reconciliation and verification activities support this concept.

Question 8

Accountability

Answer 8

Holding employees accountable for their actions promotes compliance with established control activities (e.g., performance/operating reviews). This also encourages careful work.

Question 9

Automated Controls

Answer 9

Controls programmed into computer software.

Question 10

Manual Control Procedures

Answer 10

are weaker in that even in the best control environment, human behavior lacks consistency.

Question 11

Control Activities

Answer 11

Cannot provide absolute assurance that all risks will be eliminated.

Question 12

Preventive Controls

Answer 12

A control that deals with or stops potential problems through the controls in place.

Question 13

Detective Control

Answer 13

A control that provides feedback regarding violations of controls in place.

Question 14

Corrective Control

Answer 14

A control that remedies a control violation after it has been detected.

Question 15

AU 314 Appendix Classification scheme

Answer 15

Performance reviews
Physical controls
Segregation of duties
Information processing

Question 16

Performance reviews

Answer 16

Timely performance reviews act as detective control and corrective control.
Used to mitigate risks, reduce costs, reduce customer complaints by responding via social media.

Question 17

Physical Controls

Answer 17

Devices and measures that protect computer hardware and other assets, such as cash, inventories, securities, fixed assets, mechanical check signers, and signature plates.

Question 18

Segregation of Duties

Answer 18

A control activity in which authorization of transactions, custody of related assets, and modification or creation of related data and program files (or paper-based records) are segregated so that a single individual cannot both perpetrate and conceal an error or inappropriate activity.

Question 19

Enforcing vacation

Answer 19

Employees are forced to take vacation days so that one person does not always work on the same task. It is to avoid errors and inappropriate actions.

Question 20

Cryptography

Answer 20

The process of transforming, or encrypting, data (usually by scrambling) into a “secret code.”

Question 21

Encryption

Answer 21

A process, typically involving a mathematical encryption algorithm and an encryption key that scrambles data to prevent unauthorized persons from accessing the data.

Question 22

Digital Signature

Answer 22

Extra data appended to an electronic message which identifies and authenticates the sender.

Question 23

Repuidation

Answer 23

A customer’s denial that an order was placed for goods or services from a vendor.

Question 24

Digital Certificate

Answer 24

A form of electronic identification that is issued by a certification authority (CA) after the CA verifies the company participating in e-commerce activities is legitimate.

Question 25

The secure Sockets Layer (The SSL)

Answer 25

protocol, represented by a small lock in the lower right hand corner of a webpage is currently the most commonly accepted protocol used by web browsers to protect sensitive data in transit.

Question 26

Transmission medium for mobile devices and networks

Answer 26

Because fiber-optic cable carries signals as light waves rather than as electrical impulses, it provides better access security than other types of cable.

Question 27

Automatic Log off

Answer 27

The disconnection of a workstation from a file server or host computer if there has been no activity for a given period of time.

Question 28

Fire Suppression systems

Answer 28

Computer equipment is subject to damage should there be a fire in the data center. Fire is a major threat to the electrical equipment, so it is essential to protect the data center from this hazard. Fire extinguishers should be available (water-based and gas-based), and easily accessible. There should be equipment to provide early warning of a fire that is heard in an area that has continuous occupation by employees. These systems should be inspected and tested on a regular basis.

Question 29

Environmental Control

Answer 29

Computer equipment is also sensitive to temperature and humidity. There should be environmental systems in place to control the temperature and humidity within a certain range. Typically, the range for temperature is between 18 and 21° C (65–70° F) and preferred humidity ranges between 45 and 55%.

Question 30

Backup Controls

Answer 30

All files should be backed up routinely, and the backup copies should be stored in a secure, off-site location and tested regularly for readability. The backup medium should also minimize cost.

Question 31

Downtime Controls

Answer 31

The repair of computer hardware may take several days and, occasionally, several weeks. Therefore, to reduce the amount of downtime, maintenance schedules should be established for all computer hardware. Conformity with these schedules should be checked routinely. Provision also must be made for emergency repairs to minimize nonproductive downtime.

Question 32

Recovery Controls

Answer 32

Recovery controls deal with prompt recovery from equipment failure (such as controller failure, electrical failure, or media/head crashes) and natural disasters (such as flood, lightning, fire, earthquake, or hurricane) that could put the information processing facilities out of operation for an extended period.

Question 33

Automatic Roll back

Answer 33

When a running program prematurely terminates, it cannot be restarted until associated records and files are returned to their original condition. A database management system has a feature called automatic rollback in which incomplete transactions are backed out so the database is returned to the state it was in before the transaction began.

Question 34

Disaster Recovery Plan

Answer 34

A plan that documents detailed recovery procedures in the event of equipment failure or disasters to quickly and smoothly restore an organization’s processing capabilities.

