Ais Compilation

CHAPTER 1 c. another word for information.
d. quantitative facts that are not

qualitative by nature.
1. A set of two or more interrelated components
7. Which of the following statements below shows
that interact to achieve a goal is:
the contrast between data and information?
a. A system
a. Data is the output of an AIS.
b. An accounting information system
b. Information is the primary output of an
c. Data
AIS.
d. Mandatory information
c. Data is more useful in decision-making
2. This results when a subsystem achieves its goals
than information.
while contributing to the organization's overall
d. Data and information are the same.
goal.
a. Goal conflict 8. Information is
b. Goal congruence a. basically the same as data.
c. Value of information b. raw facts about transactions.
d. Systems congruence c. potentially useful facts when processed
3. Goal conflict may result when in a timely manner.
a. A decision or action of a subsystem is d. data that has been organized and
inconsistent with the system as a processed so that it's meaningful
whole. 9. Humans can absorb and process only so much
b. A subsystem achieves its goals while information. Information __________ occurs
contributing to the organization's when those limits are passed.
overall goal.
a. Overload
c. Duplicate recording, storage and
b. Excess
processes are eliminated.
c. Anxiety
d. The data exceeds the amount the
human mind can absorb and process. d. discretion
4. Facts that are collected, recorded, stored and 10. The value of information can best be defined as
processed by an information system a. how useful it is to decision makers.
a. Information b. the benefits produced by possessing
b. Data and using the information minus the
c. Systems cost of producing it.
d. Mandatory information c. how relevant it is.
5. Information is d. the extent to which it maximizes the
a. What happens when the data exceeds value chain.
the amount the human mind can 11. The benefit produced by the information minus
absorb. the cost of producing it.
b. The benefit produced by the a) Goal congruence
information minus the cost of b) Information
producing it. c) Information overload
c. Facts that are collected, recorded, d) Value of information
stored, and processed by an 12. An accounting information system (AIS)
information system. processes __________ to provide users with
d. Data that have been organized and __________.
processed to provide meaning to a a) data; information
user. b) data; transactions
6. Data are c) information; data
a. facts entered, stored, and processed by d) data; benefits
an information system. 13. How many components are found in an AIS?
b. processed output that is useful to a) three
decision makers. b) four
c) five 20. The primary consideration when producing this
d) six type of information is that its benefits exceeds
14. An accounting information system in part its costs.
consists of a. Discretionary information
a. People, hardware and programs. b. Essential information
b. Information, programs and computers. c. Mandatory information
d. Value of information
c. People, procedures, data, software and
21. An AIS is a system of six interrelated
information technology infrastructure.
components that interact to achieve a goal. One
d. Internal controls and accounting of these components, which includes both
records. manual and automated activities that involve
15. Information that reduces uncertainty, improves collecting, processing, and storing data, is
decision makers' ability to make predictions, or known as
confirms or corrects their prior expectations, is a. Information or data
said to be b. Procedures and instructions
a. Complete c. Software
b. Relevant d. Information technology infrastructure
c. Reliable 22. An accounting information system must be able
d. Timely to perform which of the following tasks?
a. collect transaction data
16. Information that is free from error or bias and
b. process transaction data
accurately represents the events or activities of
c. provide adequate controls
the organization is
d. all of the above
a. Relevant 23. Which of the following is not an example of a
b. Reliable common activity in an AIS?
c. Verifiable a. buy and pay for goods and services
d. Timely b. sell goods and services and collect cash
17. Information that does not omit important c. summarize and report results to
aspects of the underlying events or activities interested parties
that it measures is d. recording of sales calls for marketing
a. Complete purposes
b. Accessible
c. Relevant 24. Which of the following is not one of the
d. Timely components of an AIS?
18. When two knowledgeable people acting a) Internal controls and security measures
independently each produce the same b) People
information, this information is said to be c) Procedures and instructions
a. Complete d) Software and hardware
b. Relevant
c. Reliable 25. An AIS must be able to fulfill three important
d. Verifiable functions in any organization. One such function
19. Data must be converted into information to be is the collecting and storing of data about
considered useful and meaningful for decision- activities performed by the organization. One
making. There are six characteristics that make group that relies on both the adequate
information both useful and meaningful. If collection and transformation of data for
information is free from error or bias and decision-making purposes for an organization is
accurately represents the events or activities of a) management.
the organization, it is representative of the b) interested outsiders.
characteristic of c) competitors.
a. Relevancy d) the government.
b. Timeliness
c. Understandability
d. Reliability
26. The primary objective of accounting is to c) understanding how information technology
a) implement strong internal controls. can be used to improve AIS processes.
b) provide useful information to decision d) preparation of financial statements.
makers.
c) prepare financial statements. 32. The AIS must include controls to ensure
d) ensure the profitability of an organization. a) safety and availability of data.
b) marketing initiatives match corporate goals.
27. The Financial Accounting Standards Board c) information produced from data is accurate.
(FASB), in its Statement of Financial Accounting d) both A and C
Concepts No. 2, has defined accounting as
a) an information identification, development, 33. A change in the AIS that makes information
measurement, and communication process. more easily accessible and widely available
b) a way to provide adequate controls to within an organization is most likely to first
safeguard an organization's assets. influence the
c) being an information system. a) organizational culture.
d) a way to collect and transform data into b) customer base.
useful information. c) external financial statement users.
d) production activity.
28. Which activity below would not be considered
to be a "top" accountant work activity? 34. The process of creating value for customers is
a) process improvement the result of nine activities (five primary and
b) input into future product marketing four support) that taken together form a
initiatives a) value chain.
c) long-term strategic planning b) profitable operation.
d) computer systems and operations c) successful business.
d) support system.
29. The American Institute of Certified Public
Accountants (AICPA) has recognized the 35. The value chain concept is composed of two
importance of AIS and the major impact types of activities known as
information technology has on the area of a) primary and support.
accounting. To recognize individual CPAs who b) primary and secondary.
have met educational and experiential c) support and value.
requirements in this area, the group formally d) technology and support.
created the designation known as
a) the Certified Management Accountant. 36. Which of the following is a primary activity in
b) the Certified Information Technology the value chain?
Professional. a) infrastructure
c) the Certified Internal Auditor. b) technology
d) the Certified Data Processing Professional. c) purchasing
d) marketing and sales
30. An analysis conducted by the Institute of
Management Accountants shows that the most 37. In value chain analysis, what is the activity of
important activities performed by corporate arranging the delivery of products to customers
accountants relate to called?
a) customer and product profitability. a) outbound logistics
b) internal consulting. b) inbound logistics
c) process improvement. c) shipping
d) accounting systems and financial reporting. d) delivery
31. 31. The primary focus of an AIS course, as 38. An AIS provides value by
opposed to other IS courses, is on a) improving products or services through
a) application of information technology. information that increases quality and reduces
b) use of accounting software. costs.
b) providing timely and reliable information to 42. Within the value chain conceptual framework,
decision makers. organizations also perform a number of other
c) creating new products. support activities that enable the five primary
d) both A and B value chain activities to be performed efficiently
and effectively. One such support activity is
39. In Chapter 1, Figure 1-2 shows the factors that research and development. This activity can be
influence the design of AIS. The diagram shows identified as a
a bi-directional arrow between the a) firm infrastructure activity.
organizational culture and the AIS. The reason b) human resources activity.
for this two-way interchange between c) technology activity.
organizational culture and AIS is d) purchasing activity.
a) that the AIS should not influence the values
of the organizational culture. 43. Within the value chain conceptual framework,
b) because the organization's culture AIS is shown as a support activity. The AIS is of
influences the AIS, and likewise the AIS value to an organization when it provides
influences the organization's culture by accurate and timely information to help support
controlling the flow of information within the the five primary value chain activities. When the
organization. AIS provides information in a timely and
c) due to the transfer of managers between the accurate manner, it stands as an example of
two corporate elements. a) improved decision making.
d) the AIS impacts the organization's key b) improving the quality and reducing the costs
strategies. of products or services.
c) improving efficiency.
40. The objective of the majority of organizations is d) All of the above
to provide value to their customers. The
activities that support such an objective can be 44. A decision situation that is non-routine and for
conceptualized as forming a value chain. Within which no established framework exists for
this value chain, logistics plays an important making the decision is called a(n) __________
role. Logistics is both inbound and outbound in decision.
nature. An example of inbound logistics would a) structured
consist of b) semistructured
a) the activities that transform inputs into final c) unstructured
products or services. d) strategic
b) the activities that help customers to buy the
organization's products or services. 45. A decision that is repetitive, routine and well
c) the activities that provide post-sale support understood is
to customers. a) structured
d) the activities that consist of receiving, b) semistructured
storing, and distributing the materials used as c) unstructured
inputs by the organization to create goods d) strategic
and/or services it sells.
46. Which of the following is an example of a
41. A good example of how an AIS is used to share strategic planning decision?
knowledge within an organization is a) setting financial and accounting policies
a) the use of an expert system to help staff b) conducting a performance evaluation
identify the relevant experts who can help c) budgeting
with a particular client. d) developing human resource practices
b) the use of laptop computers to access a
network for messaging worldwide. 47. Decisions about the effective and efficient
c) the monitoring of production equipment to execution of specific tasks are concerned with
watch for defects. a) operational control.
d) the use of point-of-sale data to determine b) management control.
hot-selling items.
c) strategic planning. establishing organizational objectives and
d) tactical planning. policies for accomplishing those objectives.
d) There is no real correlation between a
48. Budgeting and human resource practices are manager's level in an organization and his or
examples of her decision-making responsibilities.
a) operational control
b) management control 53. A well-designed AIS can improve the decision-
c) strategic planning making function within the organization. Which
d) tactical planning statement below would describe a limitation,
rather than a benefit, of an efficient AIS?
49. Accounting information plays major roles in a) An AIS reduces uncertainty, and therefore
managerial decision making by accounting information can provide a basis for
a) identifying situations requiring management choosing among alternative courses of action.
action. b) An AIS identifies situations requiring
b) reducing uncertainty. management action.
c) providing a basis for choosing among c) An AIS provides to its users an abundance of
alternative actions. information without any filtering or
d) all of the above condensing of such information.
d) An AIS provides information about the results
50. Business activities that pertain to product of previous decisions which provides decision
pricing, discount and credit terms, and makers with feedback that can be used in future
identifying the most and least profitable items decision making.
are part of the __________ activity in the
organization's value chain. 54. A strategic position is important to the success
a) service and growth of any organization. Harvard
b) marketing and sales professor Michael Porter has identified three
c) operations basic strategic positions. Which statement
d) inbound logistics below is false regarding these basic strategic
positions?
51. A principal focus of AIS is to assist with the a) The three basic strategic positions are
decision-making function of an organization. mutually exclusive of each other.
The degree of support AIS can provide depends b) Part of a needs-based strategic position is to
on the type of decision being made. Decisions identify a target market.
are categorized in terms of the degree of c) An access-based strategic position involves
existing structure or the effect of their scope. serving a subset of customers who differ from
From the items below, select the description other customers in terms of geographic location
that is an example of a semi-structured or size.
decision. d) A variety-based strategic position involves
