To be valuable business partners, accountants must understand how the A systems analyst analyzes a business problem that might

ght be addressed
business delivers value to its employees. by an information system and recommends software or systems to
address that problem.
Select one:
Select one:
True
True
False
Accounting Information Systems at this date are all computerized. False
Which designation would most appropriate for those professionals
Select one: possessing an IT audit, control and security skills?
True Select one:
False a. Certified Public Accountant (CPA)
Which of the following is not an Accounting/Finance Operations role of b. Certified Information Systems Auditors (CISA)
the Accounting/Finance Function in Business?
c. Certified Internal Auditor (CIA)
Select one:
a. Financial close-completing period end accounts d. Certified Information Technology Professional (CITP)
Documentation can be thought of as a tool for information transmission
b. Stakeholder assurance and communication.
c. Financial consolidation, reporting and analysis Select one:
d. People management True
A business model is typically a graphical depiction of the essential
business process information. False
Information is defined as being data organized in a meaningful way to be
Select one: useful to the user.
True Select one:
False True
The Certified Information Systems Auditor (CISA) is a professional
designation generally sought by those performing IT audits. False
Relevant information is that information that is free from bias and error.
Select one:
Select one:
True
True
False
False
Because business models are simpler than the processes they depict,
they are limited in their ability to integrate local views of a process. d. Determining staffing
Which of the following best describes the purpose of an activity model?
Select one:
True Select one:
a. None of the choices.
False
Which of the following is not a purpose of documentation? b. An activity model describes the sequence of workflow in a business
process.
Select one:
c. An activity model depicts data structures.
a. Training
d. An activity model constrains and guides process operations.
b. Describing current processes
Information overload is defined as the difficulty a person faces in
c. Establishing accountability understanding a problem and making a decision as a consequence of too
much information.

Select one:
True True

False False
The main financial benefit of Customer Relationship Management The characteristics of reliable information are that the information is
practices reduces the cost of goods sold. verifiable, without bias and timely.

Select one: Select one:

True True

False False
In Business Process Modeling Notation (BPMN), activities are named Well-designed and well-functioning AIS can be expected to create value
with a short verb phrase placed within the rectangle. by providing relevant information helpful to management to increase
revenues and reduce expenses.
Select one:
Select one:
True
True
False
Service Activities as defined in the value chain are those activities that False
provide the support of customers after the products and services are sold Documentation helps with training but won't help with regulatory
to them (e.g. warranty repairs, parts, instruction manuals, etc.). compliance issues.

Select one: Select one:

 Select one:
True
a. Indicates the minimum multiplicities for an association
False
b. Matches values of foreign keys in other classes
In Unified Modeling Language (UML) Class diagrams, a Class is
represented by a rectangle. c. Allows linking two or more tables
Select one: d. Uniquely identifies each instance of the class
True Which of following are possible options for minimum multiplicities?

False Select one:

Which of the following would be least likely to be represented with a a. 0 and 1
Unified Modeling Language (UML) Class?
b. * and 1
Select one:
c. 0, 1, and *
a. The employee driving the truck
d. 0 and *
b. Trucks
Unified Modeling Language (UML) Class diagrams describe the logical
c. The number of trucks used in the delivery structure of a database system.

d. The customer receiving the delivery Select one:

Which of the following is not something a model of database structures True
must be able to describe?
False
Select one:
A Class is a separately identifiable collection of business relationships.
a. The cardinalities that describe how many instances of one entity can
be related to another Select one:

b. The sequence that entities are accessed True

c. The entities or things in the domain of interest False

d. The attributes or characteristics of the entities and relationships
The Object Management Group maintains the standard for Unified
Modeling Language (UML) Class diagrams.
Select one:
True
False
Which of the following best describes the purpose of a primary key?
Which of the following is the best description of an association?
Select one:
a. A group of classes
b. The lines in a UML Class diagram
c. The relationship between two classes
d. The number of times one class is related to another
In Unified Modeling Language (UML) Class diagrams, Associations are Select one:
represented by dashed lines.
a. Avoid crossing lines whenever possible.
Select one:
b. Opt for simplicity.
True
c. Avoid confusing abbreviations.
False
d. Model each process separately.
In Unified Modeling Language (UML) the options for maximum multiplicity
values are 0 and *. In Unified Modeling Language (UML) attributes are characteristics of
individual instances of a Class.
Select one:
Select one:
True
True
False
False
Which of the following is not a form of business rules?
In Unified Modeling Language (UML) the options for minimum multiplicity
Select one: values are 1 and *.

a. Allowed Select one:

b. Obligatory True

c. Compulsory False
Which of the following is not a step in using a Unified Modeling Language
d. Prohibited
(UML) Class model to prepare a database?
In Unified Modeling Language (UML) the options for maximum multiplicity
values are 1 and *. Select one:

Select one: a. Map Classes to Tables.

