Information Technology

Question 1

What is one of the most important compensating controls in a small business?

Answer 1

Engaging the owner in activities - the owner should have direct participation in business activities, including financial record keeping.

Question 2

What does Automated Transaction Processing result in?

Answer 2

Uniformity of transactions

Question 3

Which system needs a greater level of controls - manual or automated?

Answer 3

Manual

Question 4

Computer processing virtually eliminates the occurrence of what?

Answer 4

Computational error normally associated with manual processing.

Question 5

What are six risks that are still faced despite switching from a manual to an automated system?

Answer 5

1. Faulty programs
2. Unauthorized access
3. Unauthorized changes
4. Failure to update the system
5. Manual intervention
6. Data loss

Question 6

What are the 3 main areas of the COBIT Framework?

Answer 6

1. Domains and Processes
2. Information Criteria
3. IT Resources

Question 7

What are the 4 domains that encompass the domains and processes of the COBIT Framework?

Answer 7

1. Planning and organization
2. Acquisition and implementation
3. Delivery and support
4. Monitoring

Question 8

What makes up the information criteria of the COBIT framework?

Answer 8

1. Effectiveness
2. Efficiency
3. Confidentiality
4. Integrity
5. Availability
6. Compliance
7. Reliability

Question 9

What makes up the IT resources of the COBIT framework?

Answer 9

1. People
2. Applications
3. Technology
4. Facilities
5. Data

Question 10

What is something that a firm may not be too concerned about when enhancing IT?

Answer 10

Cutting costs

Question 11

What are important goals of an ERP system?

Answer 11

Improving responsiveness and flexibility and aiding int he decision making process in an organization

Question 12

Define the ERP system:

Answer 12

Provides transaction process, management support, and decision making support in a single, integrated package.

Question 13

What do ERP’s attempt to eliminate?

Answer 13

Many of the problems faced by organizations when they attempted to consolidate information from operations into multiple departments, regions and divisions

Question 14

What is scalability?

Answer 14

Capacity of a system to grow with the information processing needs of an organization.

Question 15

What is SaaS?

Answer 15

Use of the cloud to use and access software.

Question 16

What is PaaS?

Answer 16

Use of the cloud to create software.

Question 17

What is IaaS?

Answer 17

Use of the cloud to access virtual software.

Question 18

What is an online analytical processing system (OLAP)?

Answer 18

Incorporates data warehouses and data mining capabilities with ERP. It primarily provides an integrated view of transactions in all parts f the system.

Question 19

What is an online transaction processing system (OLTP)?

Answer 19

Records day to day operation transactions and enhances visibility of these transactions throughout the system. It is primarily concerned with collecting data (and not analyzing it) across the organization.

Question 20

According to COSO, evaluating the quality and nature of IT department staff trainings demonstrates what?

Answer 20

A commitment to retain competent individuals in alignment with objectives.

Question 21

What is the problem with a programmer who writes applications for a firm but also has access to the file library (aka the archives?

Answer 21

She has the capability to change both live and archived copies of programs, and the changes may not be detected.

Question 22

Coding approved changes to a payroll program is an appropriate responsibility for who?

Answer 22

An application programer

Question 23

A company that sells hand carve statues from rural Indonesia online is using what to sell their product?

Answer 23

Product differentiation - competitors are unlikely able to sell the same product.

Question 24

How can IT influence product differentiation?

Answer 24

1. Use the internet as a distribution channel
2. IT can improve quality and can create differentiation through the use of lasers and 3D printers
3. Products are increasingly digitized. So quality is better but the costs are lower.
4. Info on the internet can be updated faster than catalogues - product cycles are shorter and the evolution of products is faster that allows for differentiation.

Question 25

How can IT influence cost leadership?

Answer 25

1. Reduce costs, improves efficiency of production and delivery systems
2. Intense price completion due to the internet being available to almost everyone. So because of this, there could be shifts away from low cost to produce differentiation instead.

Question 26

What is MIS?

Answer 26

Management information system. Supports routine management problems.

Question 27

What is AIS?

Answer 27

Accounting Information System and is the subset of MIS. It pulls financial data from transaction processing systems to create financial statements and management control reports (I..e A/R agin). Yardi is an AIS.

Question 28

What is DSS?

Answer 28

Decision Support Systems - provides info to managers to assist in managing non-routine issues and LT planning

Question 29

What is an ESS?

