Mock Exan 1 Flashcards
Data access security related to applications may be enforced through all of the following except:
a) User identification and authentication functions in access control software.
b) Security functions provided by a database management system.
c) User identification and authentication functions incorporated in the application.
d) Utility software functions.
Utility programs perform routine functions (e.g., sorting and copying), are available to all users, and are promptly available for many different applications. Utility programs are one of the more serious weaknesses in data access security because some can bypass normal access controls.
Which must be part of any risk model involving inventory valuation?
a) Product warranty policies.
b) Inventory shrinkage expense.
c) Annual sales forecasts.
d) Vendor pricing policies.
b) The amount of inventory loss through shrinkage directly affects inventory valuation. Inventory shrinkage must be considered in risk models involving inventory valuation.
Which of the following statements is(are) true regarding the Internet as a commercially viable network?
1. Organizations must use firewalls if they wish to maintain security over internal data.
2. Companies must apply to the Internet to gain permission to create a home page to engage in electronic commerce.
3. Companies that wish to engage in electronic commerce on the Internet must meet required security standards established by the coalition of Internet providers.
a) 2 only
b) 1 only
c) 3 only
d) 1 and 3 only
a) 2 only
During the preliminary survey for an audit of one of an organization’s manufacturing plants, an auditor discovers that the plant experiences production problems with costs far in excess of those budgeted and with finished goods inventory levels that are clearly excessive. Which of the following management control procedures would have best brought the problems to management’s attention earlier?
a) Planning monthly production based on management forecasts, with a report comparing actual production with forecasted production and actual costs with budgeted costs provided to management on a weekly basis.
b) Establishing perpetual inventory control procedures at each plant, with a report detailing any inventory items with levels in excess of two weeks’ production provided to management on a weekly basis.
c) Implementing standard costing procedures at each plant, with a summary of variances reported to management on a weekly basis.
d) Comparing actual sales with forecasted sales and budgeted gross margin with actual gross margin, with a report provided to management on a weekly basis.
a) Comparing actual production with management forecasts detects whether finished goods inventory is excessive, and comparing actual costs with budgeted costs detects unfavorable cost variances.
Which of the following is a true statement about Hadoop?
a) It analyzes text data from the web, comment fields, books, and other text-based sources through the use of machine learning or natural language processing technology.
b) It is open source software framework that stores large amounts of data and runs applications on clusters of commodity hardware.
c) It analyzes data from system memory instead of hard drives.
d) It is a technology that uses data, statistical algorithms, and machine-learning techniques to identify the likelihood of future outcomes based on historical data.
b) Hadoop is an open source software framework that stores large amounts of data and runs applications on clusters of commodity hardware.
The primary objective of security software is to
a) Monitor the separation of duties within applications.
b) Detect the presence of viruses.
c) Restrict access to prevent installation of unauthorized utility software.
d) Control access to information system resources.
d) The objective of security software is to control access to information system resources, such as program libraries, data files, and proprietary software. Security software identifies and authenticates users, controls access to information, and records and investigates security related events and data.
When reviewing the system design of data input controls, which of the following should be given the least consideration?
a) Authorization.
b) Validation.
c) Configuration.
d) Error notification.
c) Data input controls are application controls. The objective of application controls is to ensure the completeness, accuracy, authorization, and validity of input data, processed data, stored data, and output data. Configuration is a consideration when reviewing IT general controls, not application controls. It is a logical access control that ensures only authorized persons and applications have access to data and applications.
Advantages of decentralization include all of the following except
a) Greater uniformity in decisions.
b) Decisions are more easily made.
c) Problems can be dealt with on the spot.
d) Managers’ motivation increases.
a) Organizational design should achieve a balance between centralization and decentralization. The main benefits of centralization are more effective control and reduced costs through resource sharing. The main benefits of decentralization are flexibility and adaptability that permit a rapid response to changes in circumstances. Accordingly, increased uniformity in decision making is an advantage of centralization. It reflects the benefit of more effective control.
Your objective is to determine that nonrecurring purchases, initiated by various user organizations, have been properly authorized. If all purchases are made through the purchasing department, to which of the following documents should you vouch purchases?
a) Purchase requisitions.
b) Purchase orders.
c) Invoices.
d) Receiving reports.
a) When the auditor tests for unauthorized nonrecurring purchases, (s)he should vouch purchases to the purchase requisitions. The initiating authorization by the user department is embodied in a properly authorized purchase requisition.
In general, a firm should drop a product line when
a) The marginal cost of the project exceeds the marginal revenue.
b) The selling price is less than the average cost of production.
c) The marginal revenue of the project exceeds the marginal cost.
d) Unavoidable costs exceed total contribution margin.
a) In general, if the marginal cost of a project exceeds the marginal revenue, a firm should disinvest in that product line.