Question 35

Steering Committee

Answer 35

A steering committee establishes or approves information processing policies and operating standards, approves system projects, sets priorities for implementing systems, evaluates the effectiveness of processing operations, and generally monitors and evaluates information processing activities.

Question 36

Input Controls

Answer 36

Control activities that deal with the authorization, entry, and verification of data entering the system.

Question 37

Verification Controls

Answer 37

Programmed edit and validation routines that verify the correctness of entered data. They test for valid codes, reasonableness of amounts, valid data type (numeric, alphanumeric), valid field length, logical relationships, anticipated contents, and valid date.

Question 38

Check Digit

Answer 38

A single digit appended to a number to validate the number. The digit is computed from the other digits in the number itself.

Question 39

Record Count

Answer 39

A count made at different points in the system—if the count remains the same, this indicates the same total records are in the batch. This count helps guard against the accidental loss of records. However, by itself the control does not necessarily confirm that the same records are present.

Question 40

Control Total

Answer 40

The sum of an amount or quantity field contained in the transaction records, such as the sum of all the net amounts due in a batch of invoices. Control totals are used to ensure that as a batch progresses through the various processing stages, it contains the same set of records.

Question 41

Output Controls

Answer 41

Control activities that relate to providing output to the appropriate people and using the output appropriately.

Question 42

Master file maintenance Controls

Answer 42

Control activities designed into the master file maintenance function, which is used to add records, change the contents of certain fields in records, and delete records.

Question 43

Test Data

Answer 43

A technique for auditing through the computer where the auditor uses hypothetical transactions to audit the programmed controls and logic.

Question 44

Parallel Simulation

Answer 44

A technique for auditing through the computer where the auditor attempts to simulate or duplicate the firm’s output using another computer program to test actual data and compares the results to those produced by the firm’s computer system.

Question 45

Integrated test facility

Answer 45

A technique for auditing through the computer where the auditor uses artificial data to test how well the AIS performs its tasks.

Question 46

Embedded audit module

Answer 46

A module that is actually inserted into an application program to monitor and collect data based on transactions.

Question 47

Cybersecurity

Answer 47

How a company protects its information assets (e.g., data, human resource information, financial information, proprietary information). Threats to the security of the assets can come from within the company or from outside the company.

Question 48

Personally identifiable information (PII)

Answer 48

Information, such as credit card information, that can be used to identify a person. Cybercriminals compromise/steal information to impersonate someone else and use that information to open unauthorized accounts and credit cards.

Question 49

Which of the following controls would be most effective in assuring the proper custody of unissued checks?

Answer 49

The balances in the check disbursements transaction log are periodically compared with the copies of checks issued by independent personnel.

Question 50

If a total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll application?

Answer 50

Department numbers

Question 51

To access data and program files, what should users be required to enter?

Answer 51

A personal identification number

Question 52

Segregation of duties stops which of the following from happening?

Answer 52

One person can add/delete customer accounts and handle the normal data entry of sales.

b. One person can maintain the cash account and reconcile the cash account.
c. One person can perpetuate and conceal errors and inappropriate activities.

Question 53

Which of the following are general controls?

Answer 53

Disaster Recovery Plan

Question 54

Self-checking digits are used to detect which of the following errors?

Answer 54

Transposing a vendor code

Question 55

Transaction Set

Answer 55

The complete format specifications for any EDI document are known as a transaction set. Examples: Purchase order, invoice, Sales tax return, etc.

Question 56

EDI protocol and standards

Answer 56

EDI standards are set under the supervision of the American National Standards Institute (ANSI) domestically and the United Nations internationally.

Question 57

Value Added Network

Answer 57

A VAN is a service provider that expedites the delivery of electronic documents over a private network.

Question 58

Functions of VAN

Answer 58

■ Provide implementation and continuing support for new EDI users
■ Accept EDI transmissions to outside parties and store them
■ Deliver EDI transmissions when requested by intended recipients
■ Translate the transmissions from the sender’s format to that of the recipient, if necessary
■ Guarantee security and reliability

Question 59

Internet EDI

Answer 59

A much cheaper way to transport messages using EDI standards is to replace VANs with Internet service providers. Used This subgroup is called EDIINT for Electronic Data Interchange-Internet Integration to protect delivery and sender of the message and privacy.

Question 60

Inventory process

Answer 60

The inventory process of mercantile organizations, although not as complex as that of manufacturers, is one of the most complex processes in an organization.

Question 61

Periodic inventory

Answer 61

you rely on periodic physical inventory counts to calculate an overall cost of goods sold amount.

Question 62

COGS

Answer 62

Merchandise Inventory, beginning balance
Plus Merchandise Purchases (net of returns, allowances, and/or discounts)
Less Merchandise Inventory, ending balance
Equals Cost of Goods Sold

Question 63

SCM

Answer 63

A system that allows an organization to connect the chain of manufacturers, distributors, and retailers in managing inventory planning and flow throughout the supply chain.

