AUDITING REVIEW

Spring, 2012 Exam - Auditing with Technology, and Information Technology Note: Remember to record your answers on this exam

Answer the following questions on the enclosed answer sheet. 1. Which of the following is an example of a validity check? a. The computer ensures that a numerical amount in a record does not exceed some predetermined amount. b. As the computer corrects errors and data are successfully resubmitted to the system, the causes of the errors are printed out. c. The computer flags any transmission for which the control field value did not match that of an existing record. d. After data for a transaction are entered, the computer sends certain data back to the terminal for comparison with data originally sent. In a computerized payroll system environment, an auditor would be least likely to use test data to test controls related to a. Missing employee numbers. b. Proper approval of overtime by supervisors. c. Time tickets with invalid job numbers. d. Agreement of hours per clock cards with hours on time tickets. To obtain evidence that user identification and password controls are functioning as designed, an auditor would most likely a. Attempt to sign on to the system using invalid user identifications and passwords. b. Write a computer program that simulates the logic of the client's access control software. c. Extract a random sample of processed transactions and ensure that the transactions were appropriately authorized. d. Examine statements signed by employees stating that they have not divulged their user identifications and passwords to any other person. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process? a. Parallel simulation. b. Generalized audit software programming. c. Integrated test facility. d. Test data approach. Parity checks, read-after-write checks, and duplicate circuitry are electronic data processing controls that are designed to detect a. Erroneous internal handling of data. b. Lack of sufficient documentation for computer process. c. Illogical programming commands. d. Illogical uses of hardware. Errors in data processed in a batch computer system may not be detected immediately because a. Transaction trails in a batch system are available only for a limited period of time. b. There are time delays in processing transactions in a batch system. c. Errors in some transactions cause rejection of other transactions in the batch. d. Random errors are more likely in a batch system than in an on-line system.

2.

3.

4.

5.

6.

7.

An entity has the following invoices in a batch: Invoice Number -----------201 202 203 204 Product ------F10 G15 H20 K35 Quantity -------150 200 250 300 Unit Price ---------$5.00 $10.00 $25.00 $30.00

Which of the following numbers represents the record count? a. 1 b. 4 c. 810 d. 900 8. An entity has the following invoices in a batch: Invoice Number ----------201 202 203 204

Product ------F10 G15 H20 K35

Quantity -------150 200 250 300

Unit Price ---------$5.00 $10.00 $25.00 $30.00

Which of the following most likely represents a hash total? a. FGHK80 b. 4 c. 204 d. 810 9. An organization relied heavily on e-commerce for its transactions. Evidence of the organization's security awareness manual would be an example of which of the following types of controls? a. Preventative. b. Detective. c. Corrective. d. Compliance. Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission? a. Hash total. b. Parity check. c. Encryption. d. Check digit.

10.

11.

Which of the following represents an additional cost of transmitting business transactions by means of electronic data interchange (EDI) rather than in a traditional paper environment? a. Redundant data checks are needed to verify that individual EDI transactions are not recorded twice. b. Internal audit work is needed because the potential for random data entry errors is increased. c. Translation software is needed to convert transactions from the entity's internal format to a standard EDI format. d. More supervisory personnel are needed because the amount of data entry is greater in an EDI system. Many entities use the Internet as a network to transmit electronic data interchange (EDI) transactions. An advantage of using the Internet for electronic commerce rather than a traditional value-added network (VAN) is that the Internet a. Permits EDI transactions to be sent to trading partners as transactions occur. b. Automatically batches EDI transactions to multiple trading partners. c. Possesses superior characteristics regarding disaster recovery. d. Converts EDI transactions to a standard format without translation software. Which of the following is usually a benefit of using electronic funds transfer for international cash transactions? a. Improvement of the audit trail for cash receipts and disbursements. b. Creation of self-monitoring access controls. c. Reduction of the frequency of data entry errors. d. Off-site storage of source documents for cash transactions. Which of the following is usually a benefit of transmitting transactions in an electronic data interchange (EDI) environment? a. compressed business cycle with lower year-end receivables balances. b. A reduced need to test computer controls related to sales and collections transactions. c. An increased opportunity to apply statistical sampling techniques to account balances. d. No need to rely on third-party service providers to ensure security. When evaluating internal control of an entity that processes sales transactions on the Internet, an auditor would be most concerned about the a. Lack of sales invoice documents as an audit trail. b. Potential for computer disruptions in recording sales. c. Inability to establish an integrated test facility. d. Frequency of archiving and data retention. Which of the following statements is correct concerning internal control in an electronic data interchange (EDI) system? a. Preventive controls generally are more important than detective controls in EDI systems. b. Control objectives for EDI systems generally are different from the objectives for other information systems. c. Internal controls in EDI systems rarely permit control risk to be assessed at below the maximum. d. Internal controls related to the segregation of duties generally are the most important controls in EDI systems.