a) selecting basic research projects to undertake producing or providing a subset of the
b) setting a marketing budget for a new industry's products or services
product
c) extending credit to an established customer 55. A strategic position is important to the success
d) hiring a senior manager and growth of any organization. Harvard
professor Michael Porter has identified two
52. Regarding decision scope, which statement basic business strategies. Which statement
below is true? below is false regarding these basic strategies?
a) Operational control is concerned with the a) A product differentiation strategy entails
effective and efficient use of resources for adding features or services not provided by
accomplishing organizational objectives. competitors to a product so customers can be
b) Management control is concerned with the charged a premium price.
effective and efficient performance of specific b) A low-cost strategy entails striving to be the
tasks. most efficient producer of a product or service.
c) Strategic planning is concerned with c) Sometimes a company can succeed in both
producing a better product and achieving low c) Use of the Internet reduces pressure to
costs. compete on price.
d) The two basic strategic positions are d) The most important effect of the
mutually exclusive. development of the Internet in business is the
increased importance of adopting a viable
56. According to Michael Porter, to be successful in business strategy
the long run, a company must
a) deliver greater value to customers and/or CHAPTER 2
create comparable value at a lower cost.
b) maximize profits.
c) maximize shareholder value. 1. What usually initiates data input into a system?
d) both B and C a. The transaction system automatically
checks each hour to see if any new data
57. A variety-based strategic position involves is available for input and processing.
a) trying to serve most or all of the needs of a b. The performance of some business
particular group of customers. activity generally serves as the trigger
b) serving a subset of customers who differ for data input.
from other customers. c. A general ledger program is queried to
c) providing a subset of the industry's products produce a trial balance at the end of an
or services. accounting period.
d) serving all needs of all customers. d. Data is only input when a source
document is submitted to the
58. A needs-based strategic position involves accounting department.
a) trying to serve most or all of the needs of a 2. An ERP system might facilitate the purchase of
particular group of customers. direct materials by all of the following except
b) serving a subset of customers who differ a. selecting the best supplier by
from other customers. comparing bids.
c) providing a subset of the industry's products b. preparing a purchase order when
or services. inventory falls to reorder point.
d) serving all needs of all customers c. routing a purchase order to a
purchasing agent for approval.
59. An access-based strategic position involves d. communicating a purchase order to a
a) trying to serve most or all of the needs of a supplier.
particular group of customers.
b) serving a subset of customers who differ 3. Which of the following is not true about the
from other customers. accounts receivable subsidiary ledger?
c) providing a subset of the industry's products a. Debits and credits in the subsidiary
or services. ledger must always equal.
d) serving all needs of all customers. b. Every credit sale is entered individually
into the subsidiary ledger.
60. The Internet has changed the way many c. The total of the subsidiary ledgers must
processes are performed in business today. The equal the control account.
Internet has had a material effect on the five d. The subsidiary ledgers play an
primary characteristics in the value chain and important role in maintaining the
on the strategy adopted by businesses that accuracy of the data stored in the AIS.
incorporate use of the Web into their business 4. Changing an employee's hourly wage rate
systems. Which statement below is true would be recorded in which file
regarding the Internet relative to a strategic a. Employee master file
position that a business may adopt? b. Employee transaction file
a) Use of the Internet has reduced the power of c. Payroll master file
buyers. d. Payroll transaction file
b) The Internet has increased the barriers to 5. A typical source document could be
entry in many industries. A) in some paper form.
B) a computer data entry screen. same area of the document.
C) a notepad entry. C) they provide directions and steps for
D) both A and B completing the form.
D) All of the above are correct.
6. Which step below is not considered to be part
of the data processing cycle? 13. When the sum of all entries in the subsidiary
A) data input ledger equals the balance in the corresponding
B) feedback from external sources general ledger account, it is assumed that
C) data storage A) the recording processes were accurate.
D) data processing B) all source documents were recorded.
C) adjusting entries are not required.
7. Common source documents for the revenue D) no errors exist in the subsidiary ledger.
cycle include all of the following except
A) sales order. 14. The general ledger account that corresponds to
B) receiving report. a subsidiary ledger account is known as a
C) delivery ticket. A) dependent account.
D) credit memo. B) attribute account.
8. Which of the following documents would be C) entity account.
found in the expenditure cycle? D) control account.
A) delivery ticket
B) time card 15. Pre-numbered checks, invoices, and purchase
C) credit memo orders are examples of
D) purchase order A) sequence codes.
B) block codes.
9. Documents that are sent to customers or C) group codes.
suppliers and then sent back to the company in D) mnemonic codes.
the course of a business transaction are known
as 16. A general journal
A) turnaround documents. A) would be used to record monthly
B) source documents. depreciation entries.
C) source data automation. B) simplifies the process of recording large
D) transaction documents. numbers of repetitive transactions.
C) records all detailed data for any general
10. Which of the following is an example of source ledger account that has individual sub-accounts.
data automation? D) contains summary-level data for every
A) a utility bill account of the organization.
B) POS (point-of-sale) scanners in retail stores
C) a bill of lading 17. The general ledger
D) a subsidiary ledger A) is used to record infrequent or non-routine
transactions.
11. Pre-numbering of source documents helps to B) simplifies the process of recording large
verify that numbers of repetitive transactions.
A) all transactions have been recorded since C) records all detailed data for any general
the numerical sequence serves as a control. ledger account that has individual sub-accounts.
B) source data automation was used to capture D) contains summary-level data for every
data. account of the organization.
C) documents have been used in order.
D) company policies were followed. 18. A subsidiary ledger
A) is used to record infrequent or non-routine
12. Source documents generally help to improve transactions.
accuracy in transaction processing because B) simplifies the process of recording large
A) they specify which information to collect. numbers of repetitive transactions.
B) logically related data can be grouped in the C) records all detailed data for any general
ledger account that has individual sub- C) The AIS was often just one of the information
accounts. systems used by an organization to collect and
D) contains summary-level data for every process financial and nonfinancial data.
account of the organization. D) Traditionally, most AIS have been designed
so that both financial and operational data are
19. An audit trail stored in a manner that facilitates their
A) provides the means to check the accuracy integration in reports.
and validity of ledger postings.
B) begins with the general journal. 25. Callow Youth Clothing (CYC) is a boutique
C) is automatically created in every computer- retailer located in Estes Park, Colorado. During
based information system. the peak tourist season, it has average daily
D) is a summary of recorded transactions. cash and credit card sales in excess of $5,000.
What is the best way for CYC to ensure that
20. Concerning a master file, which of the following sales data entry is efficient and accurate?
statements is false? A) Well-designed paper forms
A) A master file is conceptually similar to a B) Source data automation
ledger in a manual AIS. C) Turnaround documents
B) A master file stores cumulative information. D) Sequentially numbered sales invoices
C) A master file exists across fiscal periods.
D) A master file's individual records are rarely, 26. In Petaluma, California, electric power is
if ever, changed. provided to consumers by the Power To The
People Electrical Company (PTTP), a local co-op.
21. Which of the following is conceptually similar to Each month PTTP mails bills to 70,000
a journal in a manual AIS? households and then processes payments as
A) database they are received. What is the best way for this
B) master file business to ensure that payment data entry is
C) record efficient and accurate?
D) transaction file A) Well-designed paper forms
B) Source data automation
22. Which of the following statements is true? C) Turnaround documents
A) Batch processing ensures that stored D) Sequentially numbered bills
information is always current.
B) Batch input is more accurate than on-line 27. The premier buyer and seller of vintage action
data entry. figures in the San Francisco Bay area is Vini Vidi
C) On-line batch processing is a combination of Geeky. Since 1996, the owner, Glamdring
real-time and batch processing. Elfthrall, has leveraged computer technology to
D) Batch processing not frequently used. provide a superior level of customer service. In
particular, the store's database system was
23. The data processing method used by FedEx to designed to make detailed information about
track packages is an example of each individual action figure's characteristics
A) real-time processing. easily accessible. Price information and
B) batch processing. condition are also provided for each inventory
C) online batch processing. item. In this database, the price of figures is
D) real-time batch processing. a(an)
A) entity.
24. Which statement below regarding the AIS is B) attribute.
false? C) field.
A) The AIS must be able to provide managers D) record.
with detailed and operational information
about the organization's performance. 28. The premier buyer and seller of vintage action
B) Both traditional financial measures and figures in the San Francisco Bay area is Vini Vidi
operational data are required for proper and Geeky. Since 1996, the owner, Glamdring
complete evaluation of performance. Elfthrall, has leveraged computer technology to
provide a superior level of customer service. In B) expenditure cycle.
particular, the store's database system was C) financing cycle.
designed to make detailed information about D) production cycle.
each individual action figure's characteristics
easily accessible. Price information and 32. The Cape Fear Rocket Club heads out to the
condition are also provided for each inventory dunes of Kittyhawk, North Carolina every
item. In this database, the data about an August to pierce the sky with their fiery
individual figure is a(an) projectiles. An enterprising seller of t-shirts has
A) entity. devised a series of designs that capture the
B) attribute. spirit of the event in silk-screened splendor. His
C) field. employees can be found on many of the major
D) record. intersections hawking his wares out of the
backs of station wagons and pickup trucks.
29. The premier buyer and seller of vintage action What is the best way for this business to ensure
figures in the San Francisco Bay area is Vini Vidi that sales data entry is efficient and accurate?
Geeky. Since 1996, the owner, Glamdring A) Well-designed paper forms
Elfthrall, has leveraged computer technology to B) Source data automation
provide a superior level of customer service. In C) Turnaround documents
particular, the store's database system was D) Sequentially numbered forms
designed to make detailed information about
each individual action figure's characteristics 33. Which of the following information would most
easily accessible. Price information and likely be reviewed by management on an
condition are also provided for each inventory exception report?
item. In this database, action figures A) Monthly cash budget
(collectively) are a(an) B) Quality control system failures
A) entity. C) Unit sales by territory and salesperson
B) attribute. D) Income statement
C) field.
D) record. 34. All of the following situations would likely be
communicated in an exception report except
30. The premier buyer and seller of vintage action A) production stoppages.
figures in the San Francisco Bay area is Vini Vidi B) weekly credit and cash sales comparison.
Geeky. Since 1996, the owner, Glamdring C) low inventory level.
Elfthrall, has leveraged computer technology to D) expense variances outside acceptable range.
provide a superior level of customer service. In
particular, the store's database system was 35. Changing an employee's hourly wage rate
designed to make detailed information about would be recorded where?
each individual action figure's characteristics A) Employee master file
easily accessible. Price information and B) Employee transaction file
condition are also provided for each inventory C) Special journal
item. In this database, the data about an D) Employee update file
individual figure's price is stored in a(an)
A) entity. 36. Which of the following statements is not
B) attribute. correct?
C) field. A) The audit trail is intended to verify the
D) record. validity and accuracy of transaction recording.
B) The audit trail consists of records stored
31. Hector Sanchez works in the accounting sequentially in an audit file.
department of a multinational manufacturing C) The audit trail provides the means for
company. His job includes updating accounts locating and examining source documents.
payable based on purchase orders and checks. D) The audit trail is created with document
His responsibilities are part of the company's numbers and posting references.
A) revenue cycle.
37. Data about which of the following facets of a C) Controls over access to data
business activity is most likely to be recorded in D) Appropriate disposal of hard copy reports
a transaction file?
A) Business activity
B) Resources affected by the business activity CHAPTER 3
C) People who participate in the business
activity
D) Place the business activity occurs
38. Data about all of the following facets of a

