Combinepdf PDF

B1-1: Internal Control Framework
Study online at quizlet.com/_6ht2en
1. define internal controls process that is designed and 10. what are they relates to the effectiveness and
implemented by an operating efficiency of an entity's operations
organization's management, objectives?
BOD, and other employees to this includes financial and operational
provide reasonable assurance performance goals, as well as ensuring
that the org will achieve its that the assets of the organization are
Operating, Reporting, and adequately safeguarded against potential
Compliance objectives (ORC) losses
2. GAAS uses the terms major deficiency 11. what are pertain to the reliability, timeliness, and
"significant deficiency" reporting transparency of an entity's external and
and "material weakness", objectives? internal financial and NONfinancial
what term does the reporting as established by regulators,
COSO framework use? accounting std setters, or the firms
internal policies
3. how does management 1) Component evaluation
compile and document 2) Overall assessment 12. what are some 1) material omission or misstatement
the IC assessment? 3) Principal evaluation common risks 2) fraud
(COPS) 4) Summary of IC deficiencies (if identified when 3) management overrides
any) using the COSO 4) illegal acts
framework?
4. T/F - all 5 components True
and 17 principles that are 13. what are some 1) breakdown from errors or human
relevant must be both inherent failures
present and functioning limitations that 2) faulty or biased judgement
may exist even 3) issues relating to suitability
5. T/F - applying the COSO False. It only REDUCES assessed
in an effective 4) external events beyond control
IC frameowkr is intended risks to acceptable levels
IC system? 5) circumvention of controls through
to mitigate all risks
collusion
6. T/F - the COSO True 6) mtg override of IC
framework provides
14. what are the 3 1) Operating objectives
confidence to external
framework 2) Reporting objectives
stakeholders, that an org
objectives? 3) Compliance objectives
has a system of internal
control in place that is 15. what are the 3 1) the 3 categories of objectives
conducive to achieving its parts of the (operating, reporting, compliane - ORC)
objectives? COSO cube?
2) the 5 internal controls components
7. T/F - the five IC True
(control environment, risk assessment, info
components and the 17
and comm, monitoring activities, existing
principles are needed to
control activities - CRIME)
achieve the three
objectives of IC
3) entity's org structure (entity level,
8. T/F - the rules based False. It is the principles-based division, operating unit, and function)
approach of the approach that does this.
framework supports the
emphasis on the
importance of
management judgement
9. what are compliance established to ensure the entity is
objectives? adhering to all applicable laws
and regulations
16. what are the 5 1) Ethics - establishing standards of 21. what are the 1) Specify objectives - identification and
principles related conduct principles related assessment of risks
to control to risk
environment? 2) Board Independence - oversight assessment? 2) Assess and Identify changes - assess
(EBOCA) responsibilities (SAFR) changes in the external environment,
business model, and leadership
3) Organizational structure - establish
reporting lines, define, assign, and limit 3) Fraud potential - assess incentives,
authorities and responsibilities that are pressures, opportunities, attitudes, and
appropriate to orgs objectives rationalizations
4) Commitment to Competence - hire, 4) Risk identification and analysis - how

develop, and retrain competent risks should be managed
employees
22. What does an -more than adherence to policies and
effective system procedures
5) Accountability - establish
of internal control -use of judgement in determining the
performance measures, incentives, and
require? sufficiency of controls, applying proper
rewards
controls, and in assessing the
17. what are the five 1) Control Environment effectiveness of the system of internal
components of 2) Risk Assessment controls
internal control? 3) Info/Communication
23. what does it mean it means they are currently operating as
(CRIME) 4) Monitoring Activities
for a component designed in the IC system
5) Existing Control Activities
and/or principle to
18. what are the 1) Control activities selection and be functioning?
principles related development
24. what does it mean it means they are included in the design
to existing control
for a component and implementation of the IC system
activities? (CA T P) 2) Technology controls selection and
and/or principle to
development
be present?
3) Policy and procedure deployment 25. What does the assists organizations in developing
COSO internal comprehensive assessments of internal
19. what are the 1) Obtain and use info - generates and
control - control effectiveness
principles related uses high quality info
integrated
to information and
framework do?
communication? 2) Internally communicate info -
(OIE) up/down/across the org 26. what is a major a material internal control deficiency, or
deficiency? combination of deficiencies, that
3) External party communication - significantly reduces the likelihood that
two-way external communication an org can achieve its objectives
20. what are the 1) Separate and/or Ongoing evals - 27. What is COSO? Committee of Sponsoring
principles related ascertain whether the components of Organizations
to monitoring internal control are present and
activities? (SO D) functioning It is an independent private sector
initiative, set forth to study the factors
2) Deficiency communication - do so in that lead to fraudulent financial
a timely manner reporting
28. What is the core 17 principles (EBOCA, SAFR, OIE, SO D,
of the framework? CA T P) within 5 major internal control
components (CRIME)
29. what may an entity NOT It may not conclude that it has met the requirements for an effective internal control system under
conclude if it identifies a the COSO framework
major deficiency?
30. who is the COSO framework company management and its BOD to obtain an initial understanding of what constitutes an
used by? effective system of internal control and to provide insight as to when internal controls are being
properly applied within the org
Internal Control Framework
Study online at quizlet.com/_4t1sm8
1. Differentiate the The five components of the COSO 5. What are the components of the 1.- Control
COSO framework framework are useful for identifying Committee of Sponsoring Organizations' Environment
from the Audit and evaluating the effectiveness of (COSO) Internal Control Integrated 2.- Risk
framework an entity's internal control. Framework? Assessment
CRIME 3.- Information
In contrast, the Audit framework and
focuses on how given control Communications
prevents or detects and corrects 4.- Monitoring
material misstatements in an entity's 5.- Existing
financial reporting. Control
Activities
2. How does the An effective system of internal
principles-based control requires the use of judgment 6. What are the five principles associate 1.- Commitment
approach support an in determining the sufficiency of with control environment component of to ethics and
effective system of controls, applying the proper the Committee of Sponsoring integrity
internal control controls. and assessing the Organizations' (COSO) Internal Control 2.- Board
under the COSO effectiveness of the system of Integrated Framework? independence
framework? internal controls. and oversight
3.-
The principle-based approach of the Organizational
COSO framework emphasized the structure
importance of management 4.- commitment
judgment. to competence
5.-
3. Identify some The following inherent limitations
Accountability
inherent limitations may still exist with an effective
that may exist even internal control system: 7. What are the four principles associated 1.- Specify
with an effective with the risk assessment component of Objectives
internal control * Breakdowns in internal control due the Committee of Sponsoring 2.- Identify and
system to error or human failure Organizations' (COSO) Internal Control analyze risk
* Issues pertaining to the suitability of Integrated Framework? 3.- Consider
the entity's objectives potential for
* External events beyond the control fraud
of the entity 4.- Identify and
* Faulty or biased judgment in assess changes
decision-making
8. What are the three principles associated 1.- Select and
* Management override of controls
with the (existing) control activities develop control
* Circumvention of controls though
component of the Committee of activities
collusion
Sponsoring Organizations' (COSO) 2.- Select and
4. Name and describe The three framework objectives Internal Control Integrated Framework? develop
the three objective withing COSO are: technology
withing the COSO * Operating objectives pertain to the controls
framework effectiveness and efficiency of the 3. Deploy
entity's operations. though policies
* Reporting objectives pertain to the and
reliability, timeliness and prodcedures
transparency of an entity's reporting.
9. What are the two principles associated 1.- Ongoing and
* Compliance objective are
with the monitoring component of the Separate
necessary to ensure the entity is
Committee of Sponsoring Organizations' Evaluations
adhering to all laws and regulations
(COSO) Internal Control Integrated 2.-
Framework? Communications
of Deficiencies
10. What constitutes ineffective internal If a major deficiency is identified related to the presence and functioning of a component
control under COSO framework? or relevant principle, or with respect to the components operating together in an
integrated manner, the entity may not conclude that it has an effective internal control
system in place under the COSO framework
11. What is necessary for the five In order to have an effective internal control environment for an entity, the five
components of the COSO framework to components and 17 related principles must be both present and functioning.
create an effective internal control
environment for an entity? Additionally, the five components must operate together as an integrated system, to
reduce the risk to an acceptable level that the entity will not achieve its objectives.
12. What is the purpose of the COSO cube? The COSO cube Shows a graphical three-dimensional depiction of the relationship
between and entity's three objective, its five integrated control components, and the
entity's organizational structure.
Internal Control of the COSO Framework
Study online at quizlet.com/_r4bnv
1. The 5 elements 1. Control Environment 19. Controls ________ vary and are affected by the level of
of internal 2. Risk Assessment personnel exercising the control, the extent
control of the 3. Control Activities of automation for the activity, the
COSO 4. Information and Communication information system in place, and the
Framework 5. Monitoring subjectivity of the risk condition being
monitored.
2. Committee of Committee of Sponsoring Organizations
Organized of the Treadway Commission 20. Information Important _____________ is identified, captured
Societies. and and made available to the proper persons
Communication in the organization. Effective _______________
3. Control If management feels that it is cost
ensures that all parties understand their
Activities effective to attempt to reduce a risk, then
role in the system, and that problems are
_____________ are performed to reduce the risk
brought to the attention of the proper level
in question.
of the organization for corrective action.
4. Control Processing controls
21. Information Record events and transactions
Activities
and
5. Control Performance reviews Communication
Activities
22. Information Summarize and classify events and
6. Control Process Controls at the process level and transactions
Activities (Line Management set for a particular Communication
(physical process)
23. Information Define classes of transactions and events
control)
and to be captured
7. Control Management Controls over processes Communication
Activities (Executive level and applies across
24. Information Reporting (financial statements and other)
(physical processes)
and
control)
Communication
8. Control It impacts how authority is granted and
25. Information Initiate events and transactions
Environment responsibilities are assigned
and
9. Control Management Control Methods Communication
Environment
26. Monitoring is the process used by the organization to
10. Control The ______________ is the foundation of internal track the effectiveness and efficiency of
Environment control and refers to the organization's internal control.
integrity, attitudes towards ethical
27. Monitoring Real time monitoring of ongoing activities
dealings and general competence.
Activities
11. Control External Constraints
28. Monitoring Periodic performance evaluations
Environment
Activities
12. Control Internal auditing
29. Monitoring Periodic process reviews
Environment
Activities
13. Control Personnel policies
30. Monitoring Performance of internal auditors
Environment
Activities
14. Control Proper lines of communication,
31. Monitoring Attitudes and competence of senior
Environment authorization and responsibility
Activities management and the Board
15. Control Board Committees
32. Risk Ex: Rapid growth
Environment
Assessment
16. Control Corporate governance
33. Risk Accounting changes
Environment
Assessment
17. Control Organizational structure
34. Risk Corporate restructuring
Environment
Assessment
18. Control Ex: Management philosophy and
Environment operating style
35. Risk Assessment Changes in product lines or operations
36. Risk Assessment Ex: New technology
37. Risk Assessment Changes in personnel
38. Risk Assessment Changes in the Environment
39. Risk Assessment Management is responsible for establishing a set of procedures to identify, analyze and manage risks
40. Risk Assessment Ex: Changes in information systems
41. True T/F: The most important aspects of the control environment are management's attitude and incentives.
Audit Test 5
Study online at quizlet.com/_44yxz3
1. 1. A(n) ____ is a declaration about whether the subject matter is presented in accordance with certain criteria. assertion ...
2. Practitioners report either on the ______ about the subject matter or the subject matter itself. assertion
3. SSARS reviews are performed on clients that ______ an annual audit. do not need
4. Public company guidance comes from the ________. PCAOB
5. Nonpublic companies that are audited may also want interim reviews. Auditors must then follow _______. the ASB standards
2. The accountant's standard report for a compilation service would not include a statement that: ...
Multiple Choice
a compilation service has been performed in accordance with standards established by the AICPA.
financial statement information is the representation of the owners of the business.
compilation service consists primarily of inquiries of company personnel and analytical procedures applied to financial data.
financial statements have not been audited or reviewed and the accountant does not express an opinion or any other form
of assurance
3. Auditors can gain sufficient understanding of the internal controls at a service organization by: c
Multiple Choice
reviewing the contract with the service organization.
inquiry with management of the service organization.
reviewing a report on internal controls provided by the service organization's auditors.
sending a confirmation concerning internal controls to the service organization's auditors.

4. A group of investors sued Anderson, Olds, and Watershed, CPAs (AOW) for alleged damages suffered when the entity in c
which they held common stock went bankrupt. To avoid liability under the common law, AOW must demonstrate which of the
following?
Multiple Choice
The investors relied on the financial statements audited by AOW.

The investors actually suffered a loss.
The audit was conducted in accordance with generally accepted auditing standards and with due professional care.
The investors' loss was a direct result of their reliance on the audited financial statements.
5. Hamell Corporation is making a presentation to a prospective investor. The presentation includes a projection showing that c
the company's sales will be between $25,000,000 and $27,000,000 within the next three years. Hamell believes the
information will be better received if its CPA provides an attestation report on the projection. In order to provide such a
report the CPA must do all of the following EXCEPT:
Multiple Choice
obtain knowledge about the client's business.
evaluate the assumptions used in preparing the projection.
confirm expected sales with customers.
identify key factors affecting the information.

6. If a nonissuer wants an accountant to perform an examination of its D
internal controls, the accountant should follow:
Multiple Choice
PCAOB AS 2201, "An Audit of Internal Control over Financial

Reporting That Is Integrated with an Audit of Financial Statements."
FASB Concepts Statement No. 1, "Objectives of Financial Reporting
by Business Enterprises."
AICPA AU 315, "Understanding the Entity and Its Environment and
Assessing the Risks of Material Misstatement."
AICPA AT 501, "An Examination of an Entity's Internal Control over
Financial Reporting That Is Integrated with an Audit of Its Financial
Statements."
7. Item 2 c
Item 2 0.6 points
Extensible Business Reporting Language (XBRL) provides a

computer readable identifying tag for each individual item of data.
The advantages of XBRL include all of the following except:
Multiple Choice
increases the speed of handling of financial data.
reduces the chance of error.
improves the full disclosure of financial information.
permits automatic checking of information.