12.

13.

14.

15.

16.

17.

Which of the following statements is correct concerning the security of messages in an electronic data interchange (EDI) system? a. When confidentiality of data is the primary risk, message authentication is the preferred control rather than encryption. b. Encryption performed by physically secure hardware devices is more secure than encryption performed by software. c. Message authentication in EDI systems performs the same function as segregation of duties in other information systems. d. Security at the transaction phase in EDI systems is not necessary because problems at that level will usually be identified by the service provider. Which of the following is an essential element of the audit trail in an electronic data interchange (EDI) system? a. Disaster recovery plans that ensure proper backup of files. b. Encrypted hash totals that authenticate messages. c. Activity logs that indicate failed transactions. d. Hardware security modules that stores sensitive data. Which of the following are essential elements of the audit trail in an electronic data interchange (EDI) system? a. Network and sender/recipient acknowledgments. b. Message directories and header segments. c. Contingency and disaster recovery plans. d. Trading partner security and mailbox codes. Which of the following is an engagement attribute for an audit of an entity that processes most of its financial data in electronic form without any paper documentation? a. Discrete phases of planning, interim, and year-end fieldwork. b. Increased effort to search for evidence of management fraud. c. Performance of audit tests on a continuous basis. d. Increased emphasis on the completion assertion. Which of the following statements most likely represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files? a. Attention is focused on the accuracy of the programming process rather than errors in individual transactions. b. It is usually easier for unauthorized persons to access and alter the files. c. Random error associated with processing similar transactions in different ways is usually greater. d. It is usually more difficult to compare recorded accountability with physical count of assets.

18.

19.

20.

21.

22.

Which of the following strategies would a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system? a. Continuous monitoring and analysis of transaction processing with an embedded audit module. b. Increased reliance on internal control activities that emphasize the segregation of duties. c. Verification of encrypted digital certificates used to monitor the authorization of transactions. d. Extensive testing of firewall boundaries that restrict the recording of outside network traffic. Which of the following statements best characterizes the function of a physical access control? a. Protects systems from the transmission of Trojan horses. b. Provides authentication of users attempting to log into the system. c. Separates unauthorized individuals from computer resources. d. Minimizes the risk of incurring a power or hardware failure. Which of the following is a network node that is used to improve network traffic and to set up as a boundary that prevents traffic from one segment to cross over to another? a. Router. b. Gateway. c. Firewall. d. Heuristic. Which of the following is an example of how specific internal controls in a database environment may differ from controls in a nondatabase environment? a. Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access. b. Controls over data sharing by diverse users within an entity should be the same for every user. c. The employee who manages the computer hardware should also develop and debug the computer programs. d. Controls can provide assurance that all processed transactions are authorized, but cannot verify that all authorized transactions are processed. A retail entity uses electronic data interchange (EDI) in executing and recording most of its purchase transactions. The entity's auditor recognized that the documentation of the transactions will be retained for only a short period of time. To compensate for this limitation, the auditor most likely would a. Increase the sample of EDI transactions to be selected for cutoff tests. b. Perform tests several times during the year, rather than only at year-end. c. Plan to make a 100% count of the entity's inventory at or near the year-end. d. Decrease the assessed level of control risk for the existence or occurrence assertion. Which of the following activities most likely would detect whether payroll data were altered during processing? a. Monitor authorized distribution of data control sheets. b. Use test data to verify the performance of edit routines. c. Examine source documents for approval by supervisors. d. Segregate duties between approval of hardware and software specifications.