Answer 29

Executive Support System - subset of DSS that are especially designed for forecasting and making long range strategic decisions, and they place greater emphasis on external data.

Question 30

What has the greatest impact on the decisions of an effective management reporting system?

Answer 30

The types of decisions that need to be made

Question 31

Petco has a system that examines large sets of data to determine patterns in client’s use of facilities. What is this an example of?

Answer 31

DSS

Question 32

BOD of manufacturing Co. is considering whether to expand manufacturing facilities to include a produce line Board is using both internal and external information concerning economic conditions, market projects for new product, cost of L/T financing alternatives and info about potential new competitors. What is this an example of?

Answer 32

ESS

Question 33

For CPA purposes, flat file systems are?

Answer 33

Bad/antiquated.

Question 34

For CPA purposes, database systems are?

Answer 34

Good

Question 35

What is a data warehouse?

Answer 35

Archive of an organizations operational transactions (sales, purchases, production, payroll) over a period of years

Question 36

Can external data be included in data warehouses?

Answer 36

Yes, external data that might be correlated with these transactions, such as economic indicators, stock prices, and exchange rates, is included.

Question 37

What is data mining?

Answer 37

process of performing statistical analysis and automatically searching for patterns in large volumes of data

Question 38

What is a data mart?

Answer 38

specialized version of a data warehouse that contains data that is pre-configured to meet the needs of specific departments.

Question 39

RJ is reading an online summary production cost report and wants to known why the use of hammers used in construction of buildings is so high. What does he need to do?

Answer 39

Drill down. Which means he needs to move from summary to detailed information to determine its cause.

Question 40

Database management software is considered both software and?

Answer 40

Midaleware

Question 41

Customer #, Customer Name, Customer Phone, Customer Contract, Customer Credit Limit are all examples of:

Answer 41

Fields - also known as attributes

Question 42

Order data elements:

Answer 42

Files are composed of:
Records: are composed of:
Fields: are composed of
Data Values: are composed of
Bytes (characters) are composted of:
Bits: smallest element of storage in computer system

Question 43

Why are microcomputers more cost effective than mainframes for data entry and presentation?

Answer 43

Microcomputers are better suited to frequent screen updating and graphical user interfaces.

Question 44

What does a optical disc recorder use to burn data?

Answer 44

A laser

Question 45

What are a few characteristics of solid state storage?

Answer 45

Not a ton of storage, but has great security

Question 46

What is RAM?

Answer 46

Random access memory - temporary data store

Question 47

What are magnetic discs?

Answer 47

efficient way to store and retrieve individual records (secondary storage)

Question 48

What is ROM?

Answer 48

Read only memory - permanently store data needed to power on computer

Question 49

What is a CPU?

Answer 49

central processing uint - control center of the computer system and had 2 d principal components.

Question 50

What is OLRT?

Answer 50

online real time system - example would be what is use for airline reservations.

Question 51

What are master files?

Answer 51

Computerized counter part of ledgers found in manual systems.

Question 52

What do master files do?

Answer 52

They maintain balances by accounts (financial statement accounts, customer accounts, vendor accounts, etc) they perform the same function as ledgers (and subsidiary ledgers) do in manual systems.

Question 53

What will speed up the adoption of automated authentication?

Answer 53

Adoption of loT.

Question 54

What is a reason for a retailer in particular to want to adopt a new payment system?

Answer 54

Reduce abandonment rates. Abandonment is the rate at which customers abandon purchases at check out.

Question 55

When a firm uses data on the strength of a user’s touch on a keyboard to partially authenticate users, it is using what type of authentication?

Answer 55

Multifactor authentication. The key word here is partially. Although this is a biometric authentication.. this is only a portion of the authentication.

Question 56

What are HMDs?

Answer 56

Attach sensors to glasses or helmets and are therefore a type of loT device.

Question 57

Automating security system changes internal controls control over access to systems is part of what?

Answer 57

Accounting controls

Question 58

What are a few examples of what you can use HMDs for?

Answer 58

1. Real time system monitoring
2. Visualizing
3. Video conferencing

Question 59

What is Big Data?

Answer 59

Creation, analysis, storage, and dissemination of extremely large data sets. It is possible now because of technologies like cloud data. It also changes a company’s risk profile.

Question 60

What is dark data?

Answer 60

Underused data.

Question 61

What is loT?

Answer 61

“Internet f Things” and is also an example of big data.

Question 62

What are some examples of Big Data?