business activity are most likely to be recorded
in a master file except the
A) business activity.
B) resources affected by the business activity.
C) people who participate in the business
1. The correct label for Shape 1 in the flowchart:
activity.
A) Purchase Order 2
D) place the business activity occurs.
B) Purchase Requisition 1
C) Accounts Payable Trial Balance
39. Which of the following statements about data
D) 2
processing methods is true?
A) Online real-time processing does not store
2. The correct label for Shape 2 in the flowchart
data in a temporary file.
A) 1
B) Batch processing cannot be used to update a
master file.
C) Receiving Report 1
C) Control totals are used to verify accurate
D) 2
processing in both batch and online batch
processing.
3. The correct label for Shape 3 in the flowchart
D) Online real-time processing is only possible
A) Purchase Order 4
with source data automation.
C) Vendor
40. In an ERP system, the module used to record
D) 4
data about transactions in the revenue cycle is
called
4. The correct shape for the triangle labeled
A) order to cash.
"Supplier" in the flowchart
B) purchase to pay.
A) magnetic disk
C) financial.
B) terminal
D) customer relationship management.
C) manual process
D) off-page connector
41. A delivery of inventory from a vendor, with
whom a credit line is already established, would
5. The Sarbanes-Oxley Act requires independent
be initially recorded in which type of accounting
auditors to
record and as part of what transaction cycle?
A) create flowcharts using specialized software.
A) purchases journal; expenditure cycle
B) establish and maintain adequate controls in
B) general journal; expenditure cycle
the client's information system.
C) general ledger; expenditure cycle
C) understand a client's system of internal
D) cash disbursements journal; production cycle
controls.
D) prepare and understand all types of system
42. Implementation of an ERP system requires
documentation.
increased focus on all except which of the
following controls ?
A) Segregation of duties between custody,
authorization, and recording 6. The passage of the Sarbanes Oxley Act
B) Data entry controls on validity and accuracy A) made documentation skills even more
important.
B) requires public companies to prepare an
annual internal control report.
C) mandates that auditors must be able to
prepare, evaluate and read documentation
tools such as flowcharts.
D) all of the above
11. Which symbol would be used in a flowchart to
7. A data flow diagram represent a computer process?
A) is a graphical description of the source and A) #1
destination of data that shows how data flow B) #2
within an organization. C) #5
B) is a graphical description of the flow of D) #15
documents and information between 12. Which symbol would be used in a flowchart to
departments or areas of responsibility. represent a decision?
C) is a graphical description of the relationship A) #10
among the input, processing, and output in an B) #16
information system. C) #9
D) is a graphical description of the sequence of D) #6
logical operations that a computer performs as 13. Which symbol would be used in a flowchart to
it executes a program. represent an invoice sent to a customer?
A) #2
B) #6
8. Most processes on a DFD can be identified by C) #1
A) data in-flows only. D) #15
B) data out-flows only. 14. Which symbol would be used in a flowchart to
C) data flows both into or out of a process. represent a general ledger?
D) always being followed by a data store. A) #2
B) #1
9. A DFD created at the highest-level or summary C) #3
view is referred to as a D) #5
A) process diagram. 15. Which symbol would be used in a flowchart to
B) overview diagram. represent a manual process?
C) content diagram. A) #5
D) context diagram. B) #6
C) #10
10. In a payroll processing DFD, the "prepare D) #11
reports" activity will be represented by 16. Which symbol would be used in a flowchart to
________, the "employee payroll file" will be represent a file of paper documents?
represented by ________, and the A) #7
"management" will be represented by B) #8
________. C) #9
A) a circle; two horizontal lines; a square D) #15
B) a circle; two horizontal lines; two horizontal 17. Which symbol would be used in a flowchart to
lines represent a general ledger master file kept on
C) a rectangle; a square; a circle magnetic disk?
D) a square; two horizontal lines; a circle A) #2
B) #5
C) #7
D) #8
18. Which symbol would be used in a flowchart to