23.

24.

25.

26.

27.

28.

Which of the following procedures would an entity most likely include in its disaster recovery plan? a. Convert all data from EDI format to an internal company format. b. Maintain a Trojan horse program to prevent illicit activity. c. Develop an auxiliary power supply to provide uninterrupted electricity. d. Store duplicate copies of files in a location away from the computer center. Which of the following is a computer program that appears to be legitimate but performs some illicit activity when it is run? a. Hoax virus. b. Web crawler. c. Trojan horse. d. Killer application. Which of the following characteristics distinguishes electronic data interchange (EDI) from other forms of electronic commerce? a. EDI transactions are formatted using the standards that are uniform worldwide. b. EDI transactions need not comply with generally accepted accounting principles. c. EDI transactions ordinarily are processed without the Internet. d. EDI transactions are usually recorded without security and privacy concerns.

29.

30.

END OF TESTLET 1

31.

Which of the following is an encryption feature that can be used to authenticate the originator of a document and ensure that the message is intact and has not been tampered with? a. Heuristic terminal. b. Perimeter switch. c. Default settings. d. Digital signatures. In building an electronic data interchange (EDI) system, what process is used to determine which elements in the entity's computer system correspond to the standard data elements? a. Mapping. b. Translation. c. Encryption. d. Decoding. Which of the following is a password security problem? a. Users are assigned passwords when accounts are created, but do not change them. b. Users have accounts on several systems with different passwords. c. Users copy their passwords on note paper, which is kept in their wallets. d. Users select passwords that are not listed in any on-line dictionary. Which of the following is a computer program that appears to be legitimate but performs an illicit activity when it is run? a. Redundant verification. b. Parallel count. c. Web crawler. d. Trojan horse. An auditor who wishes to capture an entity's data as transactions are processed and continuously test the entity's computerized information system most likely would use which of the following techniques? a. Snapshot application. b. Embedded audit module. c. Integrated data check. d. Test data generator. Which of the following input controls would prevent an incorrect state abbreviation from being accepted as legitimate data? a. Reasonableness test. b. Field check. c. Digit verification check. d. Validity check. Which of the following is the primary reason that many auditors hesitate to use embedded audit modules? a. Embedded audit modules cannot be protected from computer viruses. b. Auditors are required to monitor embedded audit modules continuously to obtain valid results. c. Embedded audit modules can easily be modified through management tampering. d. Auditors are required to be involved in the system design of the application to be monitored.
7

32.

33.

34.

35.

36.

37.

38.

A customer intended to order 100 units of product Z96014, but incorrectly ordered nonexistent product Z96015. Which of the following controls would detect this error? a. Check digit verification. b. Record count. c. Hash total. d. Redundant data check. Which of the following definitions best characterizes benchmarking? a. A technique that examines product and process attributes to identify areas for improvement. b. The comparison of existing activities with the best levels of performance in other, similar organizations. c. The development of the most effective methods of completing tasks in a particular industry. d. The complete redesign of a process within an organization. What is a major disadvantage to using a private key to encrypt data? a. Both sender and receiver must have the private key before this encryption method will work. b. The private key cannot be broken into fragments and distributed to the receiver, c. The private key is used by the sender for encryption but not by the receiver for decryption. d. The private key is used by the receiver but not by the sender for encryption. . In an accounting information system, which of the following types of computer files most likely would be a master file? a. Inventory subsidiary. b. Cash disbursements. c. Cash receipts. d. Payroll transactions. Which of the following is an advantage of a computer- based system for transaction processing over a manual system? A computer-based system a. Does not require as stringent a set of internal controls. b. Will produce a more accurate set of financial statements. c. Will be more efficient at producing financial statements. d. Eliminates the need to reconcile control accounts and subsidiary ledgers Which of the following risks can be minimized by requiring all employees accessing the information system to use passwords? a. Collusion. b. Data entry errors. c. Failure of server duplicating function. d. Firewall vulnerability.

39.

40.

41.

42.

43.

44.