Answer 62

Dark data, multifactor identification data, video conferencing data.

Question 63

Is sales data big data?

Answer 63

It’s a traditional data source.

Question 64

What are some benefits of big data?

Answer 64

1. Target marketing
2. Improved system monitoring
3. Better compliance

Question 65

Are IT Cost Savings a benefit of big data?

Answer 65

No, big data projects are expensive and therefore IT cost savings from big data are unlikely.

Question 66

What are some roles for accountants in big data?

Answer 66

1. Assessing quality and integrity of big data
2. Integrating big data into evolutions of internal control
3. Data scientists

*They do not hold the responsibility for building them

Question 67

What relationship does big data have with existing data warehouses?

Answer 67

Big Data uses existing data warehouses, but data warehousing is not a direct enabler of big data.

Question 68

What are some enablers of big data?

Answer 68

Analytics, dark data, loT

Question 69

Describe what a bitcoin is.

Answer 69

It is an intangible asset. It has value but no physical form. It is a form of electronic cash. The IRS taxes it as property. It is decentralized and not under the control of the government.

Question 70

What type of network does bitcoin have?

Answer 70

Peer-to-peer network

Question 71

Is bitcoin susceptible to fraud?

Answer 71

Yes - particularly the Ponzi scheme.

Question 72

Describe what a block chain is.

Answer 72

It is a decentralized, distributed ledger. It is a non-modifiable audit trail of transactions. Everyone in the peer to peer “network” can always log, view and confirm. It is an electronic file that consists of blocks.

Question 73

Which component of the COSO framework is Blockchain a powerful example of?

Answer 73

Continuous monitoring. Blockchain is an excellent example of new technology that enables continuous monitoring of the accounting system.

Question 74

What is an important outmode of the use of blockchain?

Answer 74

Reduced auditing and compliance costs are an important outcome of the use of blockchain. Since the accounting transaction are stored on an automated, secured network, then auditing and compliance costs should go down.

Question 75

Provide a short description of AI technologies.

Answer 75

Include reasoning and judgement abilities that do not exist in most applications. It can be biased.

Question 76

What is an example of AI technology?

Answer 76

IBM’s Watson system. It is used by KPMG to generate predictive analytics that help clients identify and manage F/S risk.

Question 77

What does AI depend heavily on?

Answer 77

Fast computers and big data.

Question 78

What is a goal of AI?

Answer 78

Machine learning.

Question 79

What are some risks of AI?

Answer 79

Confirmation bias, privacy issues, prediction bias.

Question 80

Is AI used when preparing F/S?

Answer 80

Preparing F/S is a standardized task that is least likely to be mostly automated into the AI system.

Question 81

What are some examples of Accounting work with AI?

Answer 81

1. Working w/ an AI to harvest and clean data for use in predicting fraud risk.
2. Working on a legacy system with AI assistance, that is uneconomical to replace with AI technology
3. Develop and AI system to analyze the risk of investing in the extraction industry.

Question 82

How should management assess cyber risk?

Answer 82

Management must know and understand which systems are critical to organizational objectives an understand which systems are most valuable to the organization.

Question 83

When it comes to assessing cyber risk, who should lead the initiative?

Answer 83

SR management should lead the initiative and collage with business and IT stakeholders.

Question 84

Why must you understand the industry when assessing cyber risk?

Answer 84

Because cyber criminals often engineer industry specific attacks.

Question 85

Who should be notified first about cyber breaches?

Answer 85

The entity’s external auditors.

Question 86

What types of controls can an entity manage cyber risks?

Answer 86

Should attempt to prevent cyber breaching with preventative controls but also address those that occur through detect and corrective controls.

Question 87

What are the 5 functions of the framework for cyber security?

Answer 87

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

Question 88

What are the subcategories of the framework for cyber security?

Answer 88

• Identify and catalog external information systems
• Protect data at rest
• Investigate notifications from detection systems.

Question 89

What are the 4 implementation tiers?

Answer 89

Tier 1 - Partial
Tier 2 - Risk informed
Tier 3 - Repeatable
Tier 4 - Adaptive

Question 90

Firm is reviewing its cyber security to explore its current state and related risks as part of establishing a high level objectives for cybersecurity. In the framework of cyber security, this is an example of?

Answer 90

The element categories and the function identify. The organization is exploring how is it doing? at a higher level related to cyber security. Function “identify” because the focus is on high level objectives and element is categories.

Question 91

Are IT policies particularly important in decentralized or centralized companies?