8. Item 2 b A tort is a lawsuit filed by the plaintiff who believes that
Item 2 1 points they have suffered damage due to another party's failure to
exercise the appropriate level of professional care.
Individuals who believe they relied on misstated financial
statements to make a decision and have suffered losses as a result
will issue an action known as a
Multiple Choice
Breach of contract.
Tort.
Constructive fraud.
Securities litigation.
9. Item 3 c
Item 3 0.6 points
The accountant's standard report for a compilation service would not include a statement that:
Multiple Choice
a compilation service has been performed in accordance with standards established by the AICPA.
financial statement information is the representation of the owners of the business.
compilation service consists primarily of inquiries of company personnel and analytical procedures applied to
financial statements have not been audited or reviewed and the accountant does not express an opinion or any other form
of assurance.
10. Item 4 b
Item 4 0.6 points
Shelly's Bank has loaned money to Pete's Auto Supply. The loan is collateralized by inventory. The loan also requires a CPA
to observe the count of the inventory and trace sampled items to the vendor invoices in order to determine the value of
inventory is not misstated. This service would be:
Multiple Choice
an assurance service engagement.
an attestation engagement.
a review engagement.
a compilation engagement.
11. Item 5 c
Item 5 0.6 points
Which of the following procedures would not be performed in a review of financial statements of a nonpublic company?
Multiple Choice
Inquire about the accounting system and bookkeeping procedures.
Perform analytical procedures to identify relationships and individual items that appear to be unusual.
Obtain an attorney's letter regarding litigation and unasserted claims.
Study the financial statements for indications that they conform to generally accepted accounting principles.
12. Item 6 B
Item 6 0.6 points
In an agreed-upon procedures engagement, an accountant:
Multiple Choice
follows all of the fundamental principles of GAAS.
restricts the report to specified users.
includes negative assurance in the report.
gives a qualified audit report.

13. Item 8 a
Item 8 0.6 points
Which of the following best describes an engagement to report on an entity's internal control over financial reporting for a
nonpublic company?
Multiple Choice
An attestation engagement to examine and report on management's written assertions about the effectiveness of its
internal control structure.
An audit engagement to render an opinion on the entity's internal control structure.
A prospective engagement to project, for a period of time not to exceed one year, and report on the expected benefits of
the entity's internal control structure.
A consulting engagement to provide constructive advice to the entity on its internal control structure.
14. Item 9 c
Item 9 0.6 points
When providing limited assurance that the reviewed financial statements of a nonpublic entity require no material
modifications to be in accordance with generally accepted accounting principles, the accountant should:
Multiple Choice
assess the risk that a material misstatement could occur in a financial statement assertion.
confirm with the entity's lawyer that material loss contingencies are disclosed.
understand the accounting principles of the industry in which the entity operates.
develop audit plans to determine whether the entity's financial statements are fairly presented.
15. Item 10 c
Item 10 0.6 points
Compiled financial statements of a nonpublic entity should be accompanied by a report stating that:
Multiple Choice
the scope of the accountant's procedures has not been restricted in testing the financial information that is the
representation of management.
the accountant assessed the accounting principles used and significant estimates made by management.
the accountant does not express an opinion or any other form of assurance on the financial statements.
a compilation consists primarily of inquiries of entity personnel and analytical procedures applied to financial data.
16. Item 12 c
Item 12 0.6 points
An accountant's report includes the phrase "We are not aware". This phrase indicates:
Multiple Choice
an attestation was not performed.
management had not established sufficient criteria for an opinion to be issued.
the auditor is providing negative assurance.
a disclaimer of opinion is presented.

17. Item 13 b
Item 13 1 points
When investors sue auditors for damages under section 11 of the Securities Act of 1933, they must allege and prove
Multiple Choice
They relied on the materially misstated financial statements.

The audited financial statements contained a material misstatement.
Their reliance on the materially misstated financial statements was the direct cause of their loss.
Scienter on the part of auditors.
18. Item 14 a
Item 14 1 points
Locke, CPA, was engaged by Hall Inc. to audit Willow Company. Hall purchased Willow after receiving Willow's audited
financial statements, which included Locke's unmodified auditors' opinion. Locke was negligent in the performance of the
Willow audit engagement; this negligence was caused by failure to perform the engagement in accordance with terms of
the engagement letter. As a result of Locke's negligence, Hall suffered damages of $75,000. Hall appears to have grounds
to sue Locke for
Breach of Contract Negligence

a. Yes Yes
b. Yes No
c. No Yes
d. No No
Multiple Choice
Option a
Option b
Option c
Option d
19. Item 15 d
Item 15 1 points
An investor seeking to recover stock market losses from a CPA firm associated with an initial offering of securities based on
an unmodified opinion on financial statements that accompanied a registration statement, must establish that
Multiple Choice
The investor relied on the financial statements.

The CPA firm would have discovered the false statement or omission if it had exercised due care in its examination.
The CPA firm did not act in good faith.
The audited financial statements contain a false statement or omission of material fact.
20. Item 19 c
Item 19 0.6 points
An accountant may allow general distribution of reports based on
Multiple Choice
An agreed-upon-procedures engagement.
An examination of prospective financial information.
An examination of forecasted financial information.
None of the choices are correct.
21. A lack of reasonable care that may be characterized by the failure of auditors to follow GAAS in the conduct of the audit is D
known as
Multiple Choice
Constructive fraud.
Gross negligence.
Fraud.
Ordinary negligence.
22. The performance of an attestation engagement on prospective financial information does not require which of the A
following?
Multiple Choice
Management must disclose the probability of obtaining the results included in the prospective financial information.
If the basis of the prospective financial information is different than the financial statements, a reconciliation of the two
must be provided.
Management must disclose significant accounting policies and procedures used in generating the prospective financial
information.
Management must disclose all significant assumptions used in generating the prospective financial information.
23. The phrase "Trust services" refers to: A
Multiple Choice
WebTrust and SysTrust Services.
XBRL and SysTrust Services.
WebTrust and XBRL Services.
all AICPA designated assurance services.

24. Professional services resulting in a report on subject matter or a claim about subject matter that is the responsibility of ...
another party.attestation
Correct
Professional services aimed at improving the quality of information both financial and non-financial for decision makers.
assurance services
Correct
A service whereby the practitioner assists in assembling financial information and issues a report providing no assurance.
compilation
An engagement whereby a practitioner provides limited assurance about financial information. assurance services
An entity that provides a service to another company regarding the processing of transactions or information. service
organization
A service whereby the practitioner assists in assembling financial information, but issues no report. Preparation of financial
statements
25. A public entity subject to the periodic reporting requirements of the d
Securities Exchange Act of 1934 must file an annual report with the SEC
known as the
Multiple Choice
Regulation S-X.
Form 8-K.
Form 10-Q.
Form 10-K.
26. report on sustainability, as defined by the AICPA, might include all of the D
following except
Multiple Choice
economic viability.
social responsibility.
environmental responsibility.
internal control over financial reporting.

27. The Securities Act of 1933 and Securities Exchange Act of 1934 contain A Both laws contain both civil and criminal
liability sections
Multiple Choice
Both civil liability provisions applicable to auditors and criminal liability

provisions applicable to auditors.
Criminal liability provisions applicable to auditors.
Neither civil liability provisions applicable to auditors nor criminal liability
provisions applicable to auditors.
Civil liability provisions applicable to auditors.
28. To perform an attestation engagement on prospective information or pro A
forma information, accountants must do all of the following except
Multiple Choice
Understand the internal controls used in the processes that generated the
information.
Evaluate the assumptions used to prepare the information.
Obtain an understanding of the process through which the information was
developed.
Obtain knowledge about the entity's business and accounting principles.
29. Under the Securities Exchange Act of 1934, entities are required to report to b Information related to auditor changes is one of
the public about changing auditors on the "special events" entities must report on Form 8-
K.
Multiple Choice
Form 10-Q.
Form 8-K.
Form 10-K.
Form S-1.
30. When accountants agree to perform a compilation or review of unaudited financial statements, the best way to avoid b
client's misunderstanding the nature of the work is to describe it completely in
Multiple Choice
A report to the clients' board of directors at the close of the engagement.

An engagement letter.
The auditors' opinion.
A management letter to the board of directors' audit committee.
31. When accountants are not independent, which of the following reports can they nevertheless issue? D
Multiple Choice
Examination report on a forecast.

Standard unmodified audit report.
Examination of internal control over financial reporting.
Compilation report.
32. When a client sues an accountant for failure to perform consulting work properly, the accountants' best defense is a
probably based on the doctrine of
Multiple Choice
Contributory negligence on the part of the client.

Lack of privity of contract.
No negligence on the part of the consultant.
Lack of any measurable dollar amount of damages.
33. When a company uses a service organization to prepare its payroll, the company's auditors: b
Multiple Choice
have no obligation concerning the internal controls at the service organization.
need to understand the internal controls over the transaction regardless of the location of the control.
must audit the internal controls at the service organization.
should include the audit report of the service company's auditors with their auditors' report.
34. When an accountant is engaged to compile a nonpublic entity's financial statements that omit substantially all disclosures A
required by GAAP, the accountant should indicate in the compilation report that the financial statements:
Multiple Choice
might influence users' conclusions about the business, if the disclosures were included.
are prepared in conformity with a comprehensive basis of accounting other than GAAP.
are not compiled in accordance with Statements on Standards for Accounting and Review Services.
are special-purpose financial statements that are not comparable to those of prior periods.
35. When an entity registers a security offering under the c
Securities Act of 1933, the law provides an investor
Multiple Choice
An SEC guarantee that the information in the registration

statement is true.
Inside information about the entity's trade secrets.
Financial information examined by independent auditors
Insurance against loss from the investment.
36. Which of the following best describes an engagement to ...
report on an entity's internal control over financial reporting
for a nonpublic company?
Multiple Choice
An attestation engagement to examine and report on

management's written assertions about the effectiveness of
its internal control structure.
An audit engagement to render an opinion on the entity's

internal control structure.
A prospective engagement to project, for a period of time

not to exceed one year, and report on the expected benefits
of the entity's internal control structure.
A consulting engagement to provide constructive advice to

the entity on its internal control structure.
37. Which of the following statements regarding auditors' liability b Third parties are only required to demonstrate that the financial
under the Securities Act of 1933 is not true? statements are materially misstated; they are not required to
demonstrate reliance on these financial statements.
Multiple Choice
The act relates to the initial issuance of securities to the