Which of the following statements is correct concerning the security of messages in an electronic data interchange (EDI) system? a. Removable drives that can be locked up at night provide adequate security when the confidentiality of data is the primary risk. b. Message authentication in EDI systems performs the same function as segregation of duties in other information systems. c. Encryption performed by a physically secure hardware device is more secure than encryption performed by software. d. Security at the transaction phase in EDI systems is not necessary because problems at that level will be identified by the service provider. Which of the following activities would most likely detect computer-related fraud? a. Using data encryption. b. Performing validity checks. c. Conducting fraud-awareness training. d. Reviewing the systems-access log. The computer operating system performs scheduling, resource allocation, and data retrieval functions based on a set of instructions provided by the a. Multiplexer. b. Peripheral processors. c. Concentrator. d. Job control language. Which of the following types of control plans is particular to a specific process or subsystem, rather than related to the timing of its occurrence? a. Preventive. b. Corrective. c. Application. d. Detective. Which of the following procedures should be included in the disaster recovery plan for an Information Technology department? a. Replacement personal computers for user departments. b. Identification of critical applications. c. Physical security of warehouse facilities. d. Cross-training of operating personnel. A digital signature is used primarily to determine that a message is a. Unaltered in transmission. b. Not intercepted en route. c. Received by the intended recipient. d. Sent to the correct address.

45.

46.

47.

48.

49.

50.

A client that recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password. Each UIC is a person's name, and the individual's password is the same as the UIc. Users are not required to change their passwords at initial log-in nor do passwords ever expire. Which of the following statements does not reflect a limitation of the client's computer-access control? a. Employees can easily guess fellow employees' passwords. b. Employees are not required to change passwords. c. Employees can circumvent procedures to segregate duties. d. Employees are not required to take regular vacations. Compared to batch processing, real-time processing has which of the following advantages? a. Ease of auditing. b. Ease of implementation. c. Timeliness of information. d. Efficiency of processing. Which of the following is a critical success factor in data mining a large data store? a. Pattern recognition. b. Effective search engines. c. Image processing systems. d. Accurate universal resource locator (URL). A customer's order was never filled because an order entry clerk transposed the customer identification number while entering the sales transaction into the system. Which of the following controls would most likely have detected the transposition? a. Sequence test. b. Completeness test. c. Validity check. d. Limit test. Which of the following is usually a benefit of transmitting transactions in an electronic data interchange (EDI) environment? a. Elimination of the need to continuously update antivirus software. b. Assurance of the thoroughness of transaction data because of standardized controls. c. Automatic protection of information that has electronically left the entity. d. Elimination of the need to verify the receipt of goods before making payment. Which of the following is an electronic device that separates or isolates a network segment from the main network while maintaining the connection between networks? a. Query program. b. Firewall. c. Image browser. d. Keyword.

51.

52.

53.

54.

55.

10

56.

A distributed processing environment would be most beneficial in which of the following situations? a. Large volumes of data are generated at many locations and fast access is required. b. Large volumes of data are generated centrally and fast access is not required. c. Small volumes of data are generated at many locations, fast access is required and summaries of the data are needed promptly at a central site. d. Small volumes of data are generated centrally, fast access is required, and summaries are needed monthly at many locations. To prevent interrupted information systems operation, which of the following controls are typically included in an organization's disaster recovery plan? a. Backup and data transmission controls. b. Data input and downtime controls. c. Backup and downtime controls. d. Disaster recovery and data processing controls. Which of the following statements is true regarding Transmission Control Protocol and Internet Protocol (TCP/IP)? a. Every TCP/IP-supported transmission is an exchange of funds. b. TCP/IP networks are limited to large mainframe computers. c. Every site connected to a TCP/IP network has a unique address. d. The actual physical connections among the various networks are limited to TCP/IP ports. What type of computerized data processing system would be most appropriate for a company that is opening a new retail location? a. Batch processing. b. Real-time processing. c. Sequential-file processing. d. Direct-access processing. What should be examined to determine if an information system is operating according to prescribed procedures? a. System capacity. b. System control. c. System complexity. d. Accessibility to system information.

57.

58.

59.

60.

END OF TESTLET 2

11

61.