Answer 91

Decentralized since IT services are likely to be less under the control of management.

Question 92

What are the five IT security principals specified by the AICPA?

Answer 92

1. Security
2. Availability
3. Processing Integrity
4. Confidentiality
5. Privacy

Question 93

Which on of the five IT security principals specified by the AICPA is the foundation of systems reliability?

Answer 93

Security

Question 94

Which one of the five IT security principals specified by the AICPA supports system availability for operations and monitoring?

Answer 94

Availability

Question 95

Which one of the five IT security principals specified by AICPA is the completeness, validity, accuracy,y timeliness, and authorization of system processing?

Answer 95

Processing integrity

Question 96

Which one of the five IT security principals is related to the collection, use, retention, disclosure, and disposal of personal info?

Answer 96

Privacy

Question 97

What is defense in depth and provide an example?

Answer 97

Includes the implementation of multiple control layers. An example would be if an organization implements an integrated package of authentication controls related to critical systems.

Question 98

Which one of the five IT security principals concerned when confidential information is protected consistently with the organization’s commitments and agreements?

Answer 98

Confidentiality

Question 99

What is GAPP?

Answer 99

A set of criteria to guide best practices related to data privacy.

Question 100

A manufacturing company discovers that its rollback and retention procedures do not include data from a key system related to production quality? What does this problem relate to?

Answer 100

Disaster recovery preparation, which is a subcategory of IT policies.

Question 101

Do IT policies need to relate specifically to physical or electronic threats to IT policies?

Answer 101

No, not necessarily .

Question 102

What is quality as it relates to IT policies?

Answer 102

Statement of IT performance standard.

Question 103

What is electronic communication use as it relates to IT policies?

Answer 103

Policy related to employee use of the Internet, intranet, e-mail, etc.

Question 104

What is security as it relates to IT policies?

Answer 104

Guarding against physical or electronic threats to IT

Question 105

What is B2B E-Commerce?

Answer 105

Includes EDI, supply change management (SCM) and EFT.

Question 106

What is B2C E-Commerce?

Answer 106

Selling to consumers using the internet and web based technology.

Question 107

What is B2E E-commerce?

Answer 107

Interact withe employees through portals and intranets.

Question 108

What is B2G E- Commerce?

Answer 108

G stands for government. Providing property tax data online, paying parking tickets online, online contract bidding.

Question 109

What does an e-procurment company seek bids to do?

Answer 109

Provide a product or service.

Question 110

What are some risks/problems of E-Commerce?

Answer 110

System availability, non repudiation, failure to trust trading partners, establishing identity and authenticity, privacy of customers info, secure exchange for payment of goods/services.

Question 111

What is EDI?

Answer 111

Electronic data interchange - system to system exchange of business data (I.e. purchase orders, confirmations, invoices, etc) in structured formats that allow direct processing of the data by the receiving system.

For example - Commerical cafe

Question 112

What is CRM?

Answer 112

Customer relationship management - provides tools to analyze the information and develop personalized marketing plans for individual customers.

Question 113

What is a token based payment system?

Answer 113

Electronic cash, smart cards, paypal

Question 114

What is a common motivation for the use of a VAN?

Answer 114

Increased security

Question 115

Encryption can be used to ensure the privacy and security of EDI messages both during _____ and when ____.

Answer 115

Transmission and when stored.

Question 116

What is more secure, hardware encryption or software encryption?

Answer 116

Hardware encryption is inherently more secure than software based encryption. Software can be more easily accessed and altered than hardware.

Question 117

Why is the CEO of a small entity is more likely than the CEO of a large entity to be aware of the risks arising from internal factors?

Answer 117

CEO of small entities will have hands on involvement with all levels of personnel.

Question 118

An internal private cloud is not shared and is wholly owned and managed within what?

Answer 118

Within the entity. This is not an example of IT outsourcing.

Question 119

What is an essential element of an internal cloud?

Answer 119

It is behind an entity’s firewall.

Question 120

What do effective cloud solutions required?

Answer 120

Require considering and integrating relevant business process, a deployment model, and a service delivery model.

Question 121

How do you manage the lack of CSP transparency?

Answer 121

When the firm who purchases CSP regularly requests and receives data about the system’s performances of CSP.

Question 122

Who should test spreadsheets of a small business and why?

Answer 122

Spreadsheets as part of a small business computing should be reviewed and tested by an independent 3rd party to ensure they operate as expected.