public, normally through an initial public offering.
Third parties must demonstrate that they relied on misstated
financial statements that were examined by auditors.
Auditors may be liable if they are found to have engaged in
ordinary negligence.
Auditors' liability arises because of audited financial
information filed with the SEC.
38. Which of the following third parties is known by name to a Primary beneficiaries are known by name to auditors and, in
auditors as the audit is conducted? some cases, are specifically identified in the contract (engagement
letter).
Multiple Choice
Primary beneficiary.
General third party.
Foreseen third party.
Foreseeable third party.
39. Which of the following would be the auditors' most likely defense in b
an action brought under the Securities Exchange Act of 1934?
These are appropriate defenses under the Securities
Multiple Choice Exchange Act of 1934 and demonstrate lack of scienter.
The investor did not suffer a loss based on the materially misstated
financial statements.
The auditors acted in good faith and were not aware of the materially
misstated financial statements.
The investor did not have privity with auditors.
The financial statements were not filed with the Securities and
Exchange Commission.
auditing chapter 1
Study online at quizlet.com/_214dam
1. According to AU-C 200, Overall Should. 9. Assurance services differ from Assurance services
Objectives of the Independent Auditor consulting services because usually involve
and the Conduct of an Audit in situations in which
Accordance with Generally Accepted one party wants to
Auditing Standards, "presumptively monitor another and
mandatory requirements" in the auditing focus on improving
standards use which word? information.
2. According to PCAOB quality control The 10. Assurance services differ from Focus on Providing
standards applying to an audit, the documentation. consulting services in that they Advice: NO
engagement quality reviewer evaluates
Involve Monitoring of
3. According to PCAOB quality control Must be an
One Party by
standards applying to audits, the associated
Another: YES
engagement quality reviewer most person of a
likely registered public 11. An attest engagement is one in Issue an examination,
accounting firm. which a CPA is engaged to a review, or an
agreed-upon
4. According to the AICPA, the CPA Confidentiality:
procedures report on
WebTrust seal may relate to the YES
subject matter, or an
principles and criteria of Availability: YES
assertion about
Internal Controls:
subject matter that is
NO
the responsibility of
5. The AICPA assurance service, called CPA An evaluation of another party.
Performance Review, attempts to whether an entity
12. Auditing Interpretations are issued Not auditing
provide users with has reliable
by the Audit Issues Task Force of standards.
measures of
the Auditing Standards Board (ASB)
performance
to provide timely guidance on the
beyond the
application of pronouncements of
traditional
the ASB. They are
financial
statements. 13. An audit of the financial statements Express an opinion as
of Camden Corporation is being to the fairness of
6. The AICPA committee on assurance Reporting
conducted by an external auditor. Camden's financial
services has identified a professional whether specified
The external auditor is expected to statements.
service called ElderCare (PrimePlus) objectives are
services. One fundamental purpose of being met by 14. An auditor must obtain professional Exercise professional
this assurance service is to assist the caregivers. experience primarily to judgment.
elderly and their families by
15. An auditor observes the mailing of Classification and
7. All of the following are audit quality The audit report monthly statements to a client's Understandability:
control requirements contained in the must be customers and reviews evidence of NO
Sarbanes-Oxley Act of 2002 except submitted to the follow-up on errors reported by the
Public Company customers. This test of controls Existence: YES
Accounting most likely is performed to support
Oversight Board management's financial statement
prior to issuance. assertion(s) of
8. Assurance services are best described Independent
as professional
services that
improve the
quality of
information, or its
context, for
decision makers.
16. The auditor with final responsibility for Document the 23. A CPA firm would best provide itself Maintaining a
an engagement and one of the details of the reasonable assurance of meeting its comprehensive
assistants have a difference of opinion disagreement responsibility to offer professional system of quality
about the results of an auditing with the services that conform with control that is
procedure. If the assistant believes it is conclusion professional standards by suitably designed
necessary to be disassociated from the reached. in relation to its
matter's resolution, the CPA firm's organizational
procedures should enable the assistant structure.
to
24. A CPA in public practice is required to Advising a client
17. The audit work performed by each Results are comply with the provisions of the regarding the
assistant should be reviewed to consistent with Statements on Standards for selection of
determine whether it was adequately the conclusions Accounting and Review Services when computer
performed and to evaluate whether the to be presented software: NO
in the auditor's
report. Advocating a
client's position
18. The authoritative body designated to Accounting and
before the IRS: NO
promulgate standards concerning an Review Services
accountant's association with unaudited Committee. 25. A CPA in public practice is required to Testifying as an
financial statements of an entity that is comply with the provisions of the expert witness in
not required to file financial statements Statements on Standards for accounting and
with an agency regulating the issuance Attestation Engagements (SSAEs) auditing matters
of the entity's securities is the when given stipulated
facts: NO
19. The client of the practitioner providing the elderly
ElderCare (PrimePlus) services may be person: yes
Examining a
the elderly
client's financial
person's
projection that
attorney: yes
presents a
a family member:
hypothetical
yes
course of action:
20. A CPA firm is reasonably assured of Having an YES
meeting its responsibility to provide appropriate
26. A CPA is engaged to examine Statements on
services that conform with professional system of quality
management's assertion that the Standards for
standards by control.
entity's schedule of investment returns Attestation
21. A CPA firm should establish procedures Reviewing is presented in accordance with Engagements
for conducting and supervising work at documentation specific criteria. In performing this (SSAEs).
all organizational levels to provide of the work engagement, the CPA should comply
reasonable assurance that the work performed and with the provisions of
performed meets the firm's standards of reports issued.
27. A CPA is required to comply with the Assisting in
quality. To achieve this goal, the firm
provisions of Statements on Standards Adjusting the
most likely would establish procedures
for Accounting and Review Services Books of Account:
for
(SSARSs) when NO
22. A CPA firm's quality control procedures Consideration of
pertaining to the acceptance of a the business Consulting on
prospective audit client would most reputation of the Accounting
likely include client's principal Matters: NO
owners, key
management,
related parties,
and those
charged with
governance.
28. A CPA is required to comply with the Review 35. A financial forecast consists of Is based on assumptions
provisions of Statements on Standards for management's prospective financial statements reflecting conditions
Attestation Engagements (SSAE) when discussion that present an entity's expected to exist and
engaged to and analysis expected financial position, courses of action
(MD&A) results of operations, and cash expected to be taken.
prepared flows. A forecast
pursuant to
36. A financial statement audit is Obtain reasonable
rules and
designed to assurance about whether
regulations
the financial statements
adopted by
are free of material
the SEC.
misstatement, whether
29. A CPA is required to comply with the Provide due to fraud or error.
provisions of Statements on Standards for assurance on
37. In an engagement to examine The risk that material
Attestation Engagements when engaged investment
management's discussion and misstatements in the
to performance
analysis (MD&A), which of the MD&A presentation will
statistics
following best defines control not be prevented in a
prepared by
risk? timely manner.
an investment
company on 38. The in-charge auditor for an How the results of
established audit of an issuer most likely has various auditing
criteria. a supervisory responsibility to procedures performed
explain to the staff assistants by the assistants should
30. A difference of opinion concerning Expanded to
be evaluated.
accounting and auditing matters relative to detail the
a particular phase of the audit arises assistant 39. In connection with the element Participate in
between an assistant auditor and the auditor's of human resources, a CPA firm's professional
auditor responsible for the engagement. position and system of quality control should development activities
After appropriate consultation, the how the ordinarily provide that all that enable them to
assistant auditor asks to be dissociated difference of personnel fulfill responsibilities
from the resolution of the matter. The audit opinion was assigned.
documentation would probably be resolved. 40. In connection with the element Documentation to
31. During the course of an audit, an auditor An of monitoring, a CPA firm's demonstrate compliance
required additional research and appropriate system of quality control with its policies and
consultation with others. This additional part of the ordinarily should provide for the procedures.
research and consultation is considered to professional maintenance of
be conduct of 41. Independent auditing can best A discipline that
the be described as enhances the degree of
engagement. confidence that users
32. Engagement letters for ElderCare Be tailored to can place in financial
(PrimePlus) services should fit each statements.
situation. 42. An independent auditor must The ability to exercise
33. An entity engaged a CPA to determine Statements on have which of the following? sound professional
whether the client's web sites comply with Standards for judgment.
defined WebTrust principles and criteria. In Attestation 43. Independent CPAs perform A discipline that attests
performing this engagement, the CPA Engagements. audits on the financial to financial information
should apply the provisions of statements of issuers. This type presented by
34. The examination report issued under the The CPA's of auditing can best be management.
WebTrust service includes all of the opinion on described as
following except the value of 44. In performing an attest Expresses a conclusion
the products engagement, a CPA typically about a written
offered at the assertion.
web site.
45. In pursuing a CPA firm's quality control Relevant 53. One purpose of establishing quality Provide
objectives, a CPA firm may maintain ethical control policies and procedures for reasonable
records indicating which partners or requirements. deciding whether to accept new clients is assurance that
employees of the CPA firm were to the firm has
previously employed by the CPA firm's the resources
clients. Which quality control element is to undertake
this procedure most likely to satisfy? new
engagements.
46. In testing the existence assertion for an Accounting
asset, an auditor ordinarily works from the records to the 54. The party responsible for assumptions The client's
supporting identified in the preparation of management.
evidence. prospective financial statements is usually
47. The nature and extent of a CPA firm's The CPA Firm's 55. Personal financial planning services Assisting the
quality control policies and procedures Size: YES include those that are limited to client to act
depend on on personal
The Nature of financial
the CPA Firm's planning
Practice: YES decisions.
56. A practitioner is engaged to express an Statements on
Cost-Benefit
opinion on management's assertion that Standards for
Considerations:
the square footage of a warehouse offered Attestation
YES
for sale is 150,000 square feet. The Engagements.
48. North Co., a nonissuer, asked its tax Statements on practitioner should refer to which of the
accountant, King, a CPA in public practice, Standards for following sources for professional
to generate North's interim financial Accounting guidance?
statements on King's personal computer and Review
57. The primary reason for an audit by an Provide
when King prepared North's quarterly tax Services.
independent, external audit firm is to increased
return. King should not submit these
assurance to
financial statements to North unless, as a
users as to the
minimum, King complies with the
fairness of the
provisions of
financial
49. Notes that are included with financial Company's statements.
statements are the responsibility of the management.
58. The purpose of establishing quality control Minimize the
50. The objective of assurance services is to Enhance policies and procedures for deciding likelihood of
decision whether to accept or continue a client associating
making. relationship is to with clients
whose
51. One of a CPA firm's basic objectives is to A system of
management
provide professional services that quality control.
lacks integrity.
conform with professional standards.
Reasonable assurance of achieving this 59. Quality control for a CPA firm, as referred Auditing and
basic objective is provided through to in Statements on Quality Control accounting
Standards (SQCS), applies to and review
52. One purpose of establishing quality Provide
services.
control policies and procedures for reasonable
deciding whether to accept a new client assurance that 60. Quality control policies and procedures Monitoring.
is to the integrity of should be relevant, adequate, effective,
the client is and complied with. This statement is most
considered. closely associated with the quality control
element of
61. The Sarbanes-Oxley Act limits the Tax 71. Which of the following actions Establish policies to
nonaudit services that an audit firm can compliance should a CPA firm take to comply ensure that the audit
provide to issuer audit clients. Which of the services. with the AICPA's quality control work meets applicable
following services is still an allowable standards? professional standards.
service that an auditor may provide to an
72. Which of the following are Human Resources: YES
issuer client?
elements of a CPA firm's quality Monitoring: YES
62. The SEC has strengthened auditor Report the control that should be considered Engagement
independence by requiring that nature of in establishing its quality control Performance: YES
management disagreements policies and procedures?
with former
73. Which of the following assertions Completeness.
auditors.
would not be tested when
63. The securities of Donley Corporation are Investors in performing the SysTrust assurance
listed on a regional stock exchange and Donley service?
registered with the SEC. The management securities.
74. Which of the following best Having an attitude that
of Donley engages a CPA to perform an
characterizes an auditor's exercise includes a questioning
independent audit of Donley's financial
of professional skepticism? mind.
statements. The primary objective of this
audit is to provide assurance to the 75. Which of the following best The company
describes the reason an preparing the
64. SysTrust is an assurance service designed Increase the
independent auditor reports on statements and the
to comfort of
financial statements? persons using the
management
statements may have
and other
different interests.
stakeholders
relative to an 76. Which of the following A list of the
information components is appropriate in a procedures performed,
system. practitioner's report on the results as agreed to by the
of applying agreed-upon specified parties
65. Under the assurance service WebTrust, the Online
procedures? identified in the report.
broad principles relating to websites are privacy.
security, availability, confidentiality, 77. Which of the following is a The attestation
processing integrity, and conceptual difference between standards provide a
the attestation standards and framework for the
66. Users of an issuer's financial statements Management
generally accepted auditing attest function beyond
demand independent audits because may not be
standards? historical financial
objective in
statements.
reporting.
78. Which of the following is a false The relationship
67. A WebTrust engagement on processing Written
statement about the relationship between financial
integrity requires from client management assertion.
of financial statement assertions statement assertions
a
and audit procedures? and audit procedures
68. WebTrust is an example of a(n) Assurance should be one-to-one.
service.
79. Which of the following is a The entity holds or
69. WebTrust requires from client management Written management assertion regarding controls the rights to
a assertion. account balances at the period assets, and liabilities
end? are obligations of the
70. When a PCAOB auditing standard indicates By exercising
entity.
that an auditor "could" perform a specific professional
procedure, how should the auditor decide judgment in 80. Which of the following is an Engagement
whether and how to perform the the element of a CPA firm's quality performance.
procedure? circumstances. control policies and procedures
applicable to the firm's accounting
and auditing practice?
81. Which of the following is an element Managing human 90. Which of the following An engagement to report on
of a CPA firm's quality control system resources. professional services is compliance with statutory
that should be considered in considered an attest requirements.
establishing its quality control policies engagement?
and procedures?
91. Which of the following Preparing the income
82. Which of the following is an important The procedures to professional services would statement and balance sheet
consideration when deciding the be applied on a be considered an attestation for one year in the future
nature of tests to use in a financial particular engagement? based on client expectations
statement audit? engagement are a and predictions.
matter of the
92. Which of the following Prior experience.
auditor's
qualifications is least likely
professional
required to provide CPA
judgment.
ElderCare (PrimePlus)
83. Which of the following is a CPA SysTrust. services?
professional engagement that a CPA
93. Which of the following Compilations but not
may perform to provide assurance on
services, if any, may an reviews.
a system's reliability?
accountant who is not
84. Which of the following is a term for an WebTrust. independent provide?
attest engagement in which a CPA
94. Which of the following i. Analysis of the client's
assesses a client's commercial
services may a CPA perform accounting system
Internet site for compliance with
in carrying out a consulting ii. Review of the client's
principles, such as online privacy,
service for a client? prepared business plan
security, and confidentiality?
iii. Preparation of information
85. Which of the following is not an A sufficient for obtaining financing
attestation standard? understanding of
internal control i, ii, and iii
shall be obtained
95. Which of the following They are generally accepted
to plan the
statements best describes auditing standards.
engagement.
the primary purpose of
86. Which of the following is true Financial oriented Statements on Auditing
regarding CPA training for ElderCare support staff may Standards (SASs)?
(PrimePlus) services? not require specific
96. Which of the following A high, but not absolute,
ElderCare
statements correctly defines level of assurance to allow
(PrimePlus)
the term "reasonable an auditor to detect a
training.
assurance"? material misstatement.
87. Which of the following is true SysTrust reports
97. Which of the following An auditor may draft an
regarding the SysTrust assurance are always based
statements is true entity's financial statements
service? on a period of
concerning an auditor's based on information from
time, not a
responsibilities regarding management's accounting
particular moment
financial statements? system.
in time.
98. Which of the following An auditor's responsibilities
88. Which of the following presents what Pro forma financial
statements is true for audited financial
the effects on historical financial data information.
concerning an auditor's statements are confined to
might have been if a consummated
responsibilities regarding the expression of the
transaction had occurred at an earlier
financial statements? auditor's opinion.
date?
99. Who establishes generally Auditing Standards Board
89. Which of the following procedures Examination of
accepted auditing and the Public Company
would be most effective in reducing evidence.
standards? Accounting Oversight Board.
attestation risk?
100. Williams & Co. is a medium-sized CPA firm enrolled in the Private Companies Practice Another CPA firm.
Section (PCPS). The firm is to have a peer review under the AICPA Peer Review
program. The review will most likely be performed by
101. Within its system of quality control, the objectives of the firm's policies and procedures Professional development activities
related to the element of human resources include providing that allow employees to fulfill
assigned responsibilities.
102. Within the context of quality control, the primary purpose of continuing professional The ability to fulfill assigned
education (CPE) and training activities is to provide a CPA firm with reasonable responsibilities and the qualifications
assurance that personnel within the firm have for advancement.
103. With regard to assignment of personnel to an engagement team, a CPA firm's policies Consideration of the team's
and procedures should include understanding of similar engagements
through training and participation.
AIS CHAPTER 3
Study online at quizlet.com/_g7gea
1. A) 6. A) #2
2. A) Which symbol would be used in a flowchart to

represent a general ledger?
A) #2
B) #1
C) #3
D) #5
7. A) #10
3. A)
Which symbol would be used in a flowchart to