Which of the following artificial intelligence information systems cannot learn from experience? a. Neural networks. b. Case-based reasoning systems. c. Rule-based expert systems. d. Intelligent agents. Which of the following allows customers to pay for goods or services from a Web site while maintaining financial privacy? a. Credit card. b. Site draft. c. E-cash. d. Electronic check. A retailing entity uses the Internet to execute and record its purchase transactions. The entity's auditor recognizes that the documentation of details of transactions will be retained for only a short period of time. To compensate for this limitation, the auditor most likely would a. Compare a sample of paid vendors' invoices to the receiving records at year-end. b. Plan for a large measure of tolerable misstatement in substantive tests. c. Perform tests several times during the year, rather than only at year-end. d. Increase the sample of transactions to be selected for cutoff tests. When an auditor tests the internal controls of a computerized accounting system, which of the following is true of the test data approach? a. Test data are coded to a dummy subsidiary so they can be extracted from the system under actual operating conditions. b. Test data programs need not be tailor-made by the auditor for each client's computer applications. c. Test data programs usually consist of all possible valid and invalid conditions regarding compliance with internal controls. d. Test data are processed with the client's computer and the results are compared with the auditor's predetermined results. When companies use information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor's best course of action in such situations? a. Assess the control risk as high. b. Use audit software to perform analytical procedures. c. Use generalized audit software to extract evidence from client databases. d. Perform limited tests of controls over electronic data. Which of the following configurations of elements represents the most complete disaster recovery plan? a. Vendor contract for alternate processing site, backup procedures, names of persons on the disaster recovery team. b. Alternate processing site, backup and off-site storage procedures, identification of critical applications, test of the plan. c. Off-site storage procedures, identification of critical applications, test of the plan. d. Vendor contract for alternate processing site, names of persons on the disaster recovery team, off-site storage procedures.

62.

63.

64.

65.

66.

12

67.

Which of the following is usually a benefit of using electronic funds transfer for international cash transactions? a. Creation of multilingual disaster recovery plans. b. Reduction in the frequency of data entry errors. c. Off-site storage of foreign source documents. d. Improvement in the audit trail for cash transactions. Which of the following internal control procedures would prevent an employee from being paid an inappropriate hourly wage? a. Having the supervisor of the data entry clerk verify that each employee's hours worked are correctly entered into the system. b. Using real-time posting of payroll so there can be no after-the-fact data manipulation of the payroll register. c. Giving payroll data entry clerks the ability to change any suspicious hourly pay rates to a reasonable rate. d. Limited access to employee master files to authorized employees in the personnel department. ABC, Inc. assessed overall risks of MIS systems projects on two standard criteria: technology used and design structure. The following systems projects have been assessed on these risk criteria. Which of the following projects holds the highest risk to ABC? Technology Structure a. Current Sketchy b. New Sketchy c. Current Well defined d. New Well defined An accounts payable clerk is accused of making unauthorized changes to previous payments to a vendor. Proof could be uncovered in which of the following places? a. Transaction logs. b. Error reports. c. Error files. d. Validated date file. A fast-growing service company is developing its information technology internally. What is the first step in the company's systems development life cycle? a. Analysis. b. Implementation. c. Testing. d. Design. Which of the following best describes a hot site? a. Location within the company that is most vulnerable to a disaster. b. Location where a company can install data processing equipment on short notice. c. Location that is equipped with a redundant hardware and software configuration. d. Location that is considered too close to a potential disaster area.

68.

69.

70.

71.

72.

13

73.