Question 123

What is most likely to be absent in a small business computer environment?

Answer 123

Authorization. There is a great need for a 3rd party review and testing within the small business computing environment.

Question 124

What is an important physical security control in a small business environment?

Answer 124

Locking doors when offices are open and removing storage devices to secure locations.

Question 125

What are three important things that need to happen in a small business computing environment?

Answer 125

1. Independent 3rd party review is especially important.
2. Back up procedures are important
3. Additional supervision of computing may be necessary

Question 126

What is a data warehouse?

Answer 126

Example of online analytical processing. Combines data into subject oriented, integrated collection of data used to support the management decision making process.

Question 127

When would a distributed processing environment be most beneficial?

Answer 127

When large volumes of data are generated at many locations and fast access is required. It is useful when processing is done in multiple locations. It enables the processing of large volume of transactions and fast access to data.

Question 128

What is a hybrid/distributed database system?

Answer 128

A system that distributes processing to local units but also maintains a centralized database.

Question 129

What is a decentralized system?

Answer 129

A system that allows for more customization to meet the needs of location operations.

Question 130

What is a centralized system?

Answer 130

Similar to M:Drive - can remove in, bit it is all centralized in one location.

Question 131

How does a peer to peer network work?

Answer 131

A central server is not required. It is simple, expensive, and used by LANs.

Question 132

What are LANs?

Answer 132

Network confined to limited geographic area and are dedicated lines.

Question 133

What are WANs?

Answer 133

National/international network that are on public or shared lines. This is the most appropriate type of network for a company that needs its network to function inexpensively in widely separated geographical areas.

Question 134

What is a node?

Answer 134

A device connected to a computer network.

Question 135

What is a twisted pair?

Answer 135

Low cost comparatively low quality transmission media

Question 136

What is an extranet?

Answer 136

Open to an organization’s associates (company suppliers, customers, business partners, etc) to access data that is relevant to them.

Question 137

What is HTML?

Answer 137

Core markup language (a way of tagging text) for Web Pages.

Question 138

What is TCP/IP?

Answer 138

Data control protocol/internet protocol that is the control transmission on the internet.

Question 139

What is XBRL?

Answer 139

specifically designed to exchange financial info over the WW web

Question 140

What are application firewalls?

Answer 140

Have the ability to do much more sophisticated checks and provide much better control (thats network firewall fo example)

Question 141

What is a network firewall?

Answer 141

Perform relatively low level filtering capabilities.

Question 142

What would data control language used in a relational database most likely include?

Answer 142

Commands used to control which users have various privileges relating to a database. For example, who is able to read from and write to various portions of the database.

Question 143

What are internal disk labels read by?

Answer 143

Software.

Question 144

What is used to identify data records in an accounting system file?

Answer 144

Headers. This has nothing to do with the formal of a word processing document - but the title was misleading.

Question 145

What type of controls are IT facility controls?

Answer 145

General

Question 146

What floor in a building is the best choice to locate a centralized computer facility?

Answer 146

Middle Floor.

Question 147

What type of control would restricting physical access to the IT department be?

Answer 147

Preventative control. It prevents unauthorized individuals from gaining physical access to the system.

Question 148

What are SET protocols?

Answer 148

Secure Electronic Transactions. These protocols are used for credit card payments so that the merchant can securely transmit payment payment information and authenticate.

Question 149

What us cipher text?

Answer 149

Text that has been mathematically scrambled so its meaning cannot be determined without the use of an algorithm key.

Question 150

What is a VPN?

Answer 150

Virtual Private Network. It is a secure way to create an encrypted communication tunnel to allow remote users and encryption to prevent unauthorized users from intercepting data.

Question 151

What types of keys can be used to encrypt and decrypt messages?

Answer 151

Both public and private keys. Public key can only decrypt messaged encrypted with a private key and vice versa.

Question 152

What provides the most reliable form of electronic authentication?

Answer 152

Digital certificates. They provide a higher level of reliability than a digital signature.

Question 153

What occurs with a digital certificate?

Answer 153

An independent background check is completed ton confirm the identify of the requesting entity.

Question 154

How does a digital signature work?

Answer 154

Uses public/private key encryption technology to provide means of authenticating messaged delivered I a networked environment.

Question 155

Who has the private key in asymmetric encryption?

Answer 155

The receiver.

Question 156

What is a cold site for disaster recovery?

Answer 156

No computers. Cheap. Off-site location.