True b. Map Associations to Primary Keys.

False c. Map Associations to Foreign Keys.

In Unified Modeling Language (UML) the options for minimum multiplicity d. Map Attributes to Table Fields.
values are 0, 1, and 2.
Which of the following statements about foreign keys is not true?
Select one:
Select one:
True
a. A foreign key can be a combination of attributes.
False b. A foreign key cannot be NULL.
Which of the following is not a best practice in preparing Unified Modeling
Language (UML) Class diagrams? c. Foreign keys support a defined association.
 business operations. Which of the following systems is most effective for
d. Foreign key must match values of the linked primary key. this application?
Which of the following is not a criterion for selection of a primary key?
Select one:
Select one: a. An enterprise resource planning system.
a. The primary key cannot be NULL (blank). b. A decision support system.
b. Longer key values are better than shorter key values. c. An office automation system.
c. The primary key should be controlled by the organization assigning it.
d. An executive support system.
d. Primary keys with sequential values make it easier to spot gaps in the In Microsoft Access, we use tables in a database for:
data.
Select one:
Which of the following tasks cannot be performed through queries in
access? a. Data retrieval
Select one: b. Data entry
a. Retrieve and display data c. Two of the choices are correct.
b. Data sorting d. Data storage
c. Calculations of data Which of the following correctly describes the Referential Integrity Rule?

d. Enter data into tables Select one:

Three types of data models used today are: the hierarchical model, the a. The data value for a foreign key could be null
network model and the relational model.
b. Values of a specific attribute must be of the same type
Select one:
c. Each attribute in a table must have a unique name
True
d. The primary key of a table must have data values (cannot be null)
False In a hierarchical data model, data elements are related in many-to-many
The SQL command "Group by" can be used to order an amount in a relationships.
descending order.
Select one:
Select one:
True
True
False
False Which type of data models allows each record to have multiple parent
A company would like to implement a management information system and child records?
that integrates all functional areas within an organization to allow
information exchange and collaboration among all parties involved in Select one:
a. The hierarchical mode False
b. The network model In Access, users can edit database information in reports.

c. The relational model Select one:

d. None of the choices True

Queries in Access are utilized by users to enter data into tables and view False
existing records.
What kind data model is most commonly used as a basis for today's
Select one: enterprise systems?

True Select one:

False a. The network model

Classes could be grouped into Resources (R), Entity (E), and Assets (A) b. None of the choices
in data modeling.
c. The relational model
Select one:
d. The hierarchical mode
True
Cloud computing is an internet-based computing where shared
False resources, software, and information is provided to firms on demand.
An enterprise resource planning system has which of the following Select one:
advantages over multiple independent functional systems?
True
Select one:
False
a. Modifications can be made to each module without affecting other
modules. The property of the primary key in a table in Microsoft Access should be
set to:
b. Increased responsiveness and flexibility while aiding in the decision-
making process. Select one:

c. Increased amount of data redundancy since more than one module a. "Yes (No Duplicates)"
contains the same information. b. "Yes (No Duplicates)"
d. Reduction in costs for implementation and training. c. "NO" and the Indexed field
The asterisk (*) following the SELECT SQL statement is a wild card
d. "Yes" and the Indexed field
indicating all columns should be selected.
e. "NO" and the Indexed field
Select one:
f. The Required field
True
g. "Yes (Duplicated)"
h. "No (Duplicates)" False
i. The Required field Business Process Modeling Notation (BPMN) activity diagrams depict
activities as circles.
j. The required field
Select one:
k. The Required field
True
l. "Yes", the Indexed field
Which of the following is considered as class in the relational database False
model? Consider an association between a Sales class and an Inventory class in
a Unified Modeling Language (UML) Class diagram. The multiplicities
Select one: next to the Sales class are 0..* and the multiplicities next to the Inventory
class are 1..*. Which of the following is the best way to implement that
a. All of the choices are correct
association in your database?
b. Customer
Select one:
c. Cash
a. Post the primary key of Inventory as a foreign key in Sales.
d. Sale b. None of the choices.
The "Where" SQL clause can be used to link two tables.
c. Post the primary key of Sales as a foreign key in Inventory.
Select one:
d. Create a linking table.
True
Gateways show decisions and possible branching as a result of the
decision.
False
Which SAP modules would a manufacturing company use to create a Select one:
delivery order for a sales transaction?
True
Select one:
False
a. Logistics Execution
According to a recent study, the informate-up IT strategic role is defined
b. Materials Management as systems that:

c. Production Planning and Control Select one:

d. Sales and Distribution a. replacing human labor in automating business processes