Compared to online real-time processing, batch processing has which of the following disadvantages? a. A greater level of control is necessary. b. Additional computing resources are required. c. Additional personnel are required. d. Stored data are current only after the update process. Which of the following represents the procedure managers use to identify whether the company has information that unauthorized individuals want, how these individuals could obtain the information, the value of the information, and the probability of unauthorized access occurring? a. Disaster recovery plan assessment. b. Systems assessment. c. Risk assessment. d. Test of controls. A value-added network (VAN) is a privately owned network that performs which of the following functions? a. Route data transactions between trading partners. b. Route data within a companys multiple networks. c. Provide additional accuracy for data transmissions. d. Provide services to send marketing data to customers. Which of the following is a key difference in controls when changing from a manual system to a computer system? a. Internal control principles change. b. Internal control objectives differ. c. Control objectives are more difficult to achieve. d. Methodologies for implementing controls change. Which of the following tasks would be included in a document flowchart for processing cash receipts? a. Compare control and remittance totals. b. Record returns and allowances. c. Authorize and generate an invoice d. Authorize and generate a voucher. The performance audit report of an information technology department indicated that the department lacked a disaster recovery plan. Which of the following steps should management take first to correct this condition? a. Bulletproof the information security architecture. b. Designate a hot site. c. Designate a cold site. d. Prepare a statement of responsibilities for tasks included in a disaster recovery plan.

74.

75.

76.

77.

78.

14

79.

An information technology director collected the names and locations of key vendors, current hardware configuration, names of team members, and an alternative processing location. What is the director most likely preparing? a. Data restoration plan. b. Disaster recovery plan. c. System security policy. d. System hardware policy. Which of the following best defines electronic data interchange (EDI) transactions? a. Electronic business information is exchanged between two or more businesses. b. Customers' funds-related transactions are electronically transmitted and processed. c. Entered sales data are electronically transmitted via a centralized network to a central processor. d. Products sold on central Web servers can be accessed by users anytime. Which of the following is a primary function of a database management system? a. Report customization. b. Capability to create and modify the database. c. Financial transactions input. d. Database access authorizations. To maintain effective segregation of duties within the information technology function, an application programmer should have which of the following responsibilities? a. Modify and adapt operating system software. b. Correct detected data entry errors for the cash disbursement system. c. Code approved changes to a payroll program. d. Maintain custody of the billing program code and its documentation. Which of the following terms best describes a payroll system? a. Database management system (DBMS). b. Transaction processing system (TPS). c. Decision support system (DSS). d. Enterprise resource planning (ERP) system. In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator? a. Managing remote access. b. Developing application programs. c. Reviewing security policy. d. Installing operating system upgrades. An employee mistakenly enters April 31 in the date field. Which of the following programmed edit checks offers the best solution for detecting this error? a. Online prompting. b. Mathematical accuracy. c. Preformatted screen. d. Reasonableness.

80.

81.

82.

83.

84.

85.

15

86.

A controller is developing a disaster recovery plan for a corporation's computer systems. In the event of a disaster that makes the company's facilities unusable, the controller has arranged for the use of an alternate location and the delivery of duplicate computer hardware to this alternate location. Which of the following recovery plans would best describe this arrangement? a. Hot site. b. Cold site. c. Backup site procedures. d. Hot spare site agreement. Controls in the information technology area are classified into the preventive, detective, and corrective categories. Which of the following is a preventive control? a. Contingency planning. b. Hash total. c. Echo check. d. Access control software. Bacchus, Inc. is a large multinational corporation with various business units around the world. After a fire destroyed the corporate headquarters and largest manufacturing site, plans for which of the following would help Bacchus ensure a timely recovery? a. Daily backup. b. Network security. c. Business continuity. d. Backup power. A test of a payroll system involved comparing an individual's number of overtime hours a week with an average of weekly overtime during a similar period in a prior year and evaluating the results. This is an example of what type of test? a. Range test. b. Detail test. c. Category test. d. Reasonableness test. In auditing an entity's computerized payroll transactions, an auditor would be least likely to use test data to test controls concerning a. Overpayment of employees for hours not worked. b. Control and distribution of unclaimed checks. c. Withholding of taxes and Social Security contributions. d. Missing employee identification numbers.

87.

88.

89.

90.

END OF TESTLET 3

16

91.