Question 157

What is a warm site for disaster recovery?

Answer 157

Has computers, not back up data. Costs a little more money than a cold site but less than a hot site.

Question 158

What is a hot site for disaster recovery?

Answer 158

Has everything and is a near immediate operation. More expensive than a warm.

Question 159

What is a mirrored site?

Answer 159

Fully redundant and the most expensive. It is fully staged with real time replication.

Question 160

What types of tasks are given first priority in disaster recovery planning?

Answer 160

Mission critical tasks.

Question 161

What type of disaster recovery is described by an alternative location where there will be a delivery of duplicate computer hardware

Answer 161

Cold site. The hardware and records are being delivered after the occurrence of a disaster.

Question 162

What information would contribute to the development of a disaster recovery plan?

Answer 162

Collecting names and locations of key vendors, current hardware configuration, names of team members, and finding an alternative processing location.

Question 163

How many remote back up sites should a firm have?

Answer 163

A firm should maintain at least one remote archive offsite.

Question 164

What is a checkpoint and restart backup?

Answer 164

This is common with batch processing. It is the point where processing accuracy is verified. There are periodic backups and if there is a problem, you would be able to return to the most recent checkpoint and restart.

(Like and iPhone backup - when you back up to the cloud, you can return to the point where the last back up was)

Question 165

What is a rollback and recovery backup?

Answer 165

Common to online, real time processing. There is a record processing transaction in a log. Periodically record master file contents and if there is a problem, you return to the good master file and reprocess subsequent transactions.

Question 166

What are fault tolerant systems?

Answer 166

They operate despite component failure.

Question 167

What are high availability clusters?

Answer 167

Computer clusters designed to improve service availability which is common in e-commerce.

Question 168

What is a remote (online) backup by a managed provider?

Answer 168

Automated, outsource to experts, off site, and can be continuous

Question 169

What are SANs?

Answer 169

Storage Area Networks which replicate data from multiple sites. Date is immediately available. This is efficient storage for services.

Question 170

What is mirroring?

Answer 170

Maintaining an exact copy of the data set. It is stored in the same original format and not zipped. It is very fast, but it is very expensive.

Question 171

What is a backdoor computer attack?

Answer 171

Malware program that allows an unauthorized user to gain access to the system by side stepping the normal logon procedures.

Question 172

What is a DNS attack?

Answer 172

Prevents legitimate users from accessing the system by flooding the server with incomplete access requests.

Question 173

What is a logic bomb?

Answer 173

Program planted in system and is dormant until an event or time.

Question 174

What are two types of malicious software?

Answer 174

Virus - which is an unauthorized program that copies itself and damages data.

Worm - virus that replicates across systems, I.e. by sending email floods.

Question 175

What is a Trojan horse?

Answer 175

Program hidden inside a benign file and can insert itself back door. It appears to be legitimate, but performs illicit activity when its run.

Question 176

What are packet sniffers?

Answer 176

They capture packets of data s they move across a computer network. They are used to monitor performance and trouble shoot problems. However, they can also be used by hackers to capture usernames/passwords and other info to help them hack the network.

Question 177

What is a “man in the middle?”

Answer 177

Impersonates sender and receiver.

Question 178

What is Salami Fraud?

Answer 178

Transfers tiny amounts (penny or less) from a large # of accounts.

Question 179

What is social engineering?

Answer 179

Access by tricking employees. An example would be “phishing” which sends spoofed emails with fraudulent websites to fool people entering financial/identification information.

Question 180

What is the most appropriate data gathering techniques for a system?

Answer 180

Interviews
Quick questionnaires
Observations
Systems documentation

Question 181

After changes to a source program have been made and verified, it moves to where?

Answer 181

Production

Question 182

What is change control?

Answer 182

The process of authorizing changes, approving tests results, and copying development programs to a production library.

Question 183

When management of a company has a lack of SOD within the application environment, with programers having access to development and production as well as having the ability to implement application code changes into production without monitoring or a quality assurance function, this is considered a deficiency in what?

Answer 183

Change control

Question 184

What is a SPLMS?

Answer 184

Source program library management system. The functions include storing, retrieving, deleting, and documenting by who, where, and how programs are changes.

Question 185

What are the 4 levels of documentation for processing integrity?

Answer 185

1. Systems Documentation
2. Program Documentation
3. Operating Documentation
4. User Documentation

Question 186

What are some forms of documentation for processing integrity?