represent a general ledger master file kept on
magnetic disk?
A) #2 destinations. The documentation tool that he
B) #5 should employ for this purpose is a
C) #7 A) data flow diagram.
D) #8 B) document flowchart.
19. Which symbol would be used in a flowchart to C) system flowchart.
represent employee time cards sent by D) program flowchart.
department managers to the payroll
department? 26. Chas Mulligan has been hired by Yardley
A) #1 Security as an assistant to the internal auditor.
B) #4 He has been asked to document the existing
C) #11 accounting information system, and focus on
D) #16 the activities and flow of data between
20. Which symbol would be used in a flowchart to activities. He decides to begin with a summary
represent the display of a report on a computer description of the sources and uses of data in
screen? the organization and how they are processed by
A) #1 the system. The documentation tool that he
B) #2 should employ for this purpose is a
C) #3 A) data flow diagram.
D) #11 B) document flowchart.
21. Which symbol would be used in a flowchart to C) system flowchart.
represent a payroll master file kept on magnetic D) program flowchart.
tape?
A) #4
B) #7 27. Chas Mulligan has been hired by Yardley
C) #8 Security as an assistant to the internal auditor.
D) #9 He has been asked to thoroughly document the
22. Which symbol would be used in a flowchart to existing accounting information system in
represent a communication link? preparation for making recommendations for
A) #12 improvements. He decides to begin by meeting
B) #13 with the information technology staff in order
C) #14 to develop an understanding of the overall
D) #15 operation of the AIS, including data entry,
23. A flowchart that depicts the relationships storage, and output. The documentation tool
among the input, processing, and output of an that he should employ for this purpose is a
AIS is A) data flow diagram.
A) an internal control flowchart. B) document flowchart.
B) a document flowchart. C) system flowchart.
C) a system flowchart. D) program flowchart.
D) a program flowchart.
24. In a program flowchart, branching to alternative CHAPTER 4
paths is represented by
A) a terminal.
B) data/information flow. 1. Which of the items below would not be
C) computer operation. considered a possible common exposure for a
D) decision diamond. corporation?
25. Chas Mulligan has been hired by Yardley A) Excessive prices are paid for goods for use in
Security as an assistant to the internal auditor. the organization.
He has been asked to thoroughly document the B) The corporation never was billed for a sale of
existing accounting information system in merchandise shipped to a customer.
preparation for making recommendations for C) A flash flood destroys the merchandise
improvements to internal controls. He decides contained in a warehouse.
to begin with a description of the information D) Certain equipment was accidentally
stored in paper records, their sources, and their misplaced and not depreciated.
2. Intentional or reckless conduct, whether D) all foreign-owned companies currently
intentional or not, and which results in operating in the United States.
materially misleading financial statements, is
called 8. The Omnibus Trade and Competitiveness Act of
A) fraudulent financial reporting. 1988 (OTCA) amends the
B) corporate crime. A) Securities Exchange Act of 1934.
C) management fraud. B) accounting provisions of the FCPA.
D) None of these answers are correct. C) antibribery provisions of the FCPA.
D) accounting and antibribery provisions of the
FCPA.
3. DWB Corporation suffered a loss due to the
spoilage of certain raw materials used in the
9. The Sarbanes-Oxley Act of 2002 imposes certain
manufacturing of its products. The business
requirements and restrictions on
transaction cycle in which this loss occurred is
A) management.
the
B) auditors.
A) revenue cycle.
C) audit committees.
B) expenditure cycle.
D) All of these answers are correct.
C) finance cycle.
D) production cycle.
10. The Sarbanes-Oxley Act of 2002 explicitly deals
with the non-audit services which auditors can
4. Which of the objectives listed below is not
provide to their audit clients. Certain non-audit
considered part of the internal control process?
services may be permissible, without prior
A) Compliance with applicable laws and
approval of a company's audit committee, if the
regulations
non-audit services
B) The prevention of fraud and embezzlement
A) constitute less than 5% of the audit fees for
C) Effectiveness and efficiency of operations
the corporation.
D) Reliability of financial reporting
B) constitute less than 5% of the audit fees for
the corporation and are not specifically
5. "Amounts due to vendors should be accurately
identified as being barred by SOA 2002.
and promptly classified, summarized, and C) constitute less than 20% of the audit fees for
reported" is a representative control objective the corporation.
of the D) Auditors are barred from any and all non-
A) revenue cycle. audit services for their audit clients according to
B) finance cycle. SOA 2002
C) production cycle.
D) expenditure cycle.
11. The component of internal control that is the
foundation for all other components is
6. The internal control premise that concerns the A) risk assessment.
relative costs and benefits of controls is known B) information and communication.
as C) control activities.
A) responsibility. D) control environment.
B) risk.
C) reasonable assurance.
12. One way in which a company can produce a
D) exposure.
corporate culture that supports ethical behavior
is through
7. Section 102 of the Federal Foreign Corrupt A) emphasis on sales quotas and deadlines.
Practices Act of 1977 (FCPA) applies to
B) emphasis on short-run goals and objectives.
A) all public and privately held U.S.-based C) a cultural audit to bring to light the
companies. corporation's true culture and ethical behavior.
B) all companies subject to the Securities D) All of these answers are correct.
Exchange Act of 1934.
C) any publicly held company, whether it is a
13. The formal communications patterns within an
for-profit or non-profit entity.
organization can be communicated using
A) a specific, precise management philosophy.
B) an organizational chart. 20. An agreement or conspiracy among two or
C) a cultural audit. more people to commit fraud is known as
D) an ethical code of conduct. A) embezzlement.
B) misappropriation.
14. Assets fraudulently appropriated for one's own C) collusion.
use from an organization is considered D) misrepresentation.
A) fraud.
B) theft. 21. An analytical technique commonly used to
C) embezzlement. analyze and examine an internal control process
D) a corporate loan. is known as a(n)
A) control flowchart.
15. An interesting aspect of white-collar crime is B) internal control questionnaire.
that C) exposure checklist.
A) it often seems to be victimless. D) segregation of duties.
B) it usually amounts to less than $1,000 per
organization per year on average. 22. An exposure is
C) internal controls almost never reveal the A) synonymous with risk.
perpetrators of such crimes. B) equal to risk multiplied by the likelihood of
D) None of these answers are correct. detection.
C) equal to risk multiplied by the financial
16. Many aspects of computer processing tend to consequences.
significantly D) not possible with a good system of internal
A) decrease an organization's exposure to controls in place.
undesirable events.
B) strengthen the corporate culture's ethical 23. Fraudulent financial reporting
behavior in the long-term analysis. A) involves intentional or reckless conduct.
C) increase employee productivity through the B) may be due to an act of omission or
use of monitoring software. commission.
D) increase an organization's exposure to C) results in misleading financial statements.
undesirable events. D) All of these answers are correct.
17. The department or division of larger 24. Internal control is affected by an organization's
organizations which is responsible for A) board of directors, management, and other
monitoring and evaluating controls on an personnel.
ongoing basis is B) management and internal auditors.
A) internal auditing. C) management and external auditors.
B) external auditing. D) board of directors, management, and
C) internal affairs. shareholders
D) division monitoring.
25. Management's philosophy and operating style
18. The two broad categories of transaction control are part of which component of internal
are control?
A) general controls and specific controls. A) Control activities
B) general controls and application controls. B) Control environment
C) general controls and basic controls. C) Information and communication
D) basic controls and application controls. D) Monitoring
19. Application controls are often classified as 26. Organizational structure is part of which
A) general, processing, and specific. component of internal control?
B) basic, specific, and accounting. A) Control activities
C) general, application, and output.
D) input, processing, and output.
B) Control environment C) blocking.
C) Information and communication D) endorsement.
D) Monitoring
33. The general term for any type of control total or
27. An audit committee is required by count applied to a number of transaction
A) the AICPA. documents is
B) the Securities and Exchange Commission. A) amount control total.
C) generally accepted accounting principles. B) line control total.
D) both the New York Stock Exchange and the C) hash total.
Sarbanes-Oxley Act of 2002. D) batch control total.
28. Which of the following are examples of risks 34. Totals of homogeneous amounts for a group of
that are relevant to the financial reporting transactions or records, usually expressed in
process? dollars or quantities, is known as a(n)
A) Changes in the operating environment A) batch control total.
B) Changes in personnel B) hash total.
C) Changes in the information system C) amount control total.
D) All of these answers are correct. D) line total.
29. The three types of functions that normally 35. The reentry of transaction data with machine
should be segregated to promote internal comparison of the initial entry to the second
control are entry to detect errors is called
A) recording transactions, authorizing A) batch balancing.
transactions, and approval. B) key verification.
B) authorizing transactions, approving C) validity checking.
transactions, and custody of assets. D) a run-to-run comparison.
C) authorizing transactions, recording
transactions, and custody of assets. 36. A repetition of processing and an accompanying
D) authorizing transactions, inputting data, and comparison of individual results for equality is
outputting data. called
A) redundant processing.
30. A computer-produced document that is B) matching.
intended for resubmission into the system, such C) run-to-run comparison.
as the part of the utility bill that the customer D) readback.
returns with payment, is a(n)
A) invoice. 37. The identification and analysis of differences
B) dual-submit document. between the values contained in two
C) turnaround document. substantially identical files or between a detail
D) automated input document. file and a control file is
A) validity checking.
31. The marking of a form or document to direct or B) verification.
restrict its further processing is called C) reconciliation.
A) an endorsement. D) clearing.
B) a restriction.
C) blocking. 38. The identification of unprocessed or retained
D) a cancellation. items in files according to their date, usually the
transaction date, is
32. Identifying transaction documents to prevent A) clearing.
their further or repeated use after they have B) aging.
performed their function is known as C) periodic auditing.
A) cancellation. D) summary processing.
B) restriction. 39. Research indicates that the most frequent type
of fraud is
A) misappropriation of funds. invoices which are to be posted
B) check forgery. C) A document count of the invoices
C) false invoices. D) A control total of the amounts to be posted
D) credit card fraud.
45. Which of the following would impair the
40. Research indicates that the most expensive type effectiveness of the separation of incompatible
of fraud is functions in an organization?
A) patent infringement. A) The personnel director reports to the vice
B) false financial statements. president for administration.
C) credit card fraud. B) The controller reports to the vice president
D) All of these types of fraud are equally of sales.
expensive. C) The cashier reports to the treasurer.
D) The director of budgeting reports to the
41. An audit committee controller.
A) is composed only of an organization's
shareholders. 46. A well planned system of internal accounting
B) should be primarily composed of only control normally would include procedures that
external board members (a NYSE are designed to provide reasonable assurance
requirement). that
C) ideally should be composed only of members A) employees act with integrity when
who are also high-level executives in the performing their assigned tasks.
organization. B) decisions leading to management's
D) ideally should report directly to the authorization of transactions are sound.
controller. C) collusive activities would be detected by
segregation of employee duties.
42. The FCPA requires that a system of internal D) transactions are executed in accordance
accounting controls with management's general or specific
A) guarantee that profits are correctly stated in authorization.
a firm's audited financial statements.
B) provide absolute assurance that transactions 47. Monitoring, the fifth component of internal
are executed only in accordance with control, involves
management's authorization. A) assessing the quality of internal controls
C) provide reasonable assurance that access to over time and taking corrective actions if
assets is permitted only in accordance with necessary.
management's authorization. B) studying the methods used and records
D) ensure the long-run profitability of an established to identify, assemble, analyze,
organization. classify, record, and report the organization's
transactions.
43. If the treasury and controller functions are C) maintaining accountability for the financial
independent, which of the following should be structure (i.e., assets and liabilities) of the
assigned to the controller to maintain effective organization.
control? D) assessing and managing the risks that affect
A) Approval of disbursements the organization's objectives.
B) Responsibility for check signing
C) Custody of short-term investment securities 48. ERM contains eight components. Which one of
D) Authorization of write-offs of accounts the following is not a component of ERM?
receivable A) Internal environment
B) Risk assessment
44. A clerk accidentally posts a prenumbered sales C) Risk response
invoice of $625 as $265 to a customer's D) Risk elimination
account. What control would detect this error? 49. Which one of the following is not an element of
A) A hash total of the invoice numbers the internal control process?
B) A sequence check of the numbers of the A) Control environment
B) Risk assessment D) disaster planning has largely been ignored in
C) Risk response the literature.
D) Monitoring
2. Which of the following is the greatest risk to
50. Guidance for Section 404 compliance can be information systems and causes the greatest
found in dollar losses?
A) COSO reports. A) human errors and omissions
B) ISO 27002. B) physical threats such as natural disasters
C) the United States Federal Sentencing C) dishonest employees
Guidelines. D) fraud and embezzlement
D) Guidance can be found in all of the above.
3. Identify the threat below that is not one of the
51. COSO's Guidance on Monitoring Internal four types of threats faced by accounting
Control Systems includes the following phases information systems.
except A) natural and political disasters
A) establishing a foundation for monitoring. B) software errors and equipment malfunctions
B) designing and executing monitoring C) unintentional acts
procedures that are based on risk. D) system inefficiency
C) developing the objectives for the level of
risk that can be tolerated by management. 4. A power outage is an example of a(n) ________
D) assessing and reporting the results. threat.
A) natural and political disasters
52. The problems small businesses encounter with B) software errors and equipment
internal control that are addressed by COSO malfunctions
include the following except C) unintentional acts
A) effective boards of directors. D) system inefficiency
B) limited segregation of duties and increased
focus on monitoring. 5. Excessive heat is an example of a(n) ________