Preventing someone with sufficient technical skill from circumventing security procedures and making changes to production programs is best accomplished by
a) Providing suitable segregation of duties.
b) Reviewing reports of jobs completed.
c) Comparing production programs with independently controlled copies.
d) Running test data periodically.
a) When duties are separated, users cannot obtain a detailed knowledge of programs and computer operators cannot gain unsupervised access to production programs.
Which of the following data analytics methods should an auditor use to report on actual results?
a) Descriptive analysis.
b) Text analysis.
c) Diagnostic analysis.
d) Information discovery.
a) Descriptive analysis is the most basic and commonly used data analytics method and concentrates on the reporting of actual results.
The punishing of employees is made less effective by
a) Stating the offending behavior specifically.
b) Focusing the discussion on the offending behavior instead of the offender.
c) Permitting employees to challenge individual culpability.
d) Postponing the start of disciplinary procedures.
d) The most effective discipline requires immediate corrective action to eliminate the negative effects of the undesirable employee conduct and to establish and reinforce appropriate behavior. Delay merely invites more serious consequences. Moreover, the punishment should be commensurate with the offense, and the employee should clearly perceive the relationship between the punishment and the behavior.
The most difficult aspect of using Internet resources is
a) Getting authorization for access.
b) Making a physical connection.
c) Locating the best information source.
d) Obtaining the equipment required.
c) The most difficult aspect of using Internet resources is locating the best information given the large number of information sources.
Which of the following is the best policy for the protection of a company’s vital information resources from computer viruses?
a) Stringent corporate hiring policies for staff working with computerized functions.
b) Physical protection devices in use for hardware, software, and library facilities.
c) Prudent management procedures instituted in conjunction with technological safeguards.
d) Existence of a software program for virus prevention.
c) Acceptably safe computing can be achieved by carefully crafted policies and procedures used in conjunction with antivirus and access control software.
For a supply chain to be successful, what is the most important goal for all parties involved?
a) Sustain contact with each other.
b) Establish bonds of trust.
c) Maintain open records.
d) Operate common systems.
b) The sharing of information and coordination among the parties regarding sales, inventory, prices, advertising, and forecasts moderates demand uncertainty for everyone. The parties therefore need to trust each other.
Which one of the following provides a spontaneous source of financing for a firm?
a) Accounts payable.
b) Mortgage bonds.
c) Accounts receivable.
d) Debentures.
a) Trade credit is a spontaneous source of financing because it arises automatically as part of a purchase transaction. Because of its ease in use, trade credit is the largest source of short-term financing for many firms, both large and small.
A controller became aware that a competitor appeared to have access to the company’s pricing information. The internal auditor determined that the leak of information was occurring during the electronic transmission of data from branch offices to the head office. Which of the following controls would be most effective in preventing the leak of information?
a) Use of fiber-optic transmission lines.
b) Use of passwords.
c) Encryption.
d) Asynchronous transmission.
c) Encryption software uses a fixed algorithm to manipulate plain text and an encryption key (a set of random data bits used as a starting point for application of the algorithm) to introduce variation. Although data may be accessed by tapping into the transmission line, the encryption key is necessary to understand the data being sent.
A project coordinator for a large capital project used a brainstorming session of the senior project managers to decide how to get the project back on schedule. A disadvantage of this approach is that
a) Diversity of views will be decreased.
b) Creativity will be decreased.
c) Only situational factors will be addressed.
d) Responsibility for the decision will be unclear.
d) Brainstorming is an aid to creativity in group decision making. This technique requires a group meeting, possibly online, to develop solutions in a criticism-free context. All ideas are recorded and are later either discarded or more fully developed. Thus, a nonjudgmental environment is essential. Moreover, to create such an environment or to avoid having personality conflicts interfere with the process, a means of conferring anonymity on the participants is sometimes used. However, brainstorming suffers from a structural weakness of group decision making, dispersal of accountability.
Which of the following would not be appropriate to consider in the physical design of a data center?
a) Use of biometric access systems.
b) Design of authorization tables for operating system access.
c) Inclusion of an uninterruptible power supply system and surge protection.
d) Evaluation of potential risks from railroad lines and highways.
b) Authorization tables for operating system access address logical controls, not physical controls.
An organization installed antivirus software on all its personal computers. The software was designed to prevent initial infections, stop replication attempts, detect infections after their occurrence, mark affected system components, and remove viruses from infected components. The major risk in relying on antivirus software is that antivirus software may
a) Interfere with system operations.
b) Make software installation overly complex.
c) Consume too many system resources.
d) Not detect certain viruses.
d) Antivirus software designed to identify and remove known viruses is sometimes known as a vaccine. A vaccine works only for known viruses and may not be effective for variants of those viruses or new viruses.