Answer 186

Questionnaires, narratives, data flow diagrams, flowcharts, decision tables, and entity relationship

Question 187

What is a SPL?

Answer 187

Source Program Library - critical tot he internal control system by securing/archiving computer programs in a library, and separating them from live programs by storing the library offset.

Question 188

What is systems documentation?

Answer 188

Shows the program and data files, processing logic and interactions w/ other program. (narratives, flow charts)

Question 189

What is program documentation?

Answer 189

Detailed analysis of the inputed data, logic, and output of software. (flowcharts, source code listings, and record layouts)

Question 190

What is operator documentation?

Answer 190

“run manual” - necessary info to execute the program (equipment, data files, computer supplies, execution commands, error messages, verifications, expected output)

Question 191

What is user documentation?

Answer 191

Documents system in language so that an end user can understand when to submit data and request reroutes + procedures for verifying the accuracy of data and correcting errors.

Question 192

What are 6 reasons as to why organizations document their accounting systems.

Answer 192

1. Required by law
2. Facilitates building and evaluating complex systems
3. Training
4. Improve system survival and sustainability
5. System Audits
6. Process re-engineering.

Question 193

What are application controls?

Answer 193

Concern the accuracy, validity, and completeness of data processing in specific application programs. Examples are input and origination controls, processing and file controls, and output controls.

Question 194

What is an important determinant of the correct answer regarding application controls?

Answer 194

Whether it is batch or OLRT processing.

Question 195

What do input controls over transactions do?

Answer 195

1. Validity - transactions are authorized with no duplicates and no fictitious transactions
2. Completeness - All transactions have been captured
3. Accuracy - data has been correctly transcribed, account codes are correct, and all data fields present.

Question 196

What are some examples of input controls?

Answer 196

Missing data check
Field check
Limit test (rang/sign test)
Validity Test
Check digit (used for batches)
Logic/Reasonableness Test
Sequent Check
Key Verification 
Closed loop verification 
Batch control totals (financial, hash, record counts)
Reprinted forms and pre-perfomatted screens 
Default values
Automated data controls

Question 197

What type of input control would catch an error like entering April 31st since there are only 30 days in April?

Answer 197

Logic/Reasonableness Test

Question 198

What type of input control compares value entered in a field to a list of valid data values and an error message is displayed when the value is not found on the list?

Answer 198

Valid/validity test

Question 199

What type of input control helps ensure that a valid and correct account has been entered - after code is entered the system looks up and displays additional info about selected code?

Answer 199

Closed loop verification

Question 200

What is an example of a closed loop verification?

Answer 200

Bank clerk enters account # and customer into pop ups which ensures $$ goes into correct account.

Question 201

How does a record count input control work?

Answer 201

Simple count the number of records in a batch. For example:

Invoice #:
101
102
103
104
105 

Record count is 5.

Question 202

What is an important determinant of the correct answer for questions about application controls?

Answer 202

Processing method

Question 203

What are some processing controls?

Answer 203

Run to run controls
Internal labels (“header/trailer” records)
Audit Trail controls

Question 204

What are the different types of files?

Answer 204

Master files, standing data, transaction files, system control parameter files

Question 205

What is the primary goal of data control?

Answer 205

Ensure that access, change, or destruction of data and storage media is authorized.

Question 206

What are examples of file controls?

Answer 206

Parity check
Read after write check 
Echo check 
Error reporting and resolution 
Boundary protection
Internal labels
External labels
Version control 
File Access and Updating Controls

Question 207

What is the type of file control that is designed to detect errors in data transmission?

Answer 207

Parity Check

Question 208

What type of file control is designed to prevent the mixing of data on a magnetic memory discs and a core storage unit?

Answer 208

Boundary Protection

Question 209

What are examples of output controls?

Answer 209

Spooling (print queue) controls
Disposal of aborted print jobs
Distribution of reports
End user controls
Logging and archiving 
Record retention and disposal

Question 210

What will allow a review of an individual’s access to the system?

Answer 210

A computer log.

Question 211

How does the accounting cycle begin?

Answer 211

By recording business transactions in the form of journal entries.

Question 212

What is the life cycle of journal entries?

Answer 212

They are first recorded in general journals. Then they are posted to ledger accounts.

Question 213

What does the financing cycle contribute to?

Answer 213

The financing cycle contributes funds to the expenditure cycle, which contributes RM to the production cycle.