C) compensating for limitations in information threat.
technology. A) natural and political disasters
D) outsourcing increased reporting B) software errors and equipment malfunctions
requirements. C) unintentional acts
D) system inefficiency
53. Small and large companies can gain cost
efficiencies in internal control by 6. What was the first known cyber-attack intended
A) focusing financial items that have changed to harm a real-world physical target?
the most from period to period. A) Sasser
B) managing reporting objectives. B) Stuxnet
C) effectively managing the amount and types C) Michelangelo
of documentation on adequate controls. D) Doomsday
D) All of the above will enable small companies
to gain cost efficiencies. 7. What agency did the United States create to use
cyber weapons and to defend against cyber
CHAPTER 5 attacks?
A) U.S. Cyber Command
B) Department of Network Security
1. Perhaps the most striking fact about natural
C) Department of Cyber Defense
disasters in relation to AIS controls is that
D) Department of Technology Strategy
A) many companies in one location can be
seriously affected at one time by a disaster.
8. Which type of threat causes the greatest dollar
B) losses are absolutely unpreventable.
losses?
C) there are a large number of major disasters
A) software errors and equipment malfunctions
every year.
B) unintentional acts
C) intentional acts risk.
D) system inefficiency B) detect all material fraud.
C) alert the Securities and Exchange
9. Logic errors are an example of which type of Commission of any fraud detected.
threat? D) take all of the above actions.
A) natural and political disasters
B) software errors and equipment malfunctions 14. Intentional or reckless conduct that results in
C) unintentional acts materially misleading financial statements is
D) system inefficiency called
A) financial fraud.
10. Seble wants to open a floral shop in a B) misstatement fraud.
downtown business district. She doesn't have C) fraudulent financial reporting.
funds enough to purchase inventory and pay six D) audit failure fraud.
months'' rent up front. Seble approaches a good
friend, Zhou, to discuss the possibility of Zhou 15. Which of the following is not an example of one
investing funds and becoming a 25% partner in of the basic types of fraud?
the business. After a lengthy discussion Zhou A) While straightening the store at the end of
agrees to invest. Eight months later, Zhou and the day, a shoe store employee finds and
Seble have a major argument. In order for Zhou keeps an expensive pair of sunglasses left by a
to sue Seble for fraud, all the following must be customer.
true except: B) An executive devised and implemented a
A) Zhou's decision to invest was primarily based plan to accelerate revenue recognition on a
on Seble's assertion that she had prior floral long-term contract, which will allow the
retail experience. company to forestall filing for bankruptcy. The
B) Seble told Zhou she had worked at a floral executive does not own any stock, stock options
shop for several years, when in fact she did not or grants, and will not receive a bonus or perk
have any prior experience in floral retail. because of the overstated revenue.
C) before Zhou invested, Seble prepared a C) A purchasing agent places a large order at
detailed business plan and sales forecasts, and higher-than-normal unit prices with a vendor
provided Zhou with copies. that gave the agent tickets to several football
D) Zhou's 25% share of the business is worth games.
substantially less than her initial investment. D) A salesperson approves a large sales discount
on an order from a company owned partially by
11. Perpetrators do not typically the salesperson's sister.
A) attempt to return or pay back stolen
amounts soon after the initial theft, but find 16. All of the following are required for an act to be
they are unable to make full restitution. legally classified as fraudulent except
B) use trickery or lies to gain the confidence and A) a falsehood is made.
trust of others at the organization they defraud. B) about a material fact.
C) become bolder and more greedy the longer C) to inflict pain.
the theft remains undetected. D) resulting in a financial loss.
D) begin to rely on stolen amounts as part of
their income. 17. Misappropriation of assets is a fraudulent act
that involves
12. "Cooking the books" is typically accomplished A) dishonest conduct by those in power.
by all the following except B) misrepresenting facts to promote an
A) overstating inventory. investment.
B) accelerating recognition of revenue. C) using computer technology to perpetrate.
C) inflating accounts payable. D) theft of company property.
D) delaying recording of expenses.
18. Lapping is best described as the process of
13. SAS No. 99 requires that auditors A) applying cash receipts to a different
A) plan audits based on an analysis of fraud customer's account in an attempt to conceal
previous thefts of cash receipts. A) An employee's spouse loses her job.
B) inflating bank balances by transferring money B) An employee has a close association with
among different bank accounts. suppliers or customers.
C) stealing small amounts of cash, many times C) An employee suddenly acquires lots of credit
over a period of time. cards.
D) increasing expenses to conceal that an asset D) An employee is upset that he was passed
was stolen over for a promotion.
19. Which of the following is not an example of the 24. Which of the following is a financial pressure
fraud triangle characteristic concerned with that could cause an employee to commit fraud?
rationalization? A) a feeling of not being appreciated
A) revenge against the company B) failing to receive a deserved promotion
B) intent to repay "borrowed" funds in the C) believing that their pay is too low relative to
future others around them
C) sense of entitlement as compensation for D) having a spouse injured in a car accident
receiving a lower than average raise and in the hospital for several weeks
D) belief that the company won't suffer because
an insurance company will reimburse losses 25. Which of the following fraudulent acts generally
takes most time and effort?
20. Insiders are frequently the ones who commit A) lapping accounts receivable
fraud because B) selling stolen inventory to get cash
A) they are more dishonest than outsiders. C) stealing inventory from the warehouse
B) they need money more than outsiders. D) creating false journal entries to overstate
C) they are less likely to get caught than revenue
outsiders.
D) they know more about the system and its 26. In many cases of fraud, the ________ takes
weaknesses than outsiders. more time and effort than the ________.
A) concealment; theft
21. Which of the following is not a management B) theft; concealment
characteristic that increases pressure to commit C) conversion; theft
fraudulent financial reporting? D) conversion; concealment
A) close relationship with the current audit
engagement partner and manager 27. Which of the following is the best way to hide
B) pay for performance incentives based on theft of assets?
short-term performance measures A) creating "cash" through the transfer of
C) high management and employee turnover money between banks
D) highly optimistic earnings projections B) conversion of stolen assets into cash
C) stealing cash from customer A and then using
22. Researchers have compared the psychological customer B's balance to pay customer A's
and demographic characteristics of white-collar accounts receivable
criminals, violent criminals, and the general D) charging the stolen asset to an expense
public. They found that account
A) few differences exist between white-collar
criminals and the general public. 28. Which fraud scheme involves stealing customer
B) white-collar criminals eventually become receipts and applying subsequent customer
violent criminals. cash payments to cover the theft?
C) most white-collar criminals invest their illegal A) kiting
income rather than spend it. B) laundering
D) most white-collar criminals are older and not C) lapping
technologically proficient. D) bogus expense
23. Identify the opportunity below that could 29. One fraudulent scheme covers up a theft by
enable an employee to commit fraud. creating cash through the transfer of money
between banks. This is known as C) allowing computer operators full access to
A) lapping. the computer room
B) misappropriation of assets. D) storing backup tapes in a location where they
C) kiting. can be quickly accessed
D) concealment.
36. How does the U.S. Justice Department define
30. Which characteristic of the fraud triangle often computer fraud?
stems from a lack of internal controls within an A) as any crime in which a computer is used
organization? B) as any act in which cash is stolen using a
A) pressure computer
B) opportunity C) as an illegal act in which a computer is an
C) rationalization integral part of the crime
D) concealment D) as an illegal act in which knowledge of
computer technology is essential
31. Which situation below makes it easy for
someone to commit a fraud? 37. Why is computer fraud often much more
A) placing excessive trust in key employees difficult to detect than other types of fraud?
B) inadequate staffing within the organization A) because massive fraud can be committed in
C) unclear company policies only seconds, leaving little-to-no evidence
D) All of the above situations make it easy for B) because most perpetrators invest their illegal
someone to commit a fraud. income rather than spend it, concealing key
evidence
32. What is the most prevalent opportunity within C) because most computer criminals are older
most companies to commit fraud? and more cunning than perpetrators of other
A) lack of any internal controls types of fraud
B) failure to enforce the internal controls D) because perpetrators usually only steal very
C) loopholes in the design of internal controls small amounts of money at a time, requiring a
D) management's failure to believe employees long period of time to pass before discovery
would commit fraud
38. Why is computer fraud often more difficult to
33. This component of the fraud triangle explains detect than other types of fraud?
how perpetrators justify their (illegal) behavior. A) Rarely is cash stolen in computer fraud.
A) pressure B) The fraud may leave little or no evidence it
B) rationalization ever happened.
C) concealment C) Computers provide more opportunities for
D) opportunity fraud.
D) Computer fraud perpetrators are just more
34. The most efficient way to conceal asset clever than other types of criminals.
misappropriation is to
A) write-off a customer receivable as bad debt. 39. Why do many fraud cases go unreported and
B) alter monthly bank statements before unprosecuted?
reconciliation. A) Major fraud is a public relations nightmare.
C) alter monthly physical inventory counts to B) Fraud is difficult, costly, and time-consuming
reconcile to perpetual inventory records. to investigate and prosecute.
D) record phony payments to vendors. C) Law enforcement and the courts are often so
busy with violent crimes that little time is left
for fraud cases.
D) all of the above
35. Which of the following is least likely to result in
computer fraud? 40. The fraud that requires the least computer
A) releasing data to unauthorized users knowledge or skill involves
B) allowing computer users to test software A) altering or falsifying source data.
upgrades B) unauthorized use of computers.
C) tampering with or copying software. A) Requiring all employees to take annual
D) forging documents like paychecks. vacations
B) Monitoring employee bank accounts and net
41. The simplest and most common way to commit worth
a computer fraud is to C) Monitoring employee behavior using video
A) alter computer input. cameras
B) alter computer output. D) Explaining that fraud is illegal and will be
C) modify the processing. severely punished to employees
D) corrupt the database.
47. Which of the following is not a way to make
42. Downloading a master list of customers and fraud less likely to occur?
selling it to a competitor is an example of A) Adopt an organizational structure that
A) data fraud. minimizes the likelihood of fraud.
B) output theft. B) Create an organizational culture that stresses
C) download fraud. integrity and commitment to ethical values.
D) fraudulent financial reporting. C) Create an audit trail so individual
transactions can be traced.
43. Most frauds are detected by D) Effectively supervise employees.
A) external auditors.
B) hotline tip. 48. Which of the following is not a way to reduce
C) internal auditors. fraud losses?
D) the police. A) Conduct periodic external and internal
audits.
44. Which of the following will not reduce the B) Maintain adequate insurance.
likelihood of an occurrence of fraud? C) Use software to monitor system activity.
A) encryption of data and programs D) Store backup copies of program and data
B) use of forensic accountants files.
C) adequate insurance coverage
D) required vacations and rotation of duties 49. Which of the following is not a way to improve
fraud detection?
45. On Tuesday morning, Chen Lee, Chief A) Install fraud detection software.
Information Officer at American Trading B) Implement a fraud hotline.
Corporation (ATC), got some bad news. The C) Employ a computer security officer.
hard drive use to store system data backups D) Implement computer-based controls over
was lost while it was being transported to an input, processing, storage, and output
offsite storage location. Chen called a meeting activities.
of her technical staff to discuss the implications
of the loss. Which of the following is most likely
to relieve her concerns over the potential cost CHAPTER 6
of the loss?
A) ATC has a comprehensive disaster recovery 1. A significant benefit of the quantitative
plan. approach to risk assessment is that
B) The hard drive was encrypted and password A) often the most likely threat to occur is not
protected. the one with the largest exposure.
C) The shipper has insurance that will reimburse B) the relevant cost of the loss's occurrence is
ATC for the cost of the hard drive. an estimate.
D) ATC has a copy of the hard drive onsite, so a C) the likelihood of a given failure requires
new copy for storage offsite can easily be predicting the future.
prepared. D) the approach estimates the costs and
benefits to the perpetrators of attacks.
46. ________ is a simple, yet effective, method for
catching or preventing many types of employee 2. When the qualitative approach to risk
fraud. assessment is used, costs might be estimated
using C) piggybacker.
A) replacement costs. D) spy.
B) service denial costs. 9. The method used in most cases of computer
C) business interruption costs. fraud is
D) All of these answers are correct. A) program alteration.
B) input manipulation.
3. An extremely risk-seeking perpetrator C) data theft.
A) will offer his or her services to the "highest D) sabotage.
bidder."
B) will take very large risks for a small reward. 10. A defrauder substitutes his own version of a
C) is almost always a terminated employee of company's master file for the real one. This
the organization he or she attacks. method of computer fraud is known as
D) will take small risks for small rewards. A) direct file alteration.
B) data theft.
4. A weakness in an information security system is C) misappropriation of information resources.
A) a threat. D) Answers B and C above are both correct.
B) computer sabotage.
C) a vulnerability. 11. Sometimes computer programs are used to
D) a system fault. commit acts of sabotage. A destructive program
masquerading as a legitimate one is called a
5. Information security is an international A) logic bomb.
problem. Which countries below have set B) worm.
criminal penalties of up to 10 years for C) virus.
fraudulent use of computer services or the D) Trojan horse.
intentional changing of a data processing record
with the intent of enrichment? 12. Sometimes computer programs are used to
A) Canada and Finland commit acts of sabotage. A computer program
B) Switzerland and Canada that actually grows in size as it infects more and
C) Denmark and Finland more computers in a network is known as a
D) France and Germany A) Trojan horse.
B) logic bomb.
6. Which group of people listed below would not C) virus.
pose a high degree of threat to an D) worm.
organization's information system?
A) Systems personnel 13. In an information security system, security
B) Users measures focus on
C) Intruders A) correcting the effects of threats.
D) External auditors B) preventing and detecting threats.
C) management philosophy and operating style.
7. Which individual listed below is placed in a D) the internal audit function.