4. A) represent a decision?
1 A) #10
B) #16
C) #9
D) #6
8. A) a In a payroll processing DFD, the "prepare reports"
circle; activity will be represented by ________, the
two "employee payroll file" will be represented by
horizontal ________, and the "management" will be represented
lines; a by ________.
square A) a circle; two horizontal lines; a square
B) a circle; two horizontal lines; two horizontal
The correct label for Shape 2 in the flowchart lines
A) 1 C) a rectangle; a square; a circle
B) Purchase Requisition 1 D) a square; two horizontal lines; a circle
C) Receiving Report 1 9. A) data Chas Mulligan has been hired by Yardley Security
D) 2 flow as an assistant to the internal auditor. He has
5. A) diagram. been asked to document the existing accounting
#1 information system, and focus on the activities
and flow of data between activities. He decides
to begin with a summary description of the
sources and uses of data in the organization and
how they are processed by the system. The
documentation tool that he should employ for
Which symbol would be used in a flowchart to represent this purpose is a
employee time cards sent by department managers to the A) data flow diagram.
payroll department? B) document flowchart.
A) #1 C) system flowchart.
B) #4 D) program flowchart.
C) #11
D) #16
10. A) is a graphical A data flow diagram 14. B)
description of the A) is a graphical description of the
source and source and destination of data that
destination of shows how data flow within an
data that shows organization.
how data flow B) is a graphical description of the flow
within an of documents and information between
organization. departments or areas of responsibility. 15. B) #6
C) is a graphical description of the
relationship among the input,
processing, and output in an information
system.
D) is a graphical description of the
sequence of logical operations that a
computer performs as it executes a Which symbol would be used in a flowchart to
program. represent a manual process?
A) #5
11. A) Purchase Order
B) #6
2
C) #10
D) #11
16. B) #13

represent a communication link?
The correct label for Shape 1 in the A) #12
flowchart: B) #13
A) Purchase Order 2 C) #14
B) Purchase Requisition 1 D) #15
C) Accounts Payable Trial Balance 17. B) Chas Mulligan has been hired by Yardley Security
D) 2 document as an assistant to the internal auditor. He has
12. B) flowchart. been asked to thoroughly document the existing
accounting information system in preparation for
making recommendations for improvements to
internal controls. He decides to begin with a
description of the information stored in paper
records, their sources, and their destinations. The
documentation tool that he should employ for
13. B)
this purpose is a
A) data flow diagram.
B) document flowchart.
C) system flowchart.
D) program flowchart.
18. B) Purchase 22. C)
Requisition 1
23. C)
#1
The correct label for Shape 3 in the

flowchart
A) Purchase Order 4 Which symbol would be used in a flowchart to represent
B) Purchase Requisition 1 an invoice sent to a customer?
C) Vendor A) #2
D) 4 B) #6
C) #1
19. B) terminal D) #15
24. C)
#3
Which symbol would be used in a flowchart to represent

the display of a report on a computer screen?
A) #1
B) #2
The correct shape for the triangle labeled C) #3
"Supplier" in the flowchart D) #11
A) magnetic disk 25. C)
B) terminal #5
C) manual process
D) off-page connector
20. C)
Which symbol would be used in a flowchart to represent

a computer process?
A) #1
B) #2
21. C) C) #5
D) #15
26. C) #7 30. C) data Most processes on a DFD can be identified by
flows both A) data in-flows only.
into or out B) data out-flows only.
of a C) data flows both into or out of a process.
process. D) always being followed by a data store.
31. C) system Chas Mulligan has been hired by Yardley
flowchart. Security as an assistant to the internal auditor.
He has been asked to thoroughly document the
represent a general ledger master file kept on
existing accounting information system in
magnetic disk?
preparation for making recommendations for
A) #2
improvements. He decides to begin by meeting
B) #5
with the information technology staff in order to
C) #7
develop an understanding of the overall
D) #8
operation of the AIS, including data entry,
27. C) #8 storage, and output. The documentation tool
that he should employ for this purpose is a
A) data flow diagram.
B) document flowchart.
C) system flowchart.
D) program flowchart.
32. C) The Sarbanes-Oxley Act requires independent
understand auditors to
represent a payroll master file kept on magnetic
a client's A) create flowcharts using specialized software.
tape?
system of B) establish and maintain adequate controls in
A) #4
internal the client's information system.
B) #7
controls. C) understand a client's system of internal
C) #8
controls.
D) #9
D) prepare and understand all types of system
28. C) #9 documentation.
33. D)

represent a file of paper documents?
34. D)
A) #7
B) #8
C) #9
D) #15
29. C) a A flowchart that depicts the relationships among
system the input, processing, and output of an AIS is
flowchart. A) an internal control flowchart.
B) a document flowchart.
C) a system flowchart.
D) a program flowchart.
35. D)
36. D) all of the above The passage of the Sarbanes Oxley Act
A) made documentation skills even more important.
B) requires public companies to prepare an annual internal control report.
C) mandates that auditors must be able to prepare, evaluate and read documentation tools such as
flowcharts.
D) all of the above
37. D) context diagram. A DFD created at the highest-level or summary view is referred to as a
A) process diagram.
B) overview diagram.
C) content diagram.
D) context diagram.
38. D) decision In a program flowchart, branching to alternative paths is represented by
diamond. A) a terminal.
B) data/information flow.
C) computer operation.
D) decision diamond.
Chapter 3
Study online at quizlet.com/_5qmdk9
1. Chas Mulligan has been hired by Yardley data flow 7. The passage of the Sarbanes Oxley Act requires public
Security as an assistant to the internal auditor. diagram. companies to
He has been asked to document the existing prepare an
accounting information system, and focus on annual internal
the activities and flow of data between control report.
activities. He decides to begin with a summary
description of the sources and uses of data in mandates that
the organization and how they are processed auditors must
by the system. The documentation tool that he be able to
should employ for this purpose is a prepare,
evaluate and
2. A customer's check is received and sent to the database -
read
accounting office for processing. The > rectangle
documentation
customer's account receivable file, stored on a -> cylinder
tools such as
hard drive, is updated. Which one of the
flowcharts.
following diagrams represents this activity?
3. Data flow diagrams depict processes, made
but not documentation
who is skills even
performing more
the important.
processes.
4. In the data flow diagram below, inventory is a data store. (all of the
above.)
5. In the data flow diagram below, which process Take order
happens first? 8. Preimer Life Company is a life insurance Circle
company that collects, stores, prepares
6. Most processes on a DFD can be identified by data flows
and provides customerized life insurance
both into
policy to customers in the Midwest. When
or out of a
a customer's information is received, it is
process.
recorded in a database and a ticket is
provided to the policy underwriter . When
the life insurance policy is issued, the
database is updated so that it always
reflects the correct amount of life
insurance coverage and the length of the
policy available to the customers. In a data
flow diagram, which type of symbol would
be used to represent the process of
updating customers' life insurance records
in the system?
9. Which is a true statement regarding the Each manual
use of the manual processing symbol in a processing
flowchart? symbol should
have an input
and an output.
10. Which is the correct label for the blank 1.2 Check
transformation process circle in the data Credit
flow diagram below?
Chapter 4
Study online at quizlet.com/_24z148
1. All of the following are b. group activities if 7. Examine the following context diagram c. The diagrams
"guidelines" for grouping activities they occur at different and the related level 0 logical DFD. Which are not
in a level 0 DFD except: times in the same place of the following statements is true? balanced.
a. group activities if they occur in
the same place and at the same
time a. The diagrams are prepared correctly.
b. group activities if they occur at b. A context diagram must have a least
different times in the same place two external entities.
c. group activities if they occur at c. The diagrams are not balanced.
the same time but in different d. None of the above are true.
places
8. The following is a jumbled list of the b. I, V, III, II, IV
d. group activities that seem to be
activities suggested in this text for drafting
logically related
data flow diagrams (DFDs) for an existing
2. Bubbles are labelled with nouns in a. physical data flow system:
a. physical data flow diagrams diagrams
b. logical data flow diagrams I. Prepare a table of entities and activities.
c. both physical and logical data II. Prepare an annotated table of entities
flow diagrams and activities.
d. neither physical nor logical data III. Draw a physical data flow diagram.
flow diagrams IV. Draw a logical data flow diagram.
V. Draw a context diagram.
3. A data flow diagram (DFD) could b. an octagon
contain each of the following
The best sequence for undertaking these
symbols except:
activities is:
a. a bubble or circle
a. I, II, V, III, IV
b. an octagon
b. I, V, III, II, IV
c. a square
c. II, I, III, V, IV
d. a curved line with an arrow
d. II, IV, III, I, V
head
9. The following systems flowchart segment c. The
4. The data flows in a logical data c. the nature of the data
depicts a data entry clerk keying data computer
flow diagram (DFD) show: being transmitted
from a source document into a business process should
a. how the data are transmitted
event data store. Which statement is be shown in the
b. where the data are transmitted
correct? computer
c. the nature of the data being
column.
transmitted
d. who transmits the data
5. A _______________ depicts a system's b. physical DFD a. The systems flowchart was created
infrastructure. properly.
a. context diagram b. The arrow between the computer
b. physical DFD process and the data store should be bi-
c. logical DFD directional.
d. system flowchart c. The computer process should be shown
6. Those entities which perform no a. external entities in the computer column.
information processing activities d. The second symbol in the data entry
for the system are called: clerk column should be a square.
a. external entities
b. internal entities
c. boundary entities
d. environmental entities
10. The following systems flowchart d. The master data 14. In a physical data flow diagram (DFD), a d. what
segment depicts a user entering is a sequential data bubble or circle could be used to specify process is
business event data from a source store. each of the following except: performed
document to update a master file a. where a process is performed
data store. Which statement is b. how a process is performed
correct? c. by whom a process is performed
d. what process is performed
15. In a physical data flow diagram (DFD), this d. internal
a. The systems flowchart was created
is something within the system that entity
properly.
transforms data.
b. Only a single disk must be used to
a. data flow
represent the master data.
b. data store
c. The every day symbol should be
c. external entity
connected with a solid line.
d. internal entity
d. The master data is a sequential
data store. 16. In drawing a context diagram, we should c. only
include: normal
11. The following systems flowchart b. Only a single
a. only exception routines processing
segment depicts a user's query of a direction arrow
b. only error routines routines
data store to view information on a should connect the
c. only normal processing routines
computer screen. Which statement is data store symbol
d. only normal processing and exception
correct? to the process
routines
query symbol.
17. Information processing activities include: b. activities
a. only automated activities that retrieve,
a. The systems flowchart was created b. activities that retrieve, transform, and transform,
properly. file data and file data
b. Only a single direction arrow c. the sending of data between entities
should connect the data store symbol d. operational activities
to the process query symbol. 18. An information processing activity could a. sending or
c. The query input symbol should be a be any of the following except: receiving data
square. a. sending or receiving data between between
d. The query input symbol should be entities entities
in the computer column. b. document preparation
12. How many circles (bubbles) are b. One c. data entry
included in a correctly drawn context d. data verification
diagram? 19. In the top-down partitioning of process 3.0, c. 3.1, 3.2, 3.3,
a. Zero the next level's process bubbles would be 3.4
b. One labeled (assuming there are four
c. Three subprocesses):
d. Between five and seven bubbles a. 1.3, 2.3, 3.3, 4.3
13. In a logical data flow diagram (DFD) a. cashier b. 3.A, 3.B, 3.D, 3.D
for a cash receipts system, each of c. 3.1, 3.2, 3.3, 3.4
the following labels might appear in a d. 3.1.1, 3.1.2, 3.1.3, 3.1.4
bubble except: 20. In which of the following data flow c. logical
a. cashier diagrams does the bubble symbol data flow
b. capture cash receipt represent a process and not the entire diagram
c. prepare deposit system?
d. record customer payment a. context diagram
b. physical data flow diagram
c. logical data flow diagram
d. systems flowchart
21. On a logical data flow diagram (DFD), data b. never go 28. System flowchart logic should: d. a. and b. but
flows: from a higher- a. flow from left to right minimize crossed
a. always go from a higher-numbered to a numbered to b. flow top to bottom lines and
lower-numbered bubble a lower- c. flow from bottom to top connectors
b. never go from a higher-numbered to a numbered d. a. and b. but minimize crossed
lower-numbered bubble bubble lines and connectors
c. can go in either direction as needed
29. A systems flowchart varies from a d. represents the
d. must go from a bubble to a square
data flow diagram (DFD) because it: management
22. On a systems flowchart, a paper file is a. Triangle a. only represents the information system, the
represented by a: system operations system,
a. Triangle b. only represents the operations and the information
b. Cylinder system system
c. Rectangle c. only represents the management
d. Pentagon system
d. represents the management
23. On a systems flowchart, a solid line with an d. logical
system, the operations system, and
arrow indicates a(n): flow
the information system
a. batch total
b. telecommunications link 30. When a transaction cannot be d. exception routine
c. off-page connector processed in a routine fashion
d. logical flow because of an error or other
processing problems, the transaction
24. On a systems flowchart, computer c. Rectangle
must be handled by a(n):
processing is represented by a:
a. rejection routine
a. Square
b. change report
b. Trapezoid
c. exception and summary report
c. Rectangle
d. exception routine
d. Parallelogram
31. When two data flow diagrams (DFDs) c. balanced
25. A person, place, or thing within a system c. internal
have equivalent external data flows,
that transforms data is called: entity
we say that the two data flow
a. external entity
diagrams are:
b. data store
a. congruent
c. internal entity
b. similar
d. Boundary
c. balanced
26. A process in which successive layers of a. top-down d. equal
data flow diagrams (DFDs) are constructed partitioning
32. Which data flow diagram (DFD) b. data store
by "exploding" the bubbles on a less
symbol is portrayed by two parallel
detailed DFD to show more detailed data
lines?
flows is called:
a. data flow
a. top-down partitioning
b. data store
b. serial expansion
c. external entity
c. balanced construction
d. internal entity or process
d. expanded data flows
33. Which data flow diagram (DFD) a. data flow
27. A symbol used in data flow diagrams c. bubble
symbol is usually portrayed with an
(DFDs) to depict an entity or process symbol
arrow?
within which incoming data flows are
a. data flow
transformed into outgoing data flows is
b. data store
a(n):
c. external entity
a. data flow symbol
d. process or internal entity
b. external entity symbol
c. bubble symbol
d. data store symbol
34. Which data flow diagram (DFD) c. external entity 39. Which of the following is the least c. context diagram
symbol is usually portrayed with a detailed of the data flow diagrams?
square? a. logical data flow diagram
a. data flow b. systems flowchart
b. data store c. context diagram
c. external entity d. physical data flow diagram
d. process or internal entity
40. Which of the following segments a. Segment a.
35. Which data flow diagram (DFD) b. external entity violates guidelines for creating
symbol portrays a source or symbol systems flowcharts?
destination of data outside the
system?
a. data flow symbol
b. external entity symbol a. Segment a.
c. bubble symbol b. Segment b.
d. data store symbol c. Segment c.
d. Segment d.
36. Which data flow diagram shows d. logical data flow
what activities the system is diagram 41. Which of the following statements c. Sources and
performing without having to related to the construction of data destinations are
specify how, where, or by whom flow diagrams (DFDs) is false? depicted by parallel
the activities are accomplished? a. The level 0 diagram is the next horizontal lines,
a. context diagram level down from the context between which the
b. physical data flow diagram diagram. name of the entity is
c. systems flowchart b. If the level 0 diagram has one shown.
d. logical data flow diagram arrow going into bubble number 1.0
and two arrows leaving bubble
37. Which of the following data flow a. include within the
number 1.0, then diagram 1.0 will
diagram (DFD) guidelines is system context any
show one arrow entering and two
correct? entity that performs
arrows leaving.
a. include within the system one or more
c. Sources and destinations are
context any entity that performs information processing
depicted by parallel horizontal
one or more information activities
lines, between which the name of
processing activities
the entity is shown.
b. read computer data stores from
d. Arrows represent a pathway for
the process bubble that requires
data.
the data
c. include within the system 42. Which of the following systems c. divide the
context any entity in the system flowcharting guidelines is correct? flowchart into
narrative a. documents or reports printed by columns, one for
d. data flows should never go from a central computer should first be each internal entity,
higher- to lower-numbered show in that computer's column and label each
bubbles b. sequential process steps, with no column
intervening delay, should be shown
38. Which of the following data flow d. data store symbol
as one process
diagram (DFD) symbols is
c. divide the flowchart into columns,
represented by two parallel lines?
one for each internal entity, and
a. data flow symbol
label each column
b. external entity symbol
d. use a manual process symbol to
c. internal entity symbol
show the sending or filing of a
d. data store symbol
document
43. Which of the following systems c. manual 48. Which symbol can be either an entity a. bubble symbol
flowcharting symbol descriptions is process or a process depending on the type
incorrect? of data flow diagram (DFD)?
a. Disk a. bubble symbol
b. computer process b. external entity symbol
c. manual process c. data flow symbol
d. Display d. data store symbol
44. Which of the following systems d. punched card 49. Which type of data flow diagram b. physical data
flowcharting symbols descriptions is specifies where, how, and by whom a flow diagram
incorrect? system's processes are performed?
a. context diagram
b. physical data flow diagram
c. logical data flow diagram
a. general purpose input-output d. systems flowchart
b. manual process
50. Why do auditors and systems analysts a. to understand,
c. multiple-page document
use systems documentation? explain, and
d. punched card
a. to understand, explain, and improve improve complex
45. Which of the following systems d. paper file complex systems systems
flowcharting symbols descriptions is b. only to provide justification to
incorrect? management for systems investments
c. to reduce the number and amount
of external entities
d. to eliminate evidence to be
a. Tape collected
b. on-page connector
c. start/stop
d. paper file
46. Which of these represent a d. systems
comprehensive picture of management, flowchart
operations and information systems?
a. context diagram
b. logical data flow diagram
c. physical data flow diagram
d. systems flowchart
47. Which statement concerning the a. The data flow
following diagram 1.0 logical data flow diagram follows
diagram (DFD) is true? DFD guidelines.
a. The data flow diagram follows DFD