Access offers modules, which are defined by users to automate b. provide information about business activities to senior management
processes like opening a specific form.
c. fundamentally redefine business processes and relationships
Select one:
d. provides information about business activities to all employees
True
Access is a simple database management system that can be used to Many hospitals and doctor's offices are beginning to digitize the medical
run databases for individuals and small firms. records of their patients. This is an example of the ____________
strategic role.
Select one:
Select one:
True
a. Informate - up
False
b. Transform
Which of the following best describes the purpose of a gateway in a
Business Process Modeling Notation (BPMN) activity diagram? c. Informate - down
Select one: d. Automate
a. Controls branching and merging. Business Process Modeling Notation (BPMN) activity diagrams depict
events as circles.
b. Affects the flow of the business process.
Select one:
c. Describes the sequence of workflow.
True
d. Shows where the work takes place.
Which set of multiplicities correctly shows the relationship between the False
Cash Collection table and the Sales table in modeling cash sales? Check

Select one: Which of the following is not a building block for Business Process
Modeling Notation (BPMN) diagrams?
a. Cash Collection (1..N) - Sale (1..1)
Select one:
b. Cash Collection (1..N) - Sale (1..1)
a. Sequence flows
c. Cash Collection (1..1) - Sale (1..N)
b. Events
d. Cash Collection (1..1) - Sale (1..1)
c. Associations
Check

Which of the following statements about the requirements of table design d. Gateways
is incorrect? A generalization relationship models a grouping of things that share
common characteristics.
Select one:
Select one:
a. Each attribute in a table must have a unique name.
True
b. Each attribute (column) of a record (row) must be single-valued.
c. All other non-key attributes in a table must describe a characteristic of False
the class (table) identified by the foreign key. Which of the following symbols depicts an activity?

d. Values of a specific attribute must be of the same type. Select one:

 the following is the best way to implement that association in your
a. A circle with a wide single line perimeter database?
b. A circle with a double line perimeter Select one:
c. A rectangle a. Post the primary key of Cash Accounts as a foreign key in Cash
Disbursements.
d. An arrow
In Unified Modeling Language (UML) primary keys may be blank. b. None of the choices.

Select one: c. Create a linking table.

True d. Post the primary key of Cash Disbursements as a foreign key in Cash
Accounts.
False Production of a 1040 tax form from the AIS to be delivered to the Internal
An aggregation relationship is a form of generalization relationships. Revenue Service is an example of discretionary information.

Select one: Select one:

True True

False False
The Sarbanes-Oxley Act of 2002 is a federal law in the United States that n Unified Modeling Language (UML) foreign keys allow tables to be
set new and enhanced standards for all U.S. public companies, linked together in a database.
management and public accounting firms.
Select one:
Select one:
True
True
False
False An enterprise system is primarily used to manage and nurture a firm's
An activity can depict a single action or some logical combination of interactions with its current and potential clients.
actions depending on the required level of detail to achieve the objectives
of the business process analysis. Select one:

Select one: True

True False
In Unified Modeling Language (UML) primary keys cannot by NULL.
False
Consider an association between a Cash Disbursements class and a Select one:
Cash Accounts class in a Unified Modeling Language (UML) Class
True
diagram. The multiplicities next to the Cash Disbursements class are 0..*
and the multiplicities next to the Cash Accounts class are 1..1. Which of
False
CRM software often includes the use of database marketing tools to learn Entity-relationship diagrams (ERDs) are similar in content and purpose to
more about the customers and to develop strong firm-to-customer Unified Modeling Language (UML) Class diagrams. Which of the
relationships. following is not a basic building block of ERDs?

