W41-IT Risk and Internal Control Flashcards
Q 101. Almost all commercially marketed software is
Copyrighted / Copy protected
a. Yes Yes
b. Yes No
c. No Yes
d. No No
Q 101. (b) while almost all such software is copyrighted, much of it is not copy protected
Q 102. A widely used disaster recovery approach includes
a. Encryption
b. Firewalls
c. Regular backups
d. Surge protectors
Q 102. (c) regular backups (copying) of data allows recovery when original records are damaged
Q 104. Output controls ensure that the results of computer processing are accurate, complete, and properly distributed. Which of the following is not a typical output control?
a. reviewing the computer processing logs to determine that all of the correct computer jobs executed properly
b. Matching input data with information on master files and placing unmatched items in a suspense file
c. Periodically reconciling output reports to make sure that totals, formats, and critical details are correct and agree with input
d. Maintaining formal procedures and documentation specifying authorized recipients of output reports, checks, or other critical documents
Q 104. (b) matching the input data with information held on master or suspense files is a processing control, not an output control, to ensure that data are complete and accurate during updating
Q 105. Minimizing the likelihood of unauthorized editing of production programs, job control language, and operating system software can best be accomplished by
a. Database access reviews
b. Compliance reviews
c. Good change-control procedures
d. Effective network security software
Q 105. (c) program change control comprises:
- maintaining records of change authorizations, code changes, and test results
- adhering to a systems development methodology (including documentation)
- authorizing changeovers of subsidiary and headquarters’ interfaces
- restricting access to authorized source and executable codes
Q 106. Some companies have replaced mainframe computers with microcomputers and networks because the smaller computers could do the same work at less cost. Assuming that management of a company decided to launch a downsizing project, what should be done with respect to mainframe applications such as the general ledger system?
a. Plan for rapid conversion of all mainframe applications to run on a microcomputer network
b. Consider the general ledger system as an initial candidate for conversion
c. Defer any modification of the general ledger system until it is clearly inadequate
d. Integrate downsized applications with stable mainframe applications
Q 106. (d) mainframe applications represent a significant investment and may still provide adequate service. The fact that mainframes can provide a stable platform for enterprise applications may be an advantage while exploring other non-mainframe options.
Q 107. A corporation receives the majority of its revenue from top-secret military contracts with the government. Which of the following would be of greatest concern to an auditor reviewing a policy about selling the company’s used microcomputers to outside parties?
a. Whether deleted files on the hard disk drive have been completely erased
b. Whether the computer has viruses
c. Whether all software on the computer is properly licensed
d. Whether the computer has terminal emulation software on it
Q 107. (a) while most delete programs erase file pointers, they do not remove the underlying data. The company must use special utilities that fully erase the data; this is especially important because of the potential for top-secret data on the microcomputers
Q 110. Pirated software obtained through the Internet may lead to civil lawsuits or criminal prosecution. Of the following, which would reduce an organization’s risk in this area?
Ⅰ. Maintain a log of all software purchases
Ⅱ. Audit individual computers to identify software on the computers
Ⅲ. Establish a corporate software policy
Ⅳ. Provide original software diskettes to each user
a. Ⅰ and Ⅳ only
b. Ⅰ, Ⅱ, and Ⅲ only
c. Ⅱ and Ⅳ only
d. Ⅱ and Ⅲ only
Q 110. (b) Ⅳ allowing users to keep original diskettes increases both the likelihood of illegal copies being made and the loss of diskettes
Q 113. To properly control the improper access to accounting database files, the database administrator should ensure that database system features are in place to permit
a. Read-only access to the database files
b. Updating from privileged utilities
c. Access only to authorized logical views
d. User updates of their access profiles
Q 113. (c) one security feature in database systems is their ability to let the database administrator restrict access on a logical view basis for each user
*updating of users’ access profiles should be a function of a security officer, not user
Q 114. When evaluating internal control of an entity that processes sales transactions on the Internet, an auditor would be most concerned about the
a. Lack of sales invoice documents as an audit trail
b. Potential for computer disruptions in recording sales
c. Inability to establish an integrated test facility
d. Frequency of archiving and data retention
Q 114. (b) computer disruptions may result in the incorrect recording of sales
Q 115. Which of the following statements is correct concerning internal control in an electronic data interchange (EDI) system?
a. Preventive controls generally are more important than detective controls in EDI systems
b. Control objectives for EDI systems generally are different from the objectives for other information systems
c. Internal controls in EDI systems rarely permit control risk to be assessed at below the maximum
d. Internal controls related to the segregation of duties generally are the most important controls in EDI systems
Q 115. (a) preventive controls are important and often cost-effective in an EDI environment so as to not allow the error to occur, and because detective controls may detect misstatements too late to allow proper correction
Q 118. Which of the following are essential elements of the audit trail in an electronic data interchange (EDI) system?
a. Network and sender / recipient acknowledgments
b. Message directories and header segments
c. Contingency and disaster recovery plans
d. . Trading partner security and mailbox codes
Q 118. (a) effective audit trails need to include activity logs, including processed and failed transactions, network and sender / recipient acknowledgments, and time sequence of processing
Q 119. To avoid invalid data input, a bank added an extra number at the end of each account number and subjected the new number to an algorithm. This technique is known as
a. Optical character recognition
b. A check digit
c. A dependency check
d. A format check
Q 119. (b) a check digit is an extra reference number that follows an identification code and bears a mathematical relationship to the other digits
Q 128. The use of a header label in conjunction with magnetic tape is most likely to prevent errors by the
a. Computer operator
b. keypunch operator
c. Computer programmer
d. Maintenance technician
Q 128. (a) The requirement is to determine the errors which a header label is likely to prevent. Since the header label is actually on the magnetic tape, it is the computer operator whose errors will be prevented
Q 130. When computer programs or files can be accessed from terminals, users should be required to enter a(n)
a. Parity check
b. Personal identification code
c. Self-diagnoses test
d. Echo check
Q 130. (b) use of personal identification codes (passwords) will limit access to the programs or files on the terminal to those who know the codes
Q 133. Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission?
a. Hash total
b. Parity check
c. Encryption
d. Check digit
Q 133. (d) a check digit is an extra digit added to an identification number to detect such errors