guidelines.
b. An arrow should never leave a
bubble with no destination.
c. Data should only flow from a data
store.
d. Data flow diagrams (DFDs) at this
level should show the external entities.
326 Exam 2
Study online at quizlet.com/_17tyae
1. 37. A process by which organizations select C. 6. 39. The purpose of ____ control goals is to A.
objectives, establish processes to achieve organizational ensure that all resources used throughout the efficiency
objectives, and monitor performance is: governance business process are being employed in the
A. enterprise risk management most productive manner.
B. internal control A. efficiency
C. organizational governance B. effectiveness
D. risk assessment C. security
D. input
2. 37. The two primary steps in preparing the A. specifying
control matrix include: control goals, 7. 40. The ERM framework addresses four D.
A. specifying control goals, identifying identifying categories of management objectives. Which Strategic
recommended control plans recommended category concerns high-level goals, aligned
B. specifying control plans, specifying input control plans with and supporting its mission?
goals A. Compliance
C. specifying the control environment, B. Operations
identifying information process goals C. Reporting
D. specifying control procedures, D. Strategic
identifying process goals
8. 40. The purpose of ____ control goals is to C. security
3. 38. A process, effected by an entity's board A. enterprise ensure that entity resources are protected
of directors, management and other risk from loss, destruction, disclosure, copying,
personnel, applied in strategy settings and management sale, or other misuse.
across the enterprise, designed to identify A. efficiency
potential events that may effect the entity, B. effectiveness
and manage risk to be within its risk C. security
appetite, to provide reasonable assurance D. input
regarding the achievement of entity
9. 41. Entity resources that are always considered C. people
objectives is:
in efficiency assessments for an AIS are: and
A. enterprise risk management
A. cash and equipment computers
B. internal control
B. inventory and cash
C. organizational governance
C. people and computers
D. risk assessment
D. fixed assets and inventory
4. 38. The purpose of ____ control goals is to B.
10. 41. The ERM framework addresses four B.
ensure the successful accomplishment of effectiveness
categories of management objectives. Which operations
the goals set forth for the operations
category addresses the effective and efficient
process under consideration.
use of resources?
A. efficiency
A. compliance
B. effectiveness
B. operations
C. security
C. reporting
D. input
D. strategic
5. 39. A manager of a manufacturing plant C. fraud
11. 42. The ERM framework addresses four C.
alters production reports to provide the
categories of management objectives. Which reporting
corporate office with an inflated perception
category addresses the reliability of the
of the plant's cost effectiveness in an effort
financial statements?
to keep the inefficient plant from being
A. compliance
closed. This action would be classified as
B. operations
a(n):
C. reporting
A. risk
D. strategic
B. hazard
C. fraud
D. exposure
12. 42. The purpose of input control goals is to A. input 17. 45. Risk assessment is best described D. The likelihood
ensure: validity, input by: and impact of
A. input validity, input completeness, and completeness, A. Internal and external events risks are
input accuracy and input affecting achievement of an entity's analyzed, as a
B. update completeness and update accuracy objectives must be identified, basis for
accuracy distinguishing between risks and determining how
C. input accuracy opportunities. they should be
D. none of the above B. Management selects whether to managed.
avoid, accept, reduce, or share risk -
13. 43. In a control matrix the coding P-1 D. none of the
developing a set of actions to align risks
means: above
with the entity's risk tolerances and risk
A. process 1
appetite.
B. process 1 is present
C. The entirety of enterprise risk
C. process 1 is missing
management is monitored and
D. none of the above
modifications made as necessary.
14. 43. The ERM framework addresses four A. compliance D. The likelihood and impact of risks are
categories of management objectives. analyzed, as a basis for determining
Which category of concerns laws and how they should be managed.
regulations?
18. 45. The most error-prone and inefficient C. data entry
A. compliance
steps in an operations or information
B. operations
process is:
C. reporting
A. report generation
D. strategic
B. master data update
15. 44. In a control matrix, the coding M-1 B. a missing C. data entry
means: control plan D. none of the above
A. a major control plan
19. 46. The columns in a control matrix A. control goals
B. a missing control plan
contain headings listing the business
C. process 1 is missing
process:
A. control goals
16. 44. The ERM framework is comprised of A. control B. control plans
eight components. Which component activities C. control environment
includes the policies and procedures D. control procedures
established and implemented to help
20. 46. Which component of the ERM D. risk response
ensure the risk responses are effectively
framework is best described here:
carried out?
Management selects whether to avoid,
A. control activities
accept, reduce, or share risk -
B. event identification
developing a set of actions to align risks
C. risk assessment
with the entity's risk tolerances and risk
D. risk response
appetite.
C. risk assessment
D. risk response
21. 47. In the control matrix, the rows B. 26. 49. This component of the ERM framework B.
represent: recommended concerns the entirety of enterprise risk monitoring
A. control goals of the operations process control plans management and is accomplished through
B. recommended control plans including including both ongoing management activities, separate
both present and missing controls present and evaluations, or both.
C. control goals of the information process missing A. control activities
D. control goals of the management controls B. monitoring
process C. objective setting
D. risk response
22. 47. Which component of the ERM B. event
framework is best described here: Internal identification 27. 49. Top 10 management concerns about IT's C. the
and external events affecting achievement capability to support an organization's vision Internet
of an entity's objectives must be identified, and strategy include all except the following:
distinguishing between risks and A. decline in IT investments during recession
opportunities. Opportunities are channeled B. overall security of IT assets
back to management's strategy or C. the Internet
objective-setting processes. D. need for project management leadership
28. 49. Which of the following control plans is not B. written
directed primarily at the control goal of input approvals
C. risk assessment
accuracy?
D. risk response
A. document design
23. 48. Having too many control plans C. control B. written approvals
directed at the same control goal is called: redundancy C. preformatted screens
A. control efficiency D. online prompting
B. control effectiveness
29. 50. Approvals, authorizations, verifications, A. control
C. control redundancy
reconciliations, reviews of operating activities
D. control completeness
performance, security procedures, supervision,
24. 48. The use of IT resources for enterprise A. magnifies audit trails, and segregation of duties are
systems and e-business: the examples of:
A. magnifies the importance of protecting importance of A. control activities
the resources both within and outside of protecting the B. event identification
the organization from risks resources C. monitoring
B. magnifies the importance of protecting both within D. risk response
the resources both within but not outside and outside of
30. 50. Top security concerns reported by IT C. data
the of the organization from risks the
security professionals include all the following backup
C. makes it easier to provide internal organization
except:
control risk when IT resources are from risks
A. data breaches
interlinked
B. cyber crimes and cyber attacks
C. data backup
25. 48. This component of the ERM framework B. internal D. workforce mobility
that encompasses the tone of an environment
31. 50. Which of the following is a control plan in A.
organization and sets the basis for how risk
which the source document is designed to document
is viewed and addressed by an entity's
make it easier to input data from the design
people, including risk management
document?
philosophy and risk appetite, integrity and
A. document design
ethical values and the environment in
B. written approval
which they operate
C. preformatted screens
D. online prompting
B. internal environment
C. risk assessment
D. risk response
32. 51. Events that could have a D. Risks 36. 52. A.
negative impact on Data redundancy: occurs when
organizational objectives: A. data is stored
A. Controls occurs when data is stored in multiple in multiple
B. embezzlement locations locations
C. Fraud B.
D. Risks is eliminated by using the applications
approach
33. 51. Pervasive control plans: C. influence the
C.
A. are unrelated to applications effectiveness of
reduces labor and storage costs
control plans applications control
D.
B. are a subset of applications plans
improves consistency between
control plans
applications
C. influence the effectiveness of
applications control plans 37. 52. Events that could have a positive C.
D. increase the efficiency of impact on organizational objectives: Opportunities
applications control plans A. Controls
B. Fraud
34. 51. Which of the following is a B. written approval
C. Opportunities
control plan that takes the form
D. Profit
of signatures or initials on a
document to indicate that a 38. 52. Which of the following is a control plan C.
person has authorized the that controls the entry of data by defining preformatted
event? the acceptable format of each data field? screens
A. document design A. document design
B. written approval B. written approval
C. preformatted screens C. preformatted screens
D. online prompting D. online prompting
35. 52. COBIT was developed to: A. provide guidance to 39. 53. The department or function that A. information
A. provide guidance to managers, users, and develops and operates an organization's systems
managers, users, and auditors on auditors on the best information systems is often called the: organization
the best practices for the practices for the A. information systems organization
management of information management of B. computer operations department
technology information technology C. controller's office
B. identify specific control plans D. computer technology branch
that should be implemented to
40. 53. Which of the following is a control plan D. online
reduce the occurrence of fraud
that requests user input or asks questions prompting
C. specify the components of an
that the user must answer?
information system that should
A. document design
be installed in an e-commerce
B. written approval
environment
D. suggest the type of
D. online prompting
information that should be made
available for management
decision making
41. 53. C. 45. 54. In an information systems A. systems
Which of the following statements It focuses on how organization structure, the three development,
related to the event-driven approach is users interact with functions that might logically report technical
false business events directly to the CIO would be: services, and
? and processes. A. systems development, technical data center
A. services, and data center
It attempts to describe all aspects of B. systems development, database
business events. administration, and data center
B. C. systems development, technical
It is also referred to as the top-down services, and data librarian
approach. D. applications programming, technical
C. services, and data center
It focuses on how users interact with
46. 54. The major reasons for exercising D. all of the
business events and processes.
control of the organization's business above
D.
processes include:
It usually results in a better database
A. to provide reasonable assurance that
design than the bottom-up approach.
the goals of the business are being
42. 53. Who is legally responsible for D. management achieved
establishing and maintaining an B. to mitigate risks of fraud and other
adequate system of internal control? intentional and unintentional acts
A. the board of directors C. to provide reasonable assurance that
B. stakeholders the company is in compliance with
C. investors applicable legal and regulatory
D. management obligations
D. all of the above
43. 54. B.
A record layout depicts: the fields 47. 55. COBIT was developed by: B. IT Governance
A. comprising a A. COSO Institute
the characters comprising a field record B. IT Governance Institute
B. C. PCAOB
the fields comprising a record D. AICPA
C.
48. 55. C.
the records comprising a file
Grouping or categorizing data classifying data
D.
according to common attributes is
the characters comprising a record
called:
44. 54. Before a completed input screen is A. online A.
recorded the data entry clerk is asked prompting coding data
if the data should be accepted. This is B.
which control plan? filing data
A. online prompting C.
B. mathematical accuracy check classifying data
C. preformatted screen D.
D. confirm input acceptance updating data
49. 55. The effect of an event's occurrence B. impact
is:
A. control
B. impact
C. risk
D. opportunity
50. 55. Which of the following reflects a B. 56. 57. The section of Sarbanes Oxley that B. Title II -
summarization of any numeric data field document/record prohibits a CPA firm that audits a public Auditor
within the input document or record? hash totals company from engaging in certain Independence
A. reasonableness check or limit check nonaudit services with the same client is:
B. document/record hash totals A. Title I - Public Company Accounting
C. mathematical accuracy check Oversight Board
D. check digit B. Title II - Auditor Independence
C. Title III - Corporate Responsibility
51. 56. B.
D. Title IV - Enhanced Financial Disclosures
Another name for sequential coding is: serial coding
A. 57. 57. A.
block coding The uniform product codes (UPC) used in block code
B. supermarkets is a type of:
serial coding A.
C. block code
hierarchical coding B.
D. serial code
significant digit coding C.
hierarchical code
52. 56. Quality assurance function: B. conducts
D.
A. modifies and adapts application reviews to
significant digit code
software determine
B. conducts reviews to determine adherence to IT 58. 57. This IT function's key control concern is C. IT steering
adherence to IT standards standards that organization and IT strategic committee
C. analyzes existing applications and objectives are misaligned:
proposes solutions A. CIO
D. supervises applications systems B. quality assurance
development C. IT steering committee
D. systems development manager
53. 56. The section of Sarbanes Oxley that A. Title I - Public
establishes an independent board to Company 59. 58. A company uses a 7-digit number to C. significant
oversee public company audits is: Accounting identify customers. For example, the digit
A. Title I - Public Company Accounting Oversight Board customer 1532789 indicates the following
Oversight Board information:
B. Title II - Auditor Independence
C. Title III - Corporate Responsibility digits 1-2, state, 15 = Georgia
D. Title IV - Enhanced Financial digit 3, type of organization, 3 =
Disclosures government agency
digit 4, credit terms, 2 = 2/10, n/30
54. 56. Which of the following compares C. mathematical
digits 5-7, unique customer identifier, 789
manual calculations to computer accuracy check
calculations?
This type of coding scheme is:
A. reasonableness check or limit check
A. hierarchical
B. document/record hash totals
B. block
C. mathematical accuracy check
C. significant digit
D. check digit
D. sequential
55. 57. A control that can be used to ensure C. preformatted
60. 58. A written approval in the form of a A. ensure
that all of the characters of a social screens
signature or initials on a document input validity
security number are entered by a data
indicating that a person has authorized the
entry clerk is:
event is directed primarily at achieving the
A. dependency check
control goal of:
B. procedures for rejected inputs
A. ensure input validity
B. ensure input completeness
D. turnaround documents
C. ensure input accuracy
D. ensure update accuracy
61. 58. ____ can consist of many C. LAN 66. 59. The section of Sarbanes Oxley that D. Title IV -
computers and related equipment requires each annual report filed with the Enhanced
connected together via a network. SEC to include an internal control report is: Financial
A. PCs A. Title I - Public Company Accounting Disclosures
B. Servers Oversight Board
C. LAN B. Title II - Auditor Independence
D. Firewall C. Title III - Corporate Responsibility
D. Title IV - Enhanced Financial Disclosures
62. 58. The section of Sarbanes Oxley C. Title III -
that requires a company's CEO and Corporate 67. 60. In an information systems organization, D. quality
CFO to certify quarterly and annual Responsibility all of the following functions might logically assurance
reports is: report to the data center manager except:
A. Title I - Public Company A. data control
Accounting Oversight Board B. computer operations
B. Title II - Auditor Independence C. data librarian
C. Title III - Corporate Responsibility D. quality assurance
D. Title IV - Enhanced Financial
68. 60. The coding system that is most D. mnemonic
Disclosures
understandable by human information coding
63. 59. A control that can be used to A. check digit processors is:
reduce the likelihood of an error A. serial coding
occurring when an account number is B. hierarchical coding
entered into a computer is: C. block coding
A. check digit D. mnemonic coding
B. data encryption
69. 60. The section of Sarbanes Oxley that A. Title V -
requires financial analysts to properly Analysts
D. reasonableness checks
disclose in research reports any conflicts of Conflicts of
64. 59. A postal ZIP code is an example C. hierarchical interest they might hold with the companies Interests
of which of the following coding code they recommend is:
schemes? A. Title V - Analysts Conflicts of Interests
A. block code B. Title VIII - Corporate and Criminal Fraud
B. serial code Accountability
C. hierarchical code C. Title IX - White-Collar Crime Penalty
D. significant digit code Enhancements
D. Title XI - Corporate Fraud and
65. 59. In an information systems B. The systems
Accountability
organization, which of the following development
reporting relationships makes the manager reports to 70. 60. Which of the following control plans is B. confirm
least sense? the data center designed to achieve the goal of input input
A. The data center manager reports manager. completeness? acceptance
to the CIO. A. key verification
B. The systems development manager B. confirm input acceptance
reports to the data center manager. C. programmed edit check
C. Database administration reports to D. written approvals
the technical services manager.
71. 61. A control whose primary purpose is to B.
D. The data librarian reports to the
ensure greater input accuracy is: preformatted
data center manager.
A. written approvals screens
B. preformatted screens
C. confirm input acceptance
D. all of these ensure greater input accuracy
72. 61. Managing functional units such as C. technical 77. 62. Not knowing whether input data has B. confirm
networks, CAD/CAM and systems services been accepted by the information system, input
programming typically is a major duty of: manager the user enters the data again, resulting in acceptance
A. data center manager duplicate event data. The control plan that
B. systems development helps to prevent this error is:
C. technical services manager A. key verification
D. database administrator B. confirm input acceptance
C. check digit
73. 61. The section of Sarbanes Oxley that B. Title VIII -
D. online prompting
makes it a felony to knowingly destroy, Corporate
alter, or create records and or documents and Criminal 78. 62. The section of Sarbanes Oxley that C. Title IX -
with the intent to impede, obstruct, or Fraud sets forth criminal penalties applicable to White-Collar
influence an ongoing or contemplated Accountability CEOs and CFOs of up to $5 million and up Crime Penalty