Select one: Select one:

True a. Entities

False b. Attributes
A Query in a program language can be used to c. Relationships
Select one: d. Associations
a. Retrieve data To convert a conceptual model with a maximum Multiplicities relationship
of "many to many" into relationship database tables, one must
b. Report data
Select one:
c. All of the choices
a. Create a relationship table to handle the many-to-many relationship.
d. Update data
b. Many-to-many relationship cannot be represented in Access.
Consider an association between a Customers class and a Sale class in
a Unified Modeling Language (UML) Class diagram. The multiplicities c. Create a foreign key in one of the tables to link the two tables.
next to the Customers class are 1..1 and the multiplicities next to the Sale
class are 0..*. Which of the following is the best way to implement that d. Create a relation with no attributes of its own.
association in your database? Which of the following is a well-formed business rule?
Select one: Select one:
a. Post the primary key of Sales as a foreign key in Customers. a. Customers may not be under 18 years of age.
b. Post the primary key of Customers as a foreign key in Sales. b. Customers must pay in U. S. dollars.
c. Create a linking table. c. Customers must be over 18 years of age.
d. None of the choices. d. All of these are well-formed business rules.
The income statement account most likely affected by an AIS investment While hierarchical and network data models require relationships to be
in customer relationship management (CRM) would be: formed at the database creation, relational data models can be made up
Select one: as needed.

a. Cost of Goods Sold Select one:

b. Revenues True

c. Selling, General and Administrative Expenses False

d. Unearned Revenue
BPMN models can describe the collaboration between two organizations
using pools. a. Access controls implement business rules and application controls do
not.
Select one:
b. Access controls are "prohibited" business rules and application
True controls are "allowed" business rules.

False c. There is no difference between access and application controls.

In a BPMN collaboration model of the purchase process, one pool d. Access controls limit who can change records and application controls
describes the focal organization's activities and the other pool describes provide an audit trail of any changes.
what?
A BPMN process flow can start in one pool and end in the collaborating
Select one: pool. 

a. The customer's activities Select one:

b. The message flows between the pools True

c. The supplier's activities False

d. The sequence of steps in the process
Which of the following best describes the purpose of an intermediate
error event?
In a BPMN collaboration model of the purchase process, which of the
following is the appropriate term for the message flows between pools?
Select one:

Select one: a. Intermediate events

a. Show the interchange between two pools. b. Collaboration

b. Illustrate process flow when an exception occurs. c. Choreography

c. Contain a series of activities that are hidden from view. d. Orchestration

Many companies record both purchase orders and purchases; when
d. Depict the sequence of activities in one pool.
would such a company recognize the purchase?
The Purchase Orders table would have five foreign keys.
Select one:
Select one:
a. When the purchase order is issued.
True
b. When the products are sold.
False
c. When the supplier receives the purchase order.
Which of the following best describes the difference between access
controls and application controls? d. When the products are received from the supplier and accepted.
Select one: The association between Purchase Orders and Products would be
implemented with a linking table.
Select one:
a. Issue raw material
True
b. Perform, work and account for labor
False c. Authorize production
The Purchase Orders table would contain two foreign keys to implement
the associations with Employees. d. Ship products to stores
Select one: A labor plan class would establish standard overhead allocation rates.

True Select one:

True
False
Conversion labor costs become part of cost of goods sold. False
Select one: Check

True Review the following diagram. Which answer provides the best
interpretation of the multiplicities for the association between the
False Employees and Production Authorization classes?
Business rules describe appropriate actions to take based on process Select one:
conditions.
a. Employees manage multiple products.
Select one:
b. One employee can authorize production multiple times.
True
c. The employee records the completion of a job and updates finished
False goods.
Review the following diagram. Which answer provides the best
interpretation of the multiplicities for the association between the d. Each production authorization results in the increase to the quantity on
Products and Production Authorization classes? hand of one product.
Which of the following least reflects the purpose of a business rule in the
Select one: conversion process?
a. One employee can authorize production multiple times. Select one:
b. The employee records the completion of a job and updates finished a. Limiting who can view and change records in the system
goods.
b. Segregating authorizing, issuing, and conversion work duties
c. Each production authorization is related to one product.
c. Assuring that all products meet quality standards
d. Each product is related to one production authorization.
Which of the following is not a basic activity in the conversion process? d. Ensuring no production without a customer order
Gateways can direct sequence flow to support looping.
Select one:
Select one:
 True
False
Which of the following is the best reason that a collaboration model would
not be used to diagram the conversion process?
Select one:
a. The orchestration of the activities is not shown in a collaboration
model.
b. A collaboration model does not include swim lanes.
c. The choreography between pools is not shown in a collaboration
model.
d. All conversion activities are internal to the organization.
Application controls limit access to viewing and changing records in a
system.
Select one:
True
False
Consider the following BPMN diagram of a sub process. Which of the
following is required to correct an error in the diagram?
Select one:
a. Change the intermediate event to a start event.
b. Add a sequence flow to an end event after the discard errors activity.
b. Tracks completion of work in process and increase to finished goods
inventory.
c. Shows the participation of employees in the process.
d. Indicates issue of raw material into the process.
Which of the following types of businesses is least likely to employ a
conversion process?
Select one:
a. Restaurant
b. Retail store
c. Machine shop
d. Bakery
Which of the following is the best reason that a collaboration model would
not be used to diagram the conversion process?
Select one:
a. The orchestration of the activities is not shown in a collaboration
model.
b. A collaboration model does not include swimlanes.
c. The choreography between pools is not shown in a collaboration
model.
d. All conversion activities are internal to the organization.
Which of the following is not a basic activity in the conversion process?