Fact Pattern:
An automobile and personal property insurer has decentralized its information processing to the extent that headquarters has less processing capacity than any of its regional processing centers. These centers are responsible for initiating policies, communicating with policyholders, and adjusting claims. The company uses leased lines from a national telecommunications company. Initially, the company thought there would be little need for interregion communication, but that has not been the case. The company underestimated the number of customers that would move between regions and the number of customers with claims arising from accidents outside their regions. The company has a regional center in an earthquake-prone area and is planning how to continue processing if that center, or any other single center, were unable to perform its processing.
The company has considered several alternatives for replacing the hardware required for a regional center’s processing. An advantage of using a third-party cold site is that
a) The replacement site could be up and running in a few hours.
b) No additional equipment would be required at the regional centers.
c) Personnel employed at the site would be familiar with company operations.
d) Travel expenses would be minimized for company personnel.
b) A cold site backup facility is a shell facility where the user can quickly install computer equipment and resume operations in the event of a disaster. The facility has all of the needed assets in place except the needed computer equipment and is vendor-dependent for timely delivery of equipment. Accordingly, an advantage of using a third-party cold site is the elimination of the need for additional equipment.
Which of the following would be a reasonable basis for allocating the material handling costs to the units produced in an activity-based costing system?
a) Number of components per completed unit.
b) Number of production runs per year.
c) Amount of overhead applied to each completed unit.
d) Amount of time required to produce one unit.
a) An essential element of activity-based costing (ABC) is driver analysis, which identifies the cause-and-effect relationship between an activity and its consumption of resources and for an activity and the demands made on it by a cost object. The number of components in a finished product and the amount of materials handling cost incurred have a direct causal relationship.
Contingency plans for information systems should include appropriate backup agreements. Which of the following arrangements would be considered too vendor-dependent when vital operations require almost immediate availability of computer resources?
a) A “hot site” arrangement.
b) Using excess capacity at another data center within the organization.
c) A “cold site” arrangement.
d) A “cold and hot site” combination arrangement.
c) Organizations should maintain contingency plans for operations in the case of a disaster. These plans usually include off-site storage of important backup data and an arrangement for the continuation of operations at another location. A cold site has all needed assets in place except the needed computer equipment and is vendor-dependent for timely delivery of equipment.
Among the nonfinancial rewards to an employee, a paid vacation trip can best be categorized as
a) Social reward.
b) Visual/auditory reward.
c) Manipulatables.
d) Token award.
d) Token awards are normally nonrecurring. They show appreciation for the role of the employee. Other similar examples are gift coupons, stock options, early time off with pay, or dinner and theater tickets.
To avoid invalid data input, a bank added an extra number at the end of each account number and subjected the new number to an algorithm. This technique is known as
a) Field check.
b) Sequence check.
c) Cross-footing.
d) A check digit.
d) Self-checking digits may be used to detect incorrect identification numbers. A check digit is an extra reference number that follows an identification code and bears a mathematical relationship to the other digits. The extra digit is input with the data. The identification code can be subjected to an algorithm and compared to the check digit.
Which implemented control would best assist in meeting the control objective that a system have the capability to hold users accountable for functions performed?
a) Programmed cutoff.
b) Activity logging.
c) Redundant hardware.
d) Transaction error logging.
b) Activity logging provides an audit trail of user activity.
The use of message encryption software
a) Requires manual distribution of keys.
b) Guarantees the secrecy of data.
c) Reduces the need for periodic password changes.
d) Increases system overhead.
d) Encryption software uses a fixed algorithm to manipulate plain text and an encryption key (a set of random data bits used as a starting point for application of the algorithm) to introduce variation. The machine instructions necessary to encrypt and decrypt data constitute system overhead. As a result, processing speed may be slowed.
Which of the following is least likely to be an example of synergy?
a) A manufacturing company hiring a new manager with technological experience lacking in the company.
b) A shopping mall with several businesses providing different products and performing different services.
c) A car dealership providing warranties on automobile parts to maximize customer value.
d) Military Humvees being converted into sports utility vehicles for sale to civilians.
c) Synergy occurs when the combination of formerly separate elements has a greater effect than the sum of their individual effects. However, a car dealership’s provision of warranties reflects an operational strategy designed to provide post-purchase services to gain a competitive advantage and maximize customer value. It does not reflect the complementary sharing of resources, technology, or competencies. In contrast, synergy arises from selling a line of cars that share some components or a brand identification.
Which of the following best describes unstructured data?
a) Data systematically stored with markers to enforce hierarchies of records and fields within the data.
b) Data with a high level of organization.
c) Conforms with the organization of data models associated with relational databases.
d) Information that is not organized in a pre-defined manner (e.g., text-heavy facts, dates, numbers, and images).
d) Unstructured data refers to information that is not organized in a pre-defined manner (e.g., text-heavy facts, dates, numbers, and images).