federal investigation and offers legal to 20 years imprisonment if they Enhancements
protection to whistle blowers is: knowingly or willfully certify false or
A. Title V - Analysts Conflicts of Interests misleading information contained in
B. Title VIII - Corporate and Criminal Fraud periodic reports is:
Accountability A. Title V - Analysts Conflicts of Interests
C. Title IX - White-Collar Crime Penalty B. Title VIII - Corporate and Criminal Fraud
Enhancements Accountability
D. Title XI - Corporate Fraud and C. Title IX - White-Collar Crime Penalty
Accountability Enhancements
74. 61. Which of the following is the most likely D. mnemonic
Accountability
coding scheme for college courses? coding
A. hierarchical coding 79. 63. A key control concern is that certain B. systems
B. sequential coding people within an organization have easy programmers
C. block coding access to applications programs and data
D. mnemonic coding files. The people are:
A. data librarians
75. 62. An extra character added to a numeric B. check digit
B. systems programmers
code as a device to test the accuracy of
C. systems development
data entered into a computer system is
D. data center managers
called a:
A. control digit 80. 63. Assigning numbers to objects in C. sequential
B. check digit chronological sequence is known as: coding
C. mnemonic digit A. block coding
D. significant digit B. mnemonic coding
C. sequential coding
76. 62. From the standpoint of achieving the B. between
D. check digit coding
operations system control goal of security data control
of resources, which of the following and data 81. 63. The section of Sarbanes Oxley that D. Title XI -
segregation of duties possibilities is least preparation provides for fines and imprisonment of up Corporate
important? personnel to 20 years to individuals who corruptly Fraud and
A. between systems programming and alter, destroy, mutilate, or conceal Accountability
computer operations documents with the intent to impair the
B. between data control and data document's integrity or availability for use
preparation personnel in an official proceeding, or to otherwise
C. between systems development and obstruct, influence or impede any official
computer operators proceeding is:
D. between technical services and data A. Title V - Analysts Conflicts of Interests
center B. Title VIII - Corporate and Criminal Fraud
Accountability
C. Title IX - White-Collar Crime Penalty
Enhancements
Accountability
82. 63. Which of the following control plans is A. key 88. 65. Which of the following control plans B. digital
designed to achieve the goal of input verification is designed both to authenticate a signature
accuracy? system user's identity and to verify the
A. key verification integrity of a message transmitted by
B. confirm input acceptance that user?
C. batch sequence check A. coding schemes
D. cumulative sequence check B. digital signature
83. 64. A control in which two people key the B. key
D. check digit
same inputs into a system where they are verification
compared is called: 89. 65. Which of the following has the B. security
A. online prompting responsibility to ensure the security of officer
B. key verification all IT resources?
C. computer matching procedures A. steering committee
D. a redundancy check B. security officer
C. CIO
84. 64. The ____ concentrates on the process D.
D. systems development manager
being performed with data playing a applications
secondary or supporting role. approach 90. 65. Which of the following statements D. In this
A. database management approach regarding the centralized database approach, data
B. hierarchical data management approach approach to data management is false? and
C. transaction processing approach A. Facts about events are stored in applications are
D. applications approach relational database tables. dependent on
B. Users can access and manipulate data each other.
85. 64. Which of the following has the major A. steering
using their own models.
duties of prioritizing and selecting IT projects committee
C. The approach eliminates many of the
and resources?
problems caused by data redundancy.
A. steering committee
D. In this approach, data and applications
B. security officer
are dependent on each other.
C. CIO
D. systems development manager 91. 66. A control that is primarily directed at A. written
ensuring input validity is: approvals
86. 64. Which of the following is not a C.
A. written approvals
requirement of SOX Section 404? Implement
B. programmed edit checks
A. Evaluate the design of the company's key controls
C. confirm input acceptance
controls to determine if they adequately to
D. online prompting
address the risk that a material misstatement determine
of the financial statements would not be their 92. 66. As described in COSO, elements of a D. all of the
prevented or detected in a timely manner. operating control environment might include the above
B. Gather and evaluate evidence about the efficiency. following:
operation of controls. A. commitment to the importance of
C. Implement key controls to determine control
their operating efficiency. B. reward systems
D. Present a written assessment of the C. tone at the top of the organization
effectiveness of internal control over D. all of the above
financial reporting.
93. 66. The computer software needed to B. database
87. 65. This framework was issued in 1996 (and A. COBIT implement a database approach to data management
updated in 2007) by the Information Systems management that is not needed with the system (DBMS)
Audit and Control Association (ISACA) applications approach to data software
because of the influence of IT over management is:
information systems, financial reporting and A. operating system software
auditing. B. database management system (DBMS)
A. COBIT software
B. COSO C. application program software
C. ERM D. query language software
D. All of the above.
94. 66. Which of the following has the C. CIO 100. 68. ____ is a process that evaluates the D. Monitoring
responsibility of efficient and effective quality of internal control performance
operation of IT? over time.
A. steering committee A. Control environment
B. security officer B. Risk assessment
C. CIO C. Control activities
D. systems development manager D. Monitoring
95. 67. ____ are the policies and procedures that C. Control 101. 68. The control concern that there will be B. data entry
help ensure that the risk responses are activities a high risk of data conversion errors
effectively carried out. relates primarily to which of the following
A. Control environment information systems functions?
B. Risk assessment A. data control
C. Control activities B. data entry
D. Monitoring C. data librarian
D. database administration
96. 67. Digital signatures address all of the B. ensure
following control goals except: input 102. 68. The feature of a database management B. query
A. ensure security of resources completeness system that enables nontechnical users to language
B. ensure input completeness access a database and to produce inquiry
C. ensure input validity reports is the:
D. ensure input accuracy A. Schema
B. query language
97. 67. In an information systems organizational D. database
C. Subschema
structure, the function of ____ is the central administration
D. logical database view
point from which to control data and is a
central point of vulnerability. 103. 69. Decoupling the data from the system A. data
A. data control applications is a major difference between independence
B. data entry the centralized database approach and the
C. data librarian applications approach and is known as:
D. database administration A. data independence
B. data manipulation
98. 67. Which of the following is not a database D. Physical
C. data redundancy
model discussed in Chapter 5:
D. query language
A. Relational
B. Hierarchical 104. 69. Online prompting is aimed primarily at A. ensure
C. Network ensuring which of the following input
D. Physical information systems control goals? accuracy
A. ensure input accuracy
99. 68. A sales representative enters the D. ensure
customer's account number and the system update
C. ensure security of resources
retrieves certain data about the customer completeness
D. ensure update completeness
from master data. This control plan
addresses all of the control goals except: 105. 69. The controlled access to data, C. data
A. ensure efficient employment of programs, and documentation is a principal librarian
resources responsibility of which of the following
B. ensure effectiveness of operations functions?
(timeliness) A. data control
C. ensure input accuracy B. data preparation (data entry)
D. ensure update completeness C. data librarian
D. computer operator
106. 69. Which of the following A. Effective internal control 110. 70. With the centralized database B. improved data
statements regarding a systems provide complete approach to data management, we integrity
system of internal control is assurance against the expect to have:
false? occurrence of material A. increased data storage costs
A. Effective internal control frauds and embezzlements. B. improved data integrity
systems provide complete C. increased data redundancy
assurance against the D. greater difficulty in performing
occurrence of material frauds file maintenance
and embezzlements.
111. 71. According to the 2008 Report D. tips
B. Internal control systems
to the Nation on Occupational
depend largely on the
Fraud and Abuse, frauds are more
competency and honesty of
likely to be detected by:
people.
A. audits
C. Because internal control
B. internal controls
systems have a cost,
C. managers
management should evaluate
D. tips
the cost/benefit of each
control plan. 112. 71. Which of the following D. reduced user and
D. The development of an advantages of the centralized programmer training
internal control system is the database approach does not occur
responsibility of because of a reduction in data
management. redundancy?
A. reduced storage costs
107. 70. All of the following are A. a proximity check
B. easier maintenance
types of programmed edit
C. increased data integrity
checks except:
D. reduced user and programmer
A. a proximity check
training
B. a document/record hash
total 113. 71. Which of the following is not a A. online prompting
C. a mathematical accuracy programmed edit check?
check A. online prompting
D. a reasonableness check B. check digit
C. mathematical accuracy check
108. 70. ____ sets the tone of the A. Control environment
D. limit checks
organization, influencing the
control consciousness of its 114. 71. Which of the following is not a C. Systems
people. strategic planning process? development life cycle
A. Control environment A. IT-related requirements to adoption to ensure that
B. Risk assessment comply with industry, regulatory, comprehensive
C. Control activities legal, and contractual obligations, documentation is
D. Monitoring including privacy, transborder data developed for each
flows, e-business, and insurance application.
109. 70. Which of the following is C. repair and replace
contracts.
not one of COBIT's four
B. Acquisition and development
broad IT control process
schedules for hardware, software,
domains?
and application systems and for
A. plan and organize
personnel and financial
B. acquire and implement
requirements.
C. repair and replace
C. Systems development life
D. monitor and evaluate
cycle adoption to ensure that
comprehensive documentation is
developed for each application.
D. An inventory of current IT
capabilities.
115. 72. A control report generated by a system B. exception 121. 73. The segregation of duties control A. planning
that shows data about transactions that and plan consists of separating all of the events
were accepted or rejected during a summary following event-processing functions
transaction processing step is called a(n): report except:
A. violation report A. planning events
B. exception and summary report B. authorizing events
C. variance report C. executing events
D. program change log D. recording events
116. 72. A deliberate act or untruth intended to C. fraud 122. 73. Which of the following is a batch B.
obtain unfair or unlawful gain is a(n): control total that represents the document/record
A. audit minimum level of control for input counts
B. embezzlement completeness?
C. fraud A. dollar totals
D. theft B. document/record counts
C. hash totals
117. 72. Which of the following is not a function D.
D. item counts
that a database management system Coordinates
performs? access to 123. 74. A computer abuse technique called A. worm
A. Defining the data. data stored a ____ involves a virus that replicates
B. Defining the relations among data. in the itself on disks, in memory, or across
C. Interfacing with the operating system for applications networks.
storage of the data on the physical media. programs. A. worm
D. Coordinates access to data stored in the B. back door
applications programs. C. logic bomb
D. Trojan horse
118. 72. Which one of the following personnel is D. Chief
not involved in safeguarding resources Information 124. 74. A summation of customer account D. hash total
resulting from consummating events? Officer numbers taken from a batch of sales
A. security officer invoices would be classified as a:
B. technical service manager A. record count
C. database administrator B. line count
D. Chief Information Officer C. dollar total
D. hash total
119. 73. A computer abuse technique called a C. logic
____ involves inserting unauthorized code in bomb 125. 74. A warehouse clerk manually B. executing
a program, which, when activated, may completing an order document and events
cause a disaster, such as shutting the forwarding it to purchasing for approval
system down or destroying files. is an example of:
A. salami slicing A. authorizing events
B. back door B. executing events
C. logic bomb C. recording events
D. Trojan horse D. safeguarding resources
120. 73. The exploration, aggregation, and B. data
analysis of large quantities of varied data mining
from across the organization is known as:
A. data independence
B. data mining
C. data redundancy
D. data warehousing
126. 74. Which of the following C. Organizations 131. 76. A control goal that is a measure of A.
statements related to events-driven adopting an success in meeting a set of established effectiveness
systems is false? events-driven goals is called:
A. In events-driven systems data is system are focused A. effectiveness
aggregated and maintained in its on capturing data B. Monitoring
original form. for the purpose of C. Efficiency
B. With an events-driven system generating reports. D. Risk
management views information
132. 76. Approving a customer credit purchase A.
systems processing as a decision-
would be an example of which basic events authorizing
support activity.
processing function? events
C. Organizations adopting an events-
A. authorizing events
driven system are focused on
B. executing events
capturing data for the purpose of
C. recording events
generating reports.
D. safeguarding resources
D. Users should be able to access
and manipulate data using their own 133. 76. A resource, event, or agent about which B. an entity
models and their own data data are collected is called:
aggregations. A. an attribute
B. an entity
127. 75. A(n) ____ is a computer abuse B. salami slicing
C. a relationship
technique where unauthorized
D. a query
instructions are inserted into a
program to systematically steal very 134. 76. Which of the following types of batch D. hash
small amounts, usually by rounding totals is likely to be most effective in totals
to the nearest cent in financial ensuring the control goal of input
transactions. accuracy?
A. worm A. line counts
B. salami slicing B. document/record counts
C. logic bomb C. item counts
D. Trojan horse D. hash totals
128. 75. A(n) ____ reflects a system's key D. entity- 135. 77. An employee of a warehouse is B. executing
entities and the relationship among relationship responsible for taking a computer- events
them. diagram generated shipping list, pulling the items
A. data flow diagram from the warehouse shelves and placing
B. relational table them on a cart which is transferred to
C. program flowchart shipping when the list is completely filled.
D. entity-relationship diagram This is an example of:
A. authorizing events
129. 75. Specifications for availability, B. service-level
B. executing events
reliability, performance, capacity for requirements
C. recording events
growth, levels of user support,
D. safeguarding resources
disaster recovery, security, minimal
system functionality, and service 136. 77. Establishing a viable internal control B.
charges are included in: system is primarily the responsibility of: management
A. application documentation A. the external auditors
B. service-level requirements B. management
C. business continuity plan C. programmers
D. security plan D. government authorities
130. 75. Which batch control total C. hash totals 137. 77. In an entity-relationship diagram, ____ are C. diamonds
generally has no other purpose than used to show the characteristics of
control? relationships.
A. dollar totals A. squares
B. record counts B. circles
C. hash totals C. diamonds
D. item counts D. parallelograms
138. 77. When they are sent to a customer and D. 144. 79. In a(n) ____ database model, records are A.
returned with the payment, remittance turnaround organized in a pyramid structure. hierarchical
advices are examples of: documents A. hierarchical
A. batch control totals B. relational
B. computer-prepared documents C. network
C. written approval controls D. object-oriented
D. turnaround documents
145. 79. The information process control goal A. ensure
139. 78. A data model depicts the requirements C. user which relates to preventing fictitious events input
for data as specified by the: from being recorded is termed: validity
A. database A. ensure input validity
B. enterprise B. ensure input accuracy
C. user C. ensure input completeness
D. database administrator D. ensure effectiveness of operations
140. 78. An outside auditing firm annually D. 146. 79. Which of the following controls requires B.
supervises a physical count of the items in a safeguarding that documents be numbered sequentially or sequence
retail store's shelf inventory. This is an resources prenumbered before it can be check
example of: implemented?
A. authorizing events A. completeness check
B. executing events B. sequence check
C. recording events C. batch total matching
D. safeguarding resources D. key verification
141. 78. As a result of an inadequate design, a B. ensure 147. 80. A business event which is not properly A. an
production process yields an abnormally efficient authorized is an example of: invalid item
high amount of raw material scrapped. employment A. an invalid item
Which control goal is being violated? of resources B. an inaccurate item
A. ensure effectiveness of operations C. an incomplete item
B. ensure efficient employment of D. an unusual item
resources
148. 80. A clerk receives checks and customer A.
C. ensure security of resources
receipts in the mail. He endorses the checks, recording
D. ensure input accuracy
fills out the deposit slip, and posts the and
142. 78. Which of the following activities is not D. a person checks to the cash receipts events data. The executing
part of the computer agreement of batch reconciles clerk is exercising which functions? events
totals? the manual A. recording and executing events
A. a batch total is manually established and and B. authorizing and executing events
entered into the computer prior to data computer C. recording and authorizing events
entry. batch totals. D. safeguarding of resources and authorizing
B. data shown on source documents are key events
entered or scanned.
149. 80. Inputting a range of numbers comprising B. batch
C. the computer produces a report that
a batch and then inputting each serially sequence
includes a batch total.
numbered document is characteristic of the check
D. a person reconciles the manual and
control plan called:
computer batch totals.
A. cumulative sequence check
143. 79. A warehouse supervisor prepares a sales C. B. batch sequence check
order listing items to be shipped to a authorizing C. suspense file of missing numbers
customer and then signs it approving the and D. computer agreement of batch totals
removal of the items from the warehouse. executing
150. 80. The ____ database model works well for A.
The supervisor is performing which events