c. Drop the activity named Discard Errors. Select one:

d. Change the intermediate error event to an exclusive gateway a. Issue raw material
In a basic UML diagram of the conversion process, which of the following b. Authorize production
best describes the purpose of a duality association?
c. Perform work and account for labor
Select one:
d. Ship products to stores
a. Links work in process events to the original production authorization.
Which of the following best describes the purpose of a bill of material
class?
Select one:
c. Control activities.
a. Links each raw material item to one or more finished good items.
d. Risk assessment.
b. Shows the raw material usage variance.
Which of the following represents an inherent limitation of internal
c. Shows the issues of raw material items into work in process. controls?

d. Links finished goods to production. Select one:

Which of the following best describes the purpose of an intermediate a. Customer credit check not performed.
error event?
b. Shipping documents are not matched to sales invoices.
Select one:
c. Bank reconciliations are not performed on a timely basis.
a. Waits for external messages
d. The CEO can request a check with no purchase order.
b. Ends a process
In a large pubic corporation, evaluating internal control procedures
c. Directs sequence flow when an activity aborts should be responsibility of:

d. Delays the sequence until a specified time Select one:

According to the Sarbanes-Oxley Act of 2002, it is the responsibility of a. Security management staff who report to the chief facilities officer.
the Board of Directors to establish and maintain the effectiveness of
internal control. b. Accounting management staff who report to the CFO.

Select one: c. Internal audit staff who report to the board of directors.

True d. Operations management staff who report to the chief operation

The Sarbanes-Oxley Act of 2002 (SOX) 2002 requires the management
False of all companies and their auditors to assess and report on the design
In a computerized environment, internal controls can be categorized as and effectiveness of internal control over financial reporting annually.
general controls and application controls.
Select one:
Select one:
True
True
False
False Segregation of duties reduces the risk of errors and irregularities in
According to COSO, which of the following components of the enterprise accounting records.
risk management addresses an entity's integrity and ethical values?
Select one:
Select one:
True
a. Internal environment.
False
b. Information and communication
 Check The risk of a company's internal auditing processes failing to catch the
misstated dollar amount of revenue on the company's income statement
Which of the following is the best way to compensate for the lack of is classified as inherent risk.
adequate segregation of duties in a small organization?
Select one:
Select one:
True
a. Replacing personnel every three or four years.
False
b. Allowing for greater management oversight of incompatible activities.
Which of the following control activities should be taken to reduce the risk
c. Requiring accountants to pass a yearly background check. of incorrect processing in a newly installed computerized accounting
system?
d. Disclosing lack of segregation of duties to external auditors during the
annual review. Select one:
Which of the following items is one of the eight components of COSO's a. Segregation of duties.
enterprise risk management framework?
b. Ensure proper authorization of transactions.
Select one:
c. Adequately safeguard assets.
a. Compliance.
d. Independently verify the transactions.
b. Operations.
Review of the audit log is an example of which of the following types of
c. Reporting. security control?

d. Monitoring. Select one:

Internal controls guarantee the accuracy and reliability of accounting a. Detective.
records.
b. Corrective.
Select one:
c. Preventive.
True
d. Governance.
False The chief executive officer is ultimately responsible for enterprise risk
Check management.

The main objective of the ISO 27000 series is to provide a model for Select one:
establishing, implementing, operating, monitoring, maintaining, and
improving information security. True

Select one: False

Which of the following is not a component of internal control as defined
True
by COSO?
False Select one:
a. Control activities. d. Edit check.
b. Control environment. Business rules are unrelated to COSO control activities, although they
serve an important purpose.
c. Monitoring.
Select one:
d. Inherent risk
True
COBIT (Control Objectives for Information and related Technology) is a
generally accepted framework for IT governance in the U.S. False
Select one: Given the requirement of the Sarbanes-Oxley Act of 2002 (SOX), the
Public Company Accounting Oversight Board (