position of great trust, normally having access
to security secrets, files and programs? 14. A form of sabotage in which very large numbers
A) Systems supervisor of requests flood a Web server within a short
B) Programmer time interval is known as a
C) Computer maintenance person A) denial of service attack.
D) Data control clerk B) logic bomb.
C) macro virus.
8. An intruder who intercepts legitimate D) grid overload.
information and replaces it with fraudulent
information is known as a 15. The most important personnel policy and
A) hacker. practice regarding information systems security
B) wiretapper. is that
A) there should be adequate supervision of
personnel at all times. 20. What is an example of fault tolerance applied at
B) employees should be required to rotate jobs. the transaction level?
C) the duties of computer users and computer A) Consensus-based protocols
systems personnel should be segregated. B) Read-after-write checks
D) employees should be required to take C) Database shadowing
vacations. D) Flagging
16. The primary way to prevent active threats 21. Disk shadowing is an example of a fault
concerning fraud and sabotage is to implement tolerance applied at what level?
successive layers of access controls. The second A) Network communications
step behind the layered approach to access B) DASD
control is to C) Transaction
A) prevent unauthorized access to both data D) CPU processor
and program files.
B) physically separate unauthorized individuals 22. An example of a fault tolerance at the network
from computer resources. communications level is
C) classify all data and equipment according to A) a watchdog processor.
their importance and vulnerability. B) disk mirroring.
D) keep unauthorized users from using the C) rollback processing.
system. D) an uninterruptable power supply.
17. The primary way to prevent active threats 23. Since many personal computer users do not
concerning fraud and sabotage is to implement properly back up their files, a system that
successive layers of access controls. centralizes the backup process is essential. A
Withholding administrative rights from backup of all files on a given disk is known as
individual PC users is an example of a a(n)
A) file access control. A) full backup.
B) system access control. B) differential backup.
C) site access control. C) incremental backup.
D) None of these answers are correct. D) emergency backup.
18. The primary way to prevent active threats 24. The type of backup which avoids the problems
concerning fraud and sabotage is to implement which arise from restoring incremental backups
successive layers of access controls. Such an is a(n)
approach involves erecting multiple layers of A) full backup.
controls that separate the would-be perpetrator B) partial backup.
from his or her potential targets. One file-access C) archive restoration.
control system that will prevent unauthorized D) differential backup.
access is (are)
A) a password management system. 25. One Internet security problem arises from
B) biometric hardware authentication. configuration problems in the area of
C) locked files. configuring permissions for directories. This is
D) a firewall. an example of
A) an operating system vulnerability.
19. Controls can be designed to provide a defense B) a Web server vulnerability.
from both active and passive threats. An C) a private network vulnerability.
example of a passive threat is D) server program vulnerability.
A) a rolling blackout.
B) a Trojan horse. 26. A Trojan horse program placed on one
C) an unhappy employee. computer with the objective of attacking
D) a password which has been compromised. another computer is an example of which
Internet security vulnerability?
A) A Web server and its configuration
B) An operating system and its configuration 32. The first step in managing disaster risk is
C) A private network and its configuration A) to obtain business interruption insurance.
D) A general security procedure B) disaster prevention.
C) contingency planning.
27. The primary way to prevent active threats D) to analyze and list recovery priorities.
concerning fraud and sabotage is to implement
successive layers of access controls. However, 33. Which of the following causes of disasters
the widespread adoption and use of the occurs less than any other cause?
Internet has made it impossible to completely A) Natural disasters
implement which layer of the layered-access B) Human errors
approach to security? C) Deliberate actions
A) Site-access D) Passive threats
B) System-access
C) File-access 34. A disaster recovery plan should include
D) None of these answers is correct. A) a list of priorities for recovery.
B) an evaluation of a company's needs in the
28. The best general security procedure is event of a disaster.
A) to use advanced information security system C) a set of recovery strategies and procedures.
software. D) All of these answers are correct.
B) for system administrators to enforce system
security policies that already exist. 35. One recovery strategy in the event of a disaster
C) to isolate computer facilities from the rest of is an alternative processing arrangement. An
the company. arrangement between two companies in which
D) to eliminate access privileges to all remote each company agrees to help the other if the
users. need arises is a(n)
A) commercial vendor arrangement.
29. General security procedures are essential in B) computer service bureau agreement.
Internet security. One especially important C) shared contingency arrangement.
weakness that hackers may attempt to exploit D) alternate site center.
in this area is to
A) guess at passwords. 36. A company which specializes in processing the
B) rewrite computer source code. data of other companies, but not its own, is a(n)
C) alter log files to "cover their tracks." A) computer service bureau.
D) steal the hard drives of personal computers B) commercial vendor of disaster services.
used as Web servers. C) emergency response center.
D) flying-start site.
30. Which item listed below is a weakness of using
a firewall for Internet security? 37. The possibility of losing employees to a disaster
A) IP addresses can be spoofed. should be addressed in
B) Firewalls can block incoming access on A) a salvage plan.
computer networks. B) an alternative processing arrangement.
C) Firewalls can block outgoing access on C) the personnel replacement plan.
computer networks. D) the personnel relocation plan.
D) Firewalls can be set to only allow limited
outgoing access to particular programs or 38. One recovery strategy in the event of a disaster
servers. is an alternative processing arrangement using a
backup site. A site which contains the wiring for
31. Disaster risk management is concerned with computers and also having the equipment is a
A) the prevention of disasters. A) cold site.
B) the layered-access approach to security. B) hot site.
C) contingency planning. C) flying-start site.
D) Answers A and C are both correct. D) service bureau.
39. Which of the following is an ideal password? D) process hypothetical transactions through
A) ABC123 the system.
B) DOG&bone
C) sky&CAT 45. To detect unauthorized direct changes to
D) 2s&Ytc8x master files, the auditor traces these changes
back to the underlying
40. If users are permitted to choose their own A) transaction files.
passwords, the best procedure is to B) source documents.
A) forbid users from choosing certain "easy-to- C) hypothetical transactions.
guess" passwords. D) control account balances.
B) forbid users to change their passwords later.
C) allow users to choose passwords they can 46. A type of processing that writes a transaction to
easily remember. disk only if it has been completed successfully is
D) allow users to choose the appropriate A) rollback processing.
expiration date for their passwords. B) disk mirroring.
C) fault-tolerant processing.
41. A flying-start site D) read-after-write checking.
A) is the most commonly adopted option for
companies with disaster recovery plans. 47. The most basic security procedure in system-
B) usually cannot be made operational within access controls is the
24 hours. A) sign-countersign system.
C) involves mirroring of transactions at the B) identification of the user's ID, time, and date
primary site, followed by transmission of data of each entry.
to the backup site. C) user's responsibility to protect his or her
D) is arranged through a service bureau. password.
D) system's assignment of the user ID and
42. After a planning committee has been appointed password.
and the support of senior management has
been obtained, the first step in designing a 48. Jennifer Nguyen is interested in archiving
disaster recovery plan is several data files. She should
A) determining what computer-related A) use a full backup for each file.
resources are critical. B) use an incremental backup for each file.
B) naming an emergency response team. C) store the data files on media suitable for
C) finding a suitable alternative processing site long-term storage.
to use in an emergency. D) use a differential backup for each file and
D) listing the company's recovery priorities. restore each file.
43. Sandra Johnson is her company's chief security 49. The ________ makes it a federal felony for
officer. She is interested in obtaining fault anyone other than law enforcement or
tolerance at the direct-access storage device intelligence officers to pretext phone records.
level. Which of the following methods would be A) Computer Fraud and Abuse Act of 1986
of most interest to her? B) Telephone Records and Privacy Protection
A) Rollback processing Act of 2006
B) Disk mirroring C) Gramm-Leach-Bliley Act
C) Consensus-based protocols D) Health Insurance Portability and
D) Database shadowing Accountability Act
44. The best way to test the integrity of a computer 50. The three objectives of information security
system is to include
A) review all system output thoroughly. A) confidentiality, integrity, and availability.
B) review all system input thoroughly. B) protection, responsibility, and continuity.
C) sample the system's actual transactions. C) confidentiality, protection, and continuity.
D) responsibility, integrity, and availability.
51. The information security management system B) spyware.
life cycle includes analysis, design, C) malware.
implementation, and D) exploits.
A) operation, evaluation, and management.
B) operation, evaluation, and control. 59. The ________ makes it a federal crime, with a
C) operation, management, and continuity. mandatory prison sentence, to pretext any kind
D) operation, control, and continuity. of information that relates to a relationship
between a consumer and a financial institution.
52. Guidelines and standards that are important to A) Computer Fraud and Abuse Act of 1986
Information Security Management Systems B) Telephone Records and Privacy Protection
include all the following except Act of 2006
A) COSO. C) Gramm-Leach-Bliley Act
B) COBIT. D) Health Insurance Portability and
C) ERM. Accountability Act
D) ISO 27000 series.
60. When a hacker takes advantage of a
53. The ISO series number that defines a code of vulnerability to access the software, hardware,
best practices for ISMSs is or data in an unauthorized manner a(n)
A) 27000. ________ has occurred.
B) 27001. A) exploit
C) 27002. B) vector
D) 27003. C) exposure
D) virtualization
54. The ISO series numbers that define
implementation, measuring performance, and 61. In general, ________ arise from improperly
risk management for ISMSs include installed or configured software and from
A) 27000-27002. unforeseen defects or deficiencies in the
B) 27003-27005. software.
C) 27006-27008. A) exploits
B) virtualizations
55. Hackers can be categorized as white, black, or C) vulnerabilities
________ hat hackers. D) exposures
A) gray
B) green 62. Sabotage is a(n) ________ threat.
C) top A) active
D) None of these answers is correct. B) passive
C) direct
56. Hacker methods include all of the following D) second layer
except
A) social engineering. 63. Input ________ is an example of a system
B) direct observation. attack method.
C) electronic interception. A) vector
D) continuity prevention. B) manipulation
C) hacking
57. Examples of social engineering include D) buffer
A) pretexting and phishing.
B) pretexting and direct observation. 64. ________ involves running multiple operating
C) phishing and direct observation. systems, or multiple copies of the same
D) pretexting, phishing, and direct observation. operating system, all on the same machine.
A) Hypervisor
58. Viruses and denial of service attacks are B) Business continuity planning
examples of C) Virtualization
A) electronic interception. D) Subscriber Identity Module (SIM)
65. All software and data is stored by the SaaS features
provider in the A) biometric hardware authentication
A) hypervisor. B) dumpster diving
B) cloud. C) vulnerability scanner
C) stars. D) code injection
D) grid.
73. Commonly used in backup systems to indicate
66. ________ computing involves clusters of whether a file has been altered
interlinked computers that share common A) archive bit
workloads. B) pretexting
A) Grid C) phishing
B) Cloud D) spyware
C) Networked
D) Malware 74. A portion of the computer program that allows
someone to access a system while bypassing
67. Which of the following forms of social normal security procedures
engineering involves impersonation? A) trapdoor
A) Contexting B) botnet
B) Phishing C) spyware
C) Hypervising D) adware
D) Pretexting
75. This type of system requires an odd number of
68. Botnets are normally used for which of the processors
following? A) consensus-based protocol
A) Grid computing B) system-access controls
B) Denial of service attacks C) control for passive threats
C) Continuity planning D) file-access control
D) Cloud computing
76. A type of intruder or attacker
69. Adware is a type of A) botnet
A) virus. B) spyware
B) logic bomb. C) hacker
C) spyware. D) viruses
D) Trojan horse.
77. The concept that if one part of the computer
70. On the local workstation, cloud computing fails, a redundant part is available to take over
A) complicates security considerations. A) fault tolerance
B) simplifies security considerations. B) input manipulation
C) is not involved with security considerations. C) program alteration
D) affects security minimally but still must be D) site-access controls
considered under ISO 27000.
78. A program can be run but not looked at or
71. In the following, which source of information altered
security frameworks or standards targets A) locked files
managers rather than IP professionals? B) fault-tolerance
A) COSO C) database shadowing
B) ISMS D) file-access controls
C) COBIT
D) ISO 79. A company that provides data processing
services to other companies for a fee
72. Systems that automatically identify individuals A) cold site
based on their fingerprints, hand sizes, retina B) service bureau
patterns, voice patterns, and other personal
C) reciprocal disaster agreement 87. The copying and distributing of copyrighted
D) compliance standards software or files without permission
A) grid computing
80. This would include hard disk crashes, power B) piracy
failures, or printer jams C) risk management
A) system fault D) virtualization
B) vulnerability
C) threat 88. All files whose archive bit is set to 1 are backed
D) hypervisor up
A) full backup
81. A duplicate of all transactions is automatically B) differential backup
recorded C) incremental backup
A) database shadowing D) continual backup
B) full backup
C) file-access controls 89. The interception of legitimate information and
D) hypervisor substitution of fraudulent information in its
place
82. A dormant piece of code placed in a computer A) database shadowing
program for later activation by a later event B) piggybacking
A) software piracy C) grid computing
B) logic bomb D) virtualization
C) layered approach
D) access control 90. One who will take risks "just because," without
significant monetary gain
83. The subsystem of the organization that controls A) hacker
these risks B) risk-seeing perpetrator
A) emergency response center C) trojan horse
B) escalation procedures D) viruses
C) information security system
D) service bureau
CHAPTER 7
84. The process of assessing and controlling
computer system risks 1. Fundamental controls over data transfer
A) virtualization between user departments and data processing
B) hypervisor include
C) risk management A) batch control totals
D) escalation
B) data transfer registers
C) acitivity file totals
85. Prevents unauthorized access to both data and
program controls D) A and B are both correct
A) organizational structure 2. Input data should be accompanied by the