simple data structures, but falls apart quickly Hierarchical
functions?
when the data becomes more complex.
A. authorizing events and safeguarding of
A. Hierarchical
resources
B. Relational
B. executing and recording events
C. Network
C. authorizing and executing events
D. object-oriented
D. authorizing and recording events
151. 81. Achieving which control goal requires C. ensure 157. 82. Failing to record a customer's order for B. ensure
that all valid objects or events are input the purchase of inventory violates the input
captured and entered into a system's completeness control goal of: completeness
database once and only once? A. ensure input accuracy
A. ensure input validity B. ensure input completeness
B. ensure update accuracy C. ensure input validity
C. ensure input completeness D. ensure input accuracy and input validity
158. 82. The process of encoding data so that it B. encryption
152. 81. In a(n) ____ database model, a child C. network may only be read by someone having a
record may have more than one parent. key is called:
A. hierarchical A. a coding scheme
B. relational B. encryption
C. network C. dependency checks
D. object-oriented D. check digit
153. 81. When segregation of duties cannot be B. 159. 83. Discrepancies between data items C. ensure
effectively implemented because the compensatory recorded by a system and the underlying input
organization is too small, we may rely on controls economic events or objects they accuracy
a more intensive implementation of other represent are a violation of the control
control plans such as personnel control goal of:
plans. This is called: A. ensure input validity
A. collusion controls B. ensure input completeness
B. compensatory controls C. ensure input accuracy
C. authorizing controls D. ensure update completeness
D. inventory controls
160. 83. In a(n) ____ database model, data are B. relational
154. 81. Which of the following statements C. A tickler logically organized into two-dimensional
related to tickler files is false? file addresses tables.
A. A tickler file is reviewed on a regular the control A. hierarchical
basis for items that do not clear the file on goal of B. relational
a timely basis. update C. network
B. A tickler file can consist of documents accuracy. D. object-oriented
or computer records.
161. 83. Plaintext is a term associated with ____. D. data
C. A tickler file addresses the control goal
A. coding schemes encryption
of update accuracy.
B. hash totals
D. A tickler file addresses the control goal
C. programmed edit checks
of input completeness.
D. data encryption
155. 82. A method of separating systems D. operating
162. 83. Which of the following control plans is B. occasional
development and operations is to prevent the computer
not a retention control plan? performance
programmers from:
A. creative and challenging work evaluations
A. performing technical services
opportunities
B. performing database administration
B. occasional performance evaluations
C. handling accounting operations
C. competitive reward structure
D. operating the computer
D. viable career paths
156. 82. ____ databases include abstract data D. object-
163. 84. Assuring that the accounts receivable D. ensure
types that allow users to define oriented
master data reflects all cash collections update
characteristics of the data to be stored
recorded in the cash receipts event data completeness
when developing an application.
addresses the control goal of:
A. hierarchical
B. relational
C. network
C. ensure update accuracy
D. object-oriented
164. 84. Personnel development control plans A. checking 170. 86. Object-oriented databases: A. include
consist of each of the following except: employment A. include abstract data types abstract data
A. checking employment references references B. organize data in two-dimensional tables types
B. providing sufficient and timely training C. are inferior to relational databases
C. supporting employee educational D. are used by most organizations
interests and pursuits
171. 86. Which of the following is a control goal B. ensure
D. performing scheduled evaluations
regarding master data? update
165. 84. The use of information systems facilities D. data A. ensure input validity accuracy
to focus on the collection, organization, warehousing B. ensure update accuracy
integration, and long-term storage of C. ensure input accuracy
entity-wide data is known as: D. ensure input completeness
A. data independence
172. 87. A control plan that is designed to B. forced
B. data mining
detect a fraud by having one employee vacations
C. data redundancy
periodically do the job of another
D. data warehousing
employee is called:
166. 85. Assuring that cash collections recorded C. ensure A. segregation of duties
in the cash receipts event data are credited update B. forced vacations
to the right customer in the accounts accuracy C. periodic audits
receivable master data addresses the D. management control
control goal of:
173. 87. If attribute A determines a single value C.
for attribute B at any time, we say that functionally
attribute B is ____. dependent on
A. a parent of attribute A attribute A
B. a child of attribute A
167. 85. In an object-oriented database model, C. both C. functionally dependent on attribute A
what types of objects can be stored through simple and D. networked to attribute A
use of abstract data types, inheritance, and complex
174. 87. Why is there usually no control goal A. Input and
encapsulation?
called update validity? update
A. simple
A. Input and update completeness achieve completeness
B. complex
update validity. achieve
C. both simple and complex
B. Input validity guarantees update validity. update
D. neither simple nor complex
C. Update accuracy guarantees update validity.
168. 85. The primary reasons for performing D. develop validity.
regular employee performance reviews a strategy D. Input accuracy achieves update validity.
include all of the following except: for filling
175. 88. A mechanism by which a company is B. fidelity
A. determine whether an employee is necessary
reimbursed for any loss that occurs when bond
satisfying the requirements indicated by a positions
an employee commits fraud is called a:
job description
A. segregation of duties
B. assess an employee's strengths and
B. fidelity bond
weaknesses
C. personnel planning control
C. assist management in determining salary
D. termination control plan
adjustments, promotions, or terminations
D. develop a strategy for filling necessary 176. 88. A programming error causes the sale C. ensure
positions of an inventory item to be added to the update
quantity on hand attribute in the inventory accuracy
169. 86. A policy that requires employees to C. rotation
master data. Which control goal was not
alternate jobs periodically is called: of duties
achieved?
A. segregation of duties
A. ensure update completeness
B. forced vacations
B. ensure input accuracy
C. rotation of duties
D. personnel planning
D. ensure input completeness
177. 88. A relation that is in ____ form A. unnormalized 183. 90. These are applied to all IT service C. IT
contains repeating attributes within activities. general
each row or record. A. control goals controls
A. unnormalized B. control plans
B. first normal (1NF) C. IT general controls
C. second normal (2NF) D. the control matrix
D. third normal (3NF)
184. 91. A tool designed to assist you in C. control
178. 89. A relation is in second normal form B. no non-key evaluating the potential effectiveness of matrix
(2NF) if it is in first normal form (1NF) attribute is controls in a business process by matching
and: dependent on control goals with relevant control plans is:
A. if the only determinants it contains only a portion of A. ERM
are candidate keys. the primary key. B. control plans
B. no non-key attribute is dependent C. control matrix
on only a portion of the primary key. D. internal controls
C. it does not contain any repeating
185. 91. Instructions for computer setup, required C.
groups.
data, restart procedures, and error messages operations
D. computed fields are eliminated.
are typically contained in a(n): run manual
179. 89. The business process objectives A. control goals A. systems development standards manual
that an internal control system is B. program documentation manual
designed to achieve are: C. operations run manual
A. control goals D. application documentation manual
B. control plans
186. 91. The applications approach to business C. has data
C. general controls
event processing: redundancy
D. the control matrix
A. concentrates on integrated applications
180. 89. Which of the following personnel B. fidelity bonding B. uses a central database
security control plans is corrective in C. has data redundancy
nature as opposed to being a D. none of the above
preventive or detective control plan?
187. 92. Application documentation that describes B. user
A. rotation of duties
the application and contains instructions for manual
B. fidelity bonding
preparing inputs and using outputs is a(n):
C. forced vacations
A. operations run manual
D. performing scheduled evaluations
B. user manual
181. 90. Of the following options, a D. third normal C. program documentation
database that is in ____ form has the (3NF) D. systems documentation
best design.
188. 92. Information-processing policies and A. control
A. unnormalized
procedures that assist in accomplishing plans
B. first normal (1NF)
control goals are known as:
C. second normal (2NF)
A. control plans
D. third normal (3NF)
B. control systems
182. 90. Personnel termination control C. establish a C. control objectives
plans might include all of the policy of forced D. control outcomes
following except: vacations
189. 92. Running an applications approach to B. data
A. require immediate separation
sales and inventory programs leads to: redundancy
B. identify the employee's reasons for
A. a central database
leaving
B. data redundancy
C. establish a policy of forced
C. higher efficiencies
vacations
D. reports that are easier to query
D. collect the employee's keys,
badges, etc.
190. 93. Alternative names for contingency C. business 198. 95. The approach to business A. the centralized
planning include all of the following except: disaster event processing in which facts database approach
A. disaster recovery planning planning are stored in a relational
B. business interruption planning database is:
C. business disaster planning A. the centralized database
D. business continuity planning approach
B. the applications approach
191. 93. Data flows that mirror and monitor A.
C. the logical approach
business operations are called ____ flows. horizontal
A. horizontal information information
B. vertical information 199. 96. Controls that stop problems A. preventive controls
C. Sequential from occurring are called:
D. master data A. preventive controls
B. detective controls
192. 93. ____ relate to a specific AIS process, such C. Business
C. corrective controls
as billing or cash receipts. process
D. programmed controls
A. Control procedures control
B. Information processing procedures plans 200. 96. In a DBMS, a complete C. Schema
C. Business process control plans description of the configuration
D. Operations system control plans of record types, data items and
the relationships among them is
193. 94. A data replication strategy where all data C.
known as:
changes are data stamped and saved to continuous
A. query language
secondary systems as the changes are data
B. Subschema
happening is called: protection
C. Schema
A. mirror site (CDP)
D. DML
B. electronic vaulting
C. continuous data protection (CDP) 201. 96. Which of the following D. The most effective
D. Dumping statements related to denial of attacks originate from a
service attacks is false? small cluster of
194. 94. Control plans that relate to a multitude of C.
A. Insurance is available to computers in a remote
goals and processes are called: pervasive
offset the losses suffered by geographic region.
A. business process control plans control
denial of service attacks.
B. internal control systems plans
B. A denial of service attack is
C. pervasive control plans
designed to overwhelm a Web
D. management control systems
site, making it incapable of
195. 94. Data flows that provide a basis for B. vertical performing normal functions.
managerial decisions are called ____ C. Web sites can employ filters
information flows. to sense multiple messages from
A. horizontal a single site.
B. vertical D. The most effective attacks
C. sequential originate from a small cluster of
D. master computers in a remote
196. 95. All of the following are components of a A. echo geographic region.
backup and recovery strategy except: checking 202. 97. A control that involves C. corrective controls
A. echo checking reprocessing transactions that
B. mirror site are rejected during initial
C. electronic vaulting processing is an example of:
D. hot site A. preventive controls
197. 95. Control goals of operations processes D. security B. detective controls
include: of C. corrective controls
A. validity resources D. programmed controls
B. the control environment
C. accuracy
D. security of resources
203. 97. A ____ describes a portion of a DBMS' B. Subschema 208. 99. The correct sequence of C. control environment,
configuration of record types and data the control hierarchy, from pervasive controls, IT
items and the relationships among them. top to bottom, is: general controls, business
A. query language A. control environment, IT process controls
B. Subschema general controls, pervasive
C. Schema controls, business process
D. DML controls
B. business process controls,
204. 97. In an on-line computer system, D. wearing
IT general controls,
restricting user access to programs and identification
pervasive controls, control
data files includes all of the following badges
environment
except:
C. control environment,
A. user identification
pervasive controls, IT
B. user authentication
general controls, business
C. determining user access rights
process controls
D. wearing identification badges
D. business process controls,
205. 98. A process captures only authorized C. control environment,
transactions but fails to record them only Completeness pervasive controls, IT
once. Which control goal does this fail to general controls
achieve?
209. 99. Which of the following A. library controls
A. Validity
controls restrict access to
B. Accuracy
programs, data, and
C. Completeness
documentation?
D. Effectiveness
A. library controls
206. 98. Sending out an e-mail pretending to B. phishing B. password controls
be a legitimate business asking for C. authentication controls
information about a person's account is D. program change controls
called:
210. 99. Which of the following B. parent records can have
A. dumpster diving
statements is true of a many child records
B. phishing
hierarchical DBMS?
C. smoozing
A. child records can have
D. shoulder surfing
more than one parent record
207. 98. The way a user thinks of the data in a B. logical B. parent records can have
database is called the user's: view many child records
A. physical view C. the DBMS works well with
B. logical view complex data
C. data entry view D. all of the above
D. screen view
211. 100. This logs and monitors C. intrusion detection
who is on or trying to access systems (IDS)
an organization's network.
A. biometrics
B. electronic vaulting
C. intrusion detection
systems (IDS)
D. firewall
212. 100. Which of the following statements is C. both a 219. 105. In the applications approach to B.
true of a network database model? and b business event processing, a data change inconsistent
A. child records can have more than one in one application before updating data
parent record another application could lead to:
B. parent records can have many child A. Update
records B. inconsistent data
C. both a and b C. Additions
D. none of the above D. Deletions
213. 101. Protecting resources against D. rotation 220. 106. A(n) ____ depicts user requirements for D. all of the
environmental hazards might include all of of duties data stored in a database. above
the following control plans except: A. data model
A. fire alarms and smoke detectors B. entity-relationship model
B. waterproof ceilings C. E-R diagram
C. voltage regulators D. all of the above
D. rotation of duties
221. 107. In creating an entity-relationship C. identify
214. 101. The model that only works well for A. diagram, the correct sequence of steps is: entities,
simple data structures is the: hierarchical A. create tables, identify entities, identify identify
A. hierarchical database model database relationships relationships,
B. network database model model B. identify relationships, identify entities, create tables
C. relational database model create tables
D. object-oriented database model C. identify entities, identify relationships,
create tables
215. 102. Searching through rubbish for system A.
D. create tables, identify relationships,
information such as passwords is called: scavenging
identify entities
A. scavenging
B. phishing 222. 108. For the following diagram, which item A. Students
C. smoozing is the entity?
D. shoulder surfing
223. 109. The mapping of the relationships D. E-R
216. 102. The model that logically organizes data C. relational between entities would be used in the diagram
into two-dimensional tables is the: database development of a(n):
A. hierarchical database model model A. context diagram
B. network database model B. physical DFD
C. relational database model C. logical DFD
D. object-oriented database model D. E-R diagram
217. 103. The model that includes abstract types D. object- 224. 110. Which of the following is not a C. one-to-few
that allow users to define data to be stored oriented relationship type?
in the database is the: database A. one-to-many
A. hierarchical database model model B. one-to-one
B. network database model C. one-to-few
C. relational database model D. many-to-many
D. object-oriented database model
225. 111. Which of the following database types A. Relational
218. 104. A unique identifier that serves as an B. the has dominance in contemporary systems?
address for each row in a database is called: primary key A. Relational
A. the query B. object-oriented
B. the primary key C. Network
C. the composite key D. Hierarchical
D. the form
226. 112. Each relationship in an E-R diagram C. Cardinality
has a ____ that shows the degree to which
each entity participates in the relationship.
A. maximum cardinality
B. Identifier
C. Cardinality
D. primary key
227. 113. A decision maker prepares a D. decision support 232. 118. A software program that may be C.
presentation in a suitable format for system (DSS) integrated into DSS or other software tools is intelligent
a given decision at a given point in a(n): agent
time when using a(n): A. group support systems
A. neural network (NN) B. executive information system
B. expert system (ES) C. intelligent agent
C. group support system (GSS) D. neural networks
D. decision support system (DSS)
228. 114. The principal difference between B. is primarily
an executive information system about collecting
(EIS) and a decision support system and presenting
(DSS) is that an EIS: information without
A. suggests to the user the best doing additional
choice from among alternative processing or
courses of action whereas the DSS calculations
merely provides information that
could assist in making the decision
B. is primarily about collecting and
presenting information without doing
additional processing or calculations
C. uses both external and internal
data whereas a DSS does not
D. employs decision models whereas
a DSS does not
229. 115. The information system which D. expert system
emulates the problem-solving (ES)
techniques of humans is called a(n):
A. executive information system (EIS)
B. group support system (GSS)
C. decision support system (DSS)
D. expert system (ES)
230. 116. Which of the following C. They only work
statements about expert systems well for simple
(ES) is false: decisions.
A. They can help provide a
competitive advantage.
B. They are sometimes used as part
of a down-sizing strategy.
C. They only work well for simple
decisions.
D. They can be used to train new
employees.
231. 117. The computer-based system of D. neural networks
hardware and software that mimics
the human brain's ability to recognize
patterns or predict outcomes using
less-than-complete information is
referred to as:
A. group support systems
B. executive information system
C. decision support system
D. neural networks