When the labor cost accounting component of an integrated end-user computer (EUC) application was first implemented, it did not meet certain business requirements in the department and had to be substantially rewritten. Which of the following risks associated with EUC application development could have led directly to this result?
a) End-user applications may not be adequately documented to facilitate review.
b) Segregation of duties would be inadequate if the same person performed programmer and operator functions.
c) End-user applications may not receive the independent testing associated with traditional development.
d) There may be insufficient review and analysis of user needs when user and analyst functions are no longer separate.
d) Unlike IT-developed and supported applications, user-developed applications are not reviewed by systems analysts prior to implementation. This lack of review may result in the rewrite of user-developed applications to better meet business requirements.
Which of the following is an objective of logical security controls for information systems?
a) To restrict access to specific data and resources.
b) To provide an audit trail of the results of processing.
c) To ensure complete and accurate processing of data.
d) To ensure complete and accurate recording of data.
a) The primary objective of security controls for information systems is to restrict access to data and resources (both hardware and software) to only authorized individuals.
Management information systems represent a significant investment by most businesses. A primary concern of management is that the system
a) Meet the business needs of the organization.
b) Employ the latest technology.
c) Might consume too much time and money during testing.
d) Was designed using CASE (Computer-Aided Software Engineering) tools rather than traditional methods.
a) A management information system (MIS) provides information for management decisions. The MIS must meet the needs of the organization or the cost will exceed any benefit to a business.
Under a defined contribution pension plan, a(n) <List> is reported on the statement of financial position only if the amount the organization has contributed to the pension trust is <List> the amount required.</List></List>
a) Liability, Equal to
b) Asset, Equal to
c) Asset, Greater than
d) Liability, Greater than
c) Under a defined contribution plan, the employer recognizes an expense and a liability for the contribution payable in exchange for an employee’s services performed during the period. The amount is determined after subtracting any contribution already made. If the contribution made exceeds the amount due, the excess is treated as a prepaid expense (an asset).
What is strategic planning?
a) It establishes the resources that the plan will require.
b) It establishes the general direction of the organization.
c) It establishes the budget for the organization.
d) It consists of decisions to use parts of the organization’s resources in specified ways.
b) Strategic planning establishes the general direction of an organization. It embodies the concerns of senior management and is based specifically on (1) identifying and specifying organizational objectives; (2) evaluating the organization’s strengths and weaknesses; (3) assessing risk levels; (4) identifying and forecasting the effect of external (environmental) factors relevant to the organization; (5) deriving the best strategy for reaching the objectives, given the organization’s strengths and weaknesses and the relevant future trends; and (6) analyzing and reviewing the capital budgeting process and capacity planning.
When a user enters a certain entity’s system, a series of questions is asked of the user, including a name and mother’s birth date. These questions are primarily intended to provide
a) Access control to computer hardware.
b) Data integrity control.
c) Authentication of the user.
d) Authorization for processing.
c) Requiring specified information allows the computer to identify the user. This access control is intended to limit access to data and programs and the nature of that access.
Which of the following should be management’s primary concern when reviewing a reciprocal disaster recovery agreement between two organizations?
a) Frequency of system testing.
b) Differences in information system policies and procedures.
c) Hardware and software compatibility.
d) The reliability of the business impact analysis.
c) A reciprocal disaster recovery agreement is an agreement between two or more organizations to share their resources after a major interruption. The primary concern when reviewing the agreement is whether the hardware and software of the participating organizations are compatible.
A company owns 10,000 shares of a corporation’s stock; the corporation currently has 40,000 shares outstanding. During the year, the corporation had net income of $200,000 and paid $160,000 in dividends. At the beginning of the year, there was a balance of $150,000 in the company’s equity method investment in the corporation account. At the end of the year, the balance in this account should be
a) $240,000
b) $160,000
c) $150,000
d) $110,000
The company holds 25% (10,000 ÷ 40,000) of the corporation’s voting common stock. Under the equity method, (1) an investor recognizes its share of the investee’s net income as an increase in the investment account:
Investment in the corporation ($200,000 × 25%)
$50,000
Income – equity-method investee
$50,000
(2) a dividend from the investee is treated as a return of an investment:
Cash ($160,000 × 25%)
$40,000
Investment in the corporation
$40,000
Thus, at the end of the year, the balance in the investment in the corporation account is $160,000 ($150,000 + $50,000 – $40,000).
Using the variable costing method, which of the following costs are assigned to inventory?
1) Variable Selling and
Administrative Costs
2 ) Variable Factory
Overhead Costs
a) No, No
b) Yes, No
c) Yes, Yes
d) No, Yes
d) Under variable costing, only variable manufacturing costs (not variable selling, general, and administrative costs) are assigned to inventory. Variable manufacturing overhead is a variable manufacturing cost. Thus, it is assigned to inventory.