B) board of directors completion of a(n)
C) program alteration
A) data transfer log
D) file-access controls
B) input document control form
86. These separate unauthorized individuals from C) data transfer register
computer resources D) key verification control procedure
A) site-access controls 3. Errors in the keying operation can be detected
B) compliance standards
using
C) disaster risk management
A) a key verification control procedure
D) general security procedures
B) a data transfer control register
C) program data editing A) fields
D) none of these is correct B) records
C) files
4. In a manual input system, batch controls are
D) all of these answers are correct
prepared initially by the
A) EDP department 11. A data editing routine that compares data with
B) computer software acceptable values is a
C) user department A) limit test
D) general ledger department B) table lookup
C) financial total check
5. A software-based control procedure that checks
D) valid code check
for some errors as they are being input is called
A) input verification 12. A data editing routine that compares numeric
B) key verification data input within a range is a(n)
C) input control testing A) table lookup
D) transcription checking B) hash total check
C) limit test
6. Key verification is often used
D) internal label test
A) to verify only selected essential fields
B) to verify essential and nonessential numeric 13. An extra digit addded to a code number verified
fields by applying mathematical calculations to
C) to verify all input fields, both alpha and individual code number characters is a
numeric A) control digit
D) when two or more people key input data in B) has digit
unison C) check digit
D) verification digit
7. As a control procedure, key verification requires
that 14. Check digits are especially effective at detecting
A) user departments key all of their own data A) transposition errors
B) input fields are visually verified B) accidental keying mistakes
C) key mismatches are electronically corrected C) incorrect account numbers
D) each source document key-transcribed a D) customer accounts that were never assigned
second time
15. The use of check digits
8. Key verification control procedures A) is highly unusual in today's EDP environment
A) edit data B) is very common because of the high
b) do not use batch totals reliability of this procedure
C) do not edit data C) eliminates using key verification as a control
D) electronically replace incorrect data with procedures
data from an existing database D) eliminates using data editing routines as a
method to detect errors
9. Program data editing is a software technique
that should 16. Electronic data entry
A) be used in addition to verification A) requires no human intervention
B) be used in place of verification B) is sequentially processed
C) be applied only to characters within input C) is always manually entered
fields D) is on-line
D) only be used after visual verification has
17. An essential input field that should contain data
detected errors in the in put
is empty. The data edit control that would
10. Program data editing techniques may be detect this error is a
applied to A) limit check
B) completeness check 24. In an electronic input system requiring human
C) sequence check intervention, the main processing phases and
D) hash total check their proper sequence are
A) dat input and data editing
18. The "amount due" field of a bill is checked to
B) data editing and data input
ensure that the sign is positive. This is an
C) data input and editing, and transfer to the
example of a field
host application system
A) sign check
D) data input, transfer to the host application
B) length check
system, and data editing
C) format check
D) type check 25. A customer pumps gas at a local convenience
store. The customer pays for the gasoline by
19. During input, a data entry clerk incorrectly
inserting a credit card into the gasoline pump.
keyed produce code "ABXY" as "BAXY". Both
This is an example of a(n)
ABXY and BAXY are valid codes. Which of the
A) networked vending machine
following controls would prevent this situation?
B) point-of-sale system
A) a table-lookup procedure
C) automatic identification system
B) a check digit test
D) electronic data interface system
C) key verification
D) limit test 26. A batch processing system would work best
when processing
20. The compensating control for loss of
A) inventory
segregation duties in an electronic input system
B) payroll
is
C) accounts receivable
A) supervision and review
D) accounts payable
B) input document control forms
C) prneumbered documents 27. The first step in a batch-processing environment
D) transaction logs using sequential file updating is
A) Preparing general ledger reports
21. Three technologies make extended supply-chain
B) updating the master file
systems feasible. Which of the below is not
C) preparing the transaction file
one?
D) updating the general ledger
A) XML-type data generation
B) POS system 28. In a system using batch processing with
C) Bar coding for automatic identification sequential file updating, at what point is the
D) EDI ordering system general ledger updated?
A) after all master files are updated
22. A transaction log that is "tagged" means that
B) After each transaction batch is entered
A) it has been catalogued in the EDP library
C) after all transactions are entered
B) it is full and cannot hold any more
D) after each transaction batch is edited
information
C) it has been key verified and data edited 29. When preparing the transaction file in a batch
D) additional, audit-oriented information is processing with sequential file system, the edit
included with original transaction data program
A) builds a transaction file rom processed batch
23. Sue Pang enters salse data into the computer-
input
input program using a keyboard. The type of
B) performs batch balancing procedures
system Sue is using is a(n)
C) ensures all documents are accounted for
A) automatic identification system
prior to processing
B) manual data entry system
D) accumulates revised batch-control totals for
C) point-of-sale system
the input data
D) electronic data interchange system
30. When a system sorts edited data immediately is found in any entry
before a master file update in a batch-oriented D) first documented using a journal voucher,
system, the operation sequence for editing and then are used to build a journal voucher file
sorting is called
35. Computer Processing of accounting data is
A) sort and edit
typically composed of
B) edit and sort
A) producing preliminary reports and then final
C) sort and update
listings after submission of corrections
D) edit and update
B) five steps which occur in four separate and
31. Alberta Products Company updates their distinct cycles
accounts receivable master file each day. The C) sevens steps (following the typical accounting
EDP departments uses the son-father- cycle)
grandfather retention of master files. A D) a series of mathematical algorithms
computer operator accidentally destroyed the
36. In a general ledger accounting system, the link
most recent accounts receivable master file by
created between the general ledger accounts
using the purchase transaction file to update it.
and the reports in which they appear is called
The operator now has today's correct
A) a line locator
transaction file. How can the operator
B) line coding
reconstruct the accounts receivable master file
C) soft coding
for the update?
D) hard coding
A) Process yesterday's son against today's
transaction file 37. The type of file updating which should be used
B) process yesterday's grandfather agains in a DBMS system using batch processing is
yesterday's transaction file A) random-access
C) process yesterday's father against B) sequential-access
yesterday's transaction file C) automatic
D) process yesterday's son against yesterday's D) peer-to-peer
transaction file
38. In a cash remittance processing, the open-items
32. The master file in a computer system is accounts receivable file serves as the
equivalent to which one of the following A) billing data
manual systems features? B) credit sales journal
A) subsidiary ledger C) accounts receivable control account
B) journal D) subsidiary accounts receivable ledger
C) register
D) log 39. An electronic processing system can be used
A) only in a batch environment
33. For a general ledger accounting system to be B) with real-tim on-line processing
properly maintained, data must be C) In either a batch or real-time, on-line
A) collected processing environment
B) recorded D) in situations where documentation is not a
C) properly classified and entered into priority
appropriate records for further summations
D) all of these answers are correct 40. The type of OLRS system in which users do not
input, but only request information, is a(n)
34. In a general ledger file update, all entries into A) data entry system
the general ledger are B) inquiry/response system
A) first documented using a journal voucher C) file processing system
B) updated by each user department as D) transaction processing system
necessary
C) dumped and not processed if any invalid data
41. Which application would not be ideally suited to CHAPTER 8
processing by an OLRS system?
A) Payroll
1. Which of the following activities is optional in
B) on-line reservations
the customer order business management
C) inventory control
process?
D) customer accounts A) Order entry
42. A technology that is not typically used in a real- B) Contract creation
time sales system is C) Shipping
D) Billing
A) bar coding
B) sequential file processing
2. The customer order business management
C) a POS system process begins when a
D an EDI ordering system A) customer order is entered into the system.
43. A retail sales Point-of-Sale terminal B) customer order is shipped.
C) customer invoice is generated and sent to
A) records cash and charge sales
the customer.
B) updates inventory records
D) potential customer makes an inquiry or
C) provides data for posting to daily sales requests a quotation.
records
D) all of the above 3. A document sent to an outside firm to inform
them of product prices, availability, and delivery
44. Automatic identification of products is greatly
information is known as a(n)
enhanced by
A) inquiry.
A) using UPC as a base B) blanket order.
B) employing JIT processing C) quotation.
C) manually prepared price tags affixed by D) sales order
receiving personnel upon delivery
D) transaction tagging using each 4. An outline detailing the goods or services to be
manufacturer's unique inventory control provided to a customer is a(n)
numbers A) contract.
B) inquiry.
45. In real time sales system, which transaction- C) quotation.
processing step below would not be performed D) sales order.
entirely by using EDI?
A) Receiving and translating an incoming 5. The document prepared when a customer is
customer order requesting the delivery of goods that are
B) Sending an acknowledgement of the detailed in a contract is called a
incoming order A) sales order.
C) sending the customer a three-ring bound B) release order.
catalogue using the U.S. mail C) call-off.
D) Answers B and C are both correct.
D) transmitting an advanced shipping notice to
the customer
6. A customer has placed an order. The customer's
46. Output systems can be manual, electronic, or credit has been checked and is satisfactory.
something in between. Irrespective of the When the availability of the goods is checked, it
media used in an output system, output is found that some items are in stock and the
vendor has backordered other items. At this
distribution should be controlled using a
point the customer
A) distribution register
A) may cancel the order.
B) transaction register B) may request the order be held until all goods
C) check register can be shipped.
D) POS terminal C) may request partial shipment of the goods
currently in. C) unloading points.
D) All of these answers are correct. D) initial.
7. A warehouse employee uses a document to 14. In the SAP ERP system, if a company wishes to
fulfill a customer order. The employee is most initiate a dunning procedure against a
likely using a customer, input will be made in the
A) picking list. A) account management screen.
B) packing list. B) payment transactions screen.
C) bill of lading. C) correspondence screen.
D) shipping advice. D) control data screen.
8. In the billing stage of the customer order 15. A company that uses the SAP ERP system wants
business management process, the ERP uses to identify the areas within their company that
much of the data from a customer's sales order have responsibility to a certain customer. The
to create the screen that should be used to enter this
A) goods issued notice. information is
B) invoice. A) correspondence.
C) delivery. B) sales.
D) packing list. C) billing.
D) initial.
9. In the SAP ERP system, how many types of
customer records must be created and 16. Input concerning whether manual invoicing is
maintained? required or if a customer is entitled to rebates
A) Four in the SAP ERP system can be found in the
B) One A) billing screen.
C) Six B) sales screen.
D) Two C) payment transactions screen.
D) account management screen.
10. In the SAP ERP system, all of the different
master records are created when the 17. The final input screen in the "create customer"
A) payee customer record is created. function of the SAP ERP system is the
B) ship-to-customer record is created. A) billing screen.
C) sold-to-customer record is created. B) taxes screen.
D) bill-to-customer record is created. C) partner functions screen.
D) output screen.
11. Hierarchy assignment includes a customer's
A) distribution channel. 18. The SAP ERP system requires a customer master
B) geographical location. record for each customer. A one-time customer
C) credit approval. of the company
D) All of these answers are correct. A) can be passed through the system by using a
"dummy" customer master record.
12. The first screen used to create a customer in a B) should be manually billed using a 30-day
SAP ERP system is account, thus bypassing the SAP ERP system.
A) control data. C) must pay cash and pick up the goods from
B) contact person. the company's shipping dock.
C) initial. D) must be set up using detailed records in the
D) account management. SAP ERP system like any other customer.
13. In the SAP ERP system, the "create customer" 19. When a "sold-to" customer record is created in
screen, which is used to input statistical and the SAP ERP system, other master records are
demographic data, is automatically created using the same
A) control data. information. The input screen in which these
B) marketing. records are associated with each other is the
A) output screen. B) Packing and picking lists
B) billing screen. C) The packing list and a bill of lading
C) account management screen. D) The sales order and an invoice
D) partner functions screen.
26. To maintain an adequate separation of duties,
20. Which input field listed below is not mandatory various functions within the customer order
when creating a sales order in the "initial" process should be independent of each other.
screen of the SAP ERP system? An example of this is
A) Sales organization field A) that billing does not have access to the
B) Sales group accounts receivable ledger.
C) Distribution channel field B) that shipping only accepts goods from
D) Division code field finished goods that are identified on an
independently prepared packing list.
21. Which of the screens listed below in SAP ERP C) Answers A and B are both correct.
system is not optional when a company records D) None of these answers is correct
information relating to a sale?
A) Pricing 27. There are various approaches to an accounts
B) Create sales order receivable application. The approach in which a
C) Business data header customer's remittances are applied against a
D) Scheduling customer's total outstanding balance is called
A) aging schedule processing.
22. The prices entered on sales orders should be B) balance-forward processing.
independent of the sales order function. To C) open-item processing.
achieve this transaction cycle control, the D) None of these answers is correct.
company's ordering system should use
A) an independently prepared master price list 28. To maintain adequate separation of functions,
authorized by management. accounts receivable should not have access to
B) prices found in the order database. A) cash received from customers.
C) prices listed by the sales representative who B) checks received from customers.
initiated the order. C) invoices and credit memos.
D) All of these answers are correct. D) Answers A and B are both correct.
23. A sales order is 29. One process, which is transparent to customers