Question 64

SCM performs tasks such as:

Answer 64

■ Systematize the location and production capabilities of factories and distribution centers
■ Unify worldwide inventory management and order fulfillment
■ Optimize the global supply chain
■ Integrate tax efficiency into the global planning process

Question 65

EDI in SCM

Answer 65

Two contributions of EDI to supply chain management should be obvious at this point—(1) the elimination of the expense of purchasing, handling, and mailing paper documents and (2) efficiencies gained by avoiding data entry of incoming documents.

Question 66

RFID

Answer 66

Considered the “next generation of barcodes,” RFID is a code that identifies not only a class or type of product but also an individual product as it moves along the supply chain and ends up in the possession of an individual.

Question 67

Outsourcing

Answer 67

Transferring a non-core activity (or activities) to a third-party service provider.

Question 68

Service level agreement

Answer 68

A document that is key to protecting an organization who outsources a good or service. The SLA can include things like specifications of deliverables required from the third-party service provider.

Question 69

Automatic pricing

Answer 69

A feature in the inventory module in which pricing formulas are stored so that when the cost of an item changes, the selling price is automatically recalculated.

Question 70

Lead time

Answer 70

The period of time between the ordering of inventory and its receipt from a vendor.

Question 71

Lead time stock

Answer 71

The number of units of inventory that covers sales of inventory during lead time without encroaching on the safety stock.

Question 72

Safety Stock

Answer 72

The quantity of inventory that is necessary to avoid the loss of sales due to stockouts.

Question 73

Reorder Point

Answer 73

The sum of the safety stock and the lead time stock.

Question 74

Holding Costs

Answer 74

Costs associated with maintaining and storing inventory.

Question 75

Stockout Costs

Answer 75

The contribution margin lost on sales due to stockouts

Question 76

Free Stock

Answer 76

The stock available for sale after consideration of stock committed to customers.

Question 77

The economic order quantity is equal to the maximum stocking level less:

Answer 77

safety stock.

Question 78

Lead-time stock is:

Answer 78

lead time in days multiplied times the sales rate per day.

Question 79

The type of entry you always expect to find in the inventory transaction file is one recording:

Answer 79

adjustments to inventory balances.

Question 80

The purpose of the excess inventory report is to call management’s attention to:

Answer 80

all inventory items for which the on hand plus on order less committed stock is greater than the safety stock plus the EOQ by a material dollar value.

Question 81

The purpose of the inventory turnover report is to:

Answer 81

reveal obsolete inventory.

Question 82

Big data

Answer 82

The voluminous amount of data that is generated every day by all of us through Internet access, mobile device use, and other means.

Question 83

Volunteered Data

Answer 83

Data individuals choose to provide on platforms such as social media.

Question 84

Observed Data

Answer 84

Data captured through recording geo-location or activity on websites.

Question 85

Inferred Data

Answer 85

Data gathered based on combinations of volunteered or observed data (e.g., a credit rating).

Question 86

Structured Data

Answer 86

refers to data such as numbers and text that are formatted for use in relational databases and spreadsheet analysis.

Question 87

Unstructured Data

Answer 87

Data such as videos, audio recordings, and photos, which cannot be easily formatted for use with traditional analysis tools such as spreadsheets.

Question 88

Semi-Structured Data

Answer 88

Data that are somewhat unstructured but provide context for analysis; for example, data that have been tagged with XML for reporting purposes.

Question 89

Predictive Analysis

Answer 89

The process of harnessing the power of big data to predict trends and behavior such as buying patterns or potential insider threats.

Question 90

Prescriptive analytics

Answer 90

Using big data to prescribe solutions to issues noted by predictive analysis.

Question 91

Benefits of using big data

Answer 91

■ Better planning and prediction results.
■ Ability to target the marketing of products to their current and potential customers.
■ Increased customer loyalty and customer satisfaction from being able to respond quickly to customer feedback and suggestions.
■ Operational efficiency improvements that encourage innovation and lead to better-informed business decisions.
■ Agility in responding to changes in the market because of a company’s ability to act on market demand predictions in near real-time.

Question 92

De-identity

Answer 92

Eliminating personal identifiers in data to protect the individual or business.

Question 93

Infrastructure-as-a-service (IaaS)

Answer 93

A cloud service offering the hosting of virtual machines and servers for clients, as well as client application support, data back up, and disaster recovery planning.

Question 94

Platform-as-a-service (PaaS)

Answer 94

A cloud service that offers tools, which includes the operating system, for the client to configure their data storage and develop applications on the cloud provider’s servers.

Question 95

Software-as-a-service (SaaS)

Answer 95

The most inclusive cloud service that comprises infrastructure, platforms, and applications (i.e., software) from the cloud service provider. The cloud provider handles all levels of computing for the client.

Question 96

Benefit of using cloud

Answer 96

Flexibility and scaleability