Which of the following is a computer-assisted audit technique that permits an auditor to use the auditor's version of a client's program to process data and compare the output with the client's output? a. Test data module. b. Frame relay protocol. c. Remote node router. d. Parallel simulation. Which of the following outcomes is a likely benefit of information technology used for internal control? a. Processing of unusual or nonrecurring transactions. b. Enhanced timeliness of information. c. Potential loss of data. d. Recording of unauthorized transactions. When a client's accounts payable computer system was relocated, the administrator provided support through a dialup connection to a server. Subsequently, the administrator left the company. No changes were made to the accounts payable system at that time. Which of the following situations represents the greatest security risk? a. User passwords are not required to be in alphanumeric format. b. Management procedures for user accounts are not documented. c. User accounts are not removed upon termination of employees. d. Security logs are not periodically reviewed for violations. An entity doing business on the Internet most likely could use any of the following methods to prevent unauthorized intruders from accessing proprietary information except: a. Password management. b. Data encryption. c. Digital certificates. d. Batch processing. Which of the following information technology (IT) departmental responsibilities should be delegated to separate individuals? a. Network maintenance and wireless access. b. Data entry and antivirus management. c. Data entry and application programming. d. Data entry and quality assurance. Which of the following transaction processing modes provides the most accurate and complete information for decision making? a. Batch. b. Distributed. c. Online. d. Application.

92.

93.

94.

95.

96.

17

97.

Which of the following is considered an application input control? a. Run control total. b. Edit check. c. Report distribution log. d. Exception report. Which of the following terms refers to a site that has been identified and maintained by the organization as a data processing disaster recovery site but has not been stocked with equipment? a. Hot. b. Cold. c. Warm. d. Flying start. An enterprise resource planning (ERP) system has which of the following advantages over multiple independent functional systems? a. Modifications can be made to each module without affecting other modules. b. Increased responsiveness and flexibility while aiding in the decision-making process. c. Increased amount of data redundancy since more than one module contains the same information. d. Reduction in costs for implementation and training. Which of the following structures refers to the collection of data for all vendors in a relational data base? a. Record. b. Field. c. File. d. Byte. During the annual audit, it was learned from an interview with the controller that the accounting system was programmed to use a batch processing method and a detailed posting type. This would mean that individual transactions were a. Posted upon entry, and each transaction had its own line entry in the appropriate ledger. b. Assigned to groups before posting, and each transaction had its own line entry in the appropriate ledger. c. Posted upon entry, and each transaction group had a cumulative entry total in the appropriate ledger. d. Assigned to groups before posting, and each transaction group had a cumulative entry total in the appropriate ledger. A company has a significant e-commerce presence and self-hosts its Web site. To assure continuity in the event of a natural disaster, the firm should adopt which of the following strategies? a. Backup the server database daily. b. Store records off-site. c. Purchase and implement RAID technology. d. Establish off-site mirrored Web server.

98.

99.

100.

101.

102.

18

103.

Which of the following is the primary advantage of using a value-added network (VAN)? a. It provides confidentiality for data transmitted over the Internet. b. It provides increased security for data transmissions. c. It is more cost effective for the company than transmitting data over the Internet. d. It enables the company to obtain trend information on data transmission. What is the correct ascending hierarchy of data in a system? a. Character, record; file, field. b. Field, character, file, record. c. Character, field, record, file. d. Field, record, file, character. In a large firm, custody of an entity's data is most appropriately maintained by which of the following personnel? a. Data librarian. b. Systems analyst. c. Computer operator. d. Computer programmer. What is the primary objective of data security controls? a. To establish a framework for controlling the design, security and use of computer programs throughout an organization. b. To ensure that storage media are subject to authorization prior to access, change, or destruction. c. To formalize standards, rules, and procedures to ensure that organization's controls are properly executed. d. To monitor the use of system software to prevent unauthorized access to system software and computer programs. Which of the following solutions creates an encrypted communication tunnel across the Internet for the purpose of allowing a remote user secure access into the network? a. Packet-switched network. b. Digital encryption. c. Authority certificate. d. Virtual private network. An enterprise resource planning system is designed to a. Allow nonexperts to make decisions about a particular problem. b. Help with the decision-making process. c. Integrate data from all aspects of an organization's activities. d. Present executives with the information needed to make strategic plans. Which of the following technologies is specifically designed to exchange financial information over the World Wide Web? a. Hypertext markup language (HTML). b. Extensible business reporting language (XBRL). c. Hypertext transfer protocol (HTTP). d. Transmission control program/Internet protocol (TCP/IP).

104.

105.

106.

107.

108.

109.

19