A) the same as the purchase order. and has a beneficial effect on the company's
B) an external use document. cash flow, is to
C) an internal use document. A) implement a cycle billing plan.
D) optional when selling to established B) factor accounts receivable.
customers. C) decrease the amount of time in which
customers have to pay their monthly invoices.
24. As part of adequate transaction cycle controls in D) Answers B and C are both correct.
order processing, after the finished goods
department has picked a customer's order 30. To provide an adequate separation of functions
according to a delivery document, the records in the accounts receivable business process,
which should be updated to reflect actual maintaining the subsidiary accounts receivable
quantities picked are found in the ledger should be the responsibility of
A) order database. A) billing.
B) credit files. B) accounts receivable.
C) master price list. C) cash receipts.
D) inventory database. D) general ledger.
25. What documents typically accompany the 31. To provide an adequate separation of functions
physical shipment of goods to a customer? in the accounts receivable business process,
A) The picking list and purchase order maintaining the accounts receivable control
account should be the responsibility of D) a journal voucher from cash receipts and a
A) billing. control total from accounts receivable.
B) accounts receivable.
C) cash receipts. 37. To control incoming cash from the mail and
D) general ledger. ensure an accurate accounting, the department
which should have complete control over the
32. A sales return occurs when a customer actually transaction is the
returns goods that have been shipped. The A) mailroom.
departments involved with processing this B) cash receipts.
transaction up to the point of issuing a credit C) accounts receivable.
memo are the D) No one department should have complete
A) shipping, receiving, and billing departments. control over incoming cash
B) receiving, billing, and accounts receivable
departments. 38. A turnaround document that is used to enhance
C) shipping, receiving, and credit departments. internal control and promote the accuracy of
D) receiving, credit, and billing departments. incoming cash receipts is the
A) journal voucher.
33. The Bad Luck Fortune Cookie Company has a B) remittance advice.
360-day past-due balance of $1,300.00. After C) bank deposit slip.
repeated attempts at collection, the account is D) remittance list.
deemed worthless. The departments involved
with processing this transaction up to the point 39. Using a lock-box system
of issuing an approved write-off memo are the A) expedites the cash flow for a company.
A) credit and accounts receivable departments. B) helps to reduce interest income lost due to
B) treasurer, billing, and accounts receivable delays in depositing out-of-state-checks.
departments. C) promotes the segregation of duties because a
C) credit, treasurer, accounts receivable, and third-party handles cash receipts.
internal audit departments. D) All of these answers are correct.
D) credit, treasurer, cash receipts, and internal
audit departments. 40. A company located in Delaware has customers
nationwide. The most effective system to deal
34. The business process used when there is an with the issue of float is to
existing customer account balance is A) use one lock-box collection system located in
A) accounts receivable. the Midwest.
B) cash-received-on-account. B) have customers send their remittances to the
C) cash sales. company's corporate office in Delaware.
D) aged trial balance. C) use several regional lock-box systems
located geographically around clusters of
35. In the cash-received-on-account process, the customers.
remittance list is used to post the D) factor its accounts receivable to a collection
A) cash receipts journal. agency.
B) accounts receivable ledger.
C) Answers A and B are both correct. 41. A significant difference between a cash sales
D) None of these answers is correct. business process and a cash-received-on-
account business process is that
36. The amount of cash receipts for August 12 is A) no previous customer account balance
$6,389.42. For general ledger to post this exists in a cash sales business process.
amount, it must receive B) the float is shorter in a cash-received-on-
A) a journal voucher from cash receipts. account business process.
B) the deposit slip from the bank for August 12 C) more direct supervision is required in a cash-
showing $6,389.42 as a deposit. received-on-account business process.
C) a control total from accounts receivable. D) There is no significant difference between
the two business processes.
42. A grocery store customer will be given a gallon 47. Effective internal control provides ________
of ice cream if his or her receipt has a red star assurance regarding the reliability of financial
stamped on it. The idea behind this technique reporting and the preparation of financial
from an accounting control standpoint is to statements for external purposes.
A) promote the dairy industry's "Got Milk" A) little
campaign. B) adequate
B) have the customer audit his or her cash C) total
receipt. D) reasonable
C) keep the customer happy.
D) Answers A and C are both correct. 48. Auditing standard No. 5 describes a ________
approach to selecting controls to be tested.
43. Which illustration is not an example of a A) hybrid
customer audit technique? B) bottom-up
A) Providing a customer with a remittance C) top-down
advice that must be returned with payment D) This standard does not discuss the selection
B) Pricing items at $1.00 rather than 99 cents of controls to be tested.
so the customer does not expect change
C) Entering the customer in a prize contest if he 49. Risk assessment should evaluate whether
or she calls a number and provides feedback controls sufficiently address identified risks of
about the purchase material misstatements due to fraud and
D) All of these answers are correct. A) controls specifically designed to prevent
fraud.
44. Which illustration is not an example of a B) controls intended to address the risk of
supervision technique? collusion.
A) Using professional shoppers in a retail C) controls intended to address the risk of
environment management override of these controls.
B) Using a test package for a bank teller or cash D) controls specifically designed to prevent
counter material misstatements.
C) Having a cash register make sound when it is
opened in the presence of a customer
D) All of these answers above are correct.
45. Sarbanes-Oxley Act of 2002 requires companies

maintain an adequate ________ structure over
the business processes that support financial
reporting.
A) risk assessment
B) internal control
C) assurance assessment
D) reliability process
46. The SEC Interpretive Guidance "Management's

Report on Internal Control Over Financial
Reporting" approved in 2007, focuses
management on internal controls that best
protect against risk of material ________ in
financial statements.
A) fraud
B) misstatements
C) negligence
D) mistakes

Ais Compilation

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ais Compilation

Uploaded by

Copyright:

Available Formats

CHAPTER 1 c. another word for information.

d. quantitative facts that are not

38. Data about all of the following facets of a

18. Which symbol would be used in a flowchart to

23. A sales order is 29. One process, which is transparent to customers

45. Sarbanes-Oxley Act of 2002 requires companies

46. The SEC Interpretive Guidance "Management's

You might also like