Question 214

What two cycles receive cash?

Answer 214

Revenue and Financing. Revenue receives cash from sales and financing receives cash from financing activities (creating debt & equity for example)

Question 215

What are the components of the Revenue cycle?

Answer 215

Sales -> Ship/Deliveries -> Accounts Receivable -> Getting Cash

Question 216

What is the most important document in the billing process?

Answer 216

Sales invoice.

Question 217

What is a picking ticket?

Answer 217

Identifies the items to be pulled for a sales order.

Question 218

What is a bill of lading?

Answer 218

The authorization for and terms of a shipping agreement. It is the legal contract between seller and shipper.

Question 219

What is a remittance advice used for?

Answer 219

Matching payments and invoices.

Question 220

Why is the segregation of duties of the receiving function from the purchasing function important?

Answer 220

It allows for all purchase orders to be checked by a separate receiving department which should detect mis-delivered orders.

Question 221

What is a bill of materials?

Answer 221

Used in production and identifies part #’s, descriptions, and quantities of each component in making a product.

Question 222

What is a good control that you can use the bill of materials for?

Answer 222

Match the bill of materials to goods produced to detect over/underuse of materials

Question 223

What is a materials requisition “ticket”?

Answer 223

Authorizes moving raw materials from a store room to production.

Question 224

What is a control that you can use the materials requisition ticket for?

Answer 224

Match the ticket to physical materials in production to ensure that goods are not lost, stolen, damaged, or over-underused in production.

Question 225

What are move tickets?

Answer 225

Identify parts to be transferred into or between the production process.

Question 226

What is an operations list?

Answer 226

Sequence of steps to make a product, which equipment tot use, and how long each step requires.

Question 227

What would be used to authorize a factor worker to move a “sprocket” from raw materials to production?

Answer 227

Materials requisition ticket.

Question 228

What is a master production schedule helpful for?

Answer 228

Reduced excess production of inventory.

Question 229

What is a cumulative earnings register?

Answer 229

YTD gross pay, net pay and deduction by employee.

Question 230

What is a control that a cumulative earnings register can be used for?

Answer 230

Review the register & match it to pay rates by supervisors to confirm OT and regular rates.

Question 231

What is a US Form 941?

Answer 231

Quarterly federal tax return showing all wages subject to tax and amounts withheld for income tax and FICA.

Question 232

What is aa common fraud by a bookkeeper when it comes to employee payroll taxes and deductions?

Answer 232

collect but not pay the payroll tax deducted from an employee’s paycheck

Question 233

What do direct deposits lessen the likelihood of?

Answer 233

Physical checks deposited by someone other than an employee.

Question 234

What is a skills inventory report helpful for?

Answer 234

Matching employee skills to a new job duty.

Question 235

What is an important advantage of outsourcing payroll?

Answer 235

Lower fraud risk.

Question 236

What is the purpose of closing journal entries?

Answer 236

Transfer balances from temporary accounts to R/E

Question 237

What is a control account?

Answer 237

Master account for subsidiary accounts, which must, in the aggregate sums to the total control balance.

Question 238

What is the lead systems analyst responsible for?

Answer 238

All direct contact with end users and for developing overall program logic and functionality.

Question 239

What are application programers responsible for?

Answer 239

They work under the lead system analyst and are responsible for writing and testing a program

Question 240

What are the 7 steps in a system development lifecycle?

Answer 240

1. Planning and Feasibility
2. Analysis
3. Design
4. Development
5. Testing
6. Implementation
7. Maintenance

Question 241

What goes into the planning and feasibility stage of the SDLC?

Answer 241

the technical, economic, and operational feasibility of new system.

Question 242

What goes into the analysis stage of the SDLC?

Answer 242

Analysts work with end users to understand requirements of a new system.

Question 243

What goes into the design stage of the SDLC?

Answer 243

Technical and design specifications

Question 244

What goes into the development stage of the SDLC?

Answer 244

Use design specifications to develop program and data files

Question 245

What goes into the testing stage of the SDLC?

Answer 245

Testing to see if it meets design specifications

Question 246

What goes into the implementation stage of the SDLC?

Answer 246

4 different types:
Parallel - run new and old system
Cold Turkey - drop old system, starting using new one in its place
Phased implementation
Pilot implementation - users are divided into smaller groups and trained on group at a time.

Question 247

What goes into the maintenance stage of the SDLC?

Answer 247

Make sure system is working properly and make any updates based on current need.