Combinepdf PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Combinepdf PDF

Uploaded by

Copyright:

Available Formats

B1-1: Internal Control Framework

Study online at quizlet.com/_6ht2en

4) Commitment to Competence - hire, 4) Risk identification and analysis - how

financial statement information is the representation of the owners of the business.

reviewing the contract with the service organization.

inquiry with management of the service organization.

reviewing a report on internal controls provided by the service organization's auditors.

sending a confirmation concerning internal controls to the service organization's auditors.

The investors relied on the financial statements audited by AOW.

obtain knowledge about the client's business.

evaluate the assumptions used in preparing the projection.

confirm expected sales with customers.

identify key factors affecting the information.

PCAOB AS 2201, "An Audit of Internal Control over Financial

Extensible Business Reporting Language (XBRL) provides a

increases the speed of handling of financial data.

reduces the chance of error.

improves the full disclosure of financial information.

permits automatic checking of information.

financial statement information is the representation of the owners of the business.

an assurance service engagement.

Inquire about the accounting system and bookkeeping procedures.

Obtain an attorney's letter regarding litigation and unasserted claims.

In an agreed-upon procedures engagement, an accountant:

follows all of the fundamental principles of GAAS.

restricts the report to specified users.

includes negative assurance in the report.

gives a qualified audit report.

An audit engagement to render an opinion on the entity's internal control structure.

an attestation was not performed.

management had not established sufficient criteria for an opinion to be issued.

the auditor is providing negative assurance.

a disclaimer of opinion is presented.

They relied on the materially misstated financial statements.

Breach of Contract Negligence

The investor relied on the financial statements.

An accountant may allow general distribution of reports based on

WebTrust and SysTrust Services.

XBRL and SysTrust Services.

WebTrust and XBRL Services.

all AICPA designated assurance services.

internal control over financial reporting.

Both civil liability provisions applicable to auditors and criminal liability

A report to the clients' board of directors at the close of the engagement.

Examination report on a forecast.

Contributory negligence on the part of the client.

have no obligation concerning the internal controls at the service organization.

must audit the internal controls at the service organization.

An SEC guarantee that the information in the registration

An attestation engagement to examine and report on

An audit engagement to render an opinion on the entity's

A prospective engagement to project, for a period of time

A consulting engagement to provide constructive advice to

The act relates to the initial issuance of securities to the

2. A) Which symbol would be used in a flowchart to

Which symbol would be used in a flowchart to

Which symbol would be used in a flowchart to

The correct label for Shape 3 in the

Which symbol would be used in a flowchart to represent

Which symbol would be used in a flowchart to represent

Which symbol would be used in a flowchart to

a. The data flow diagram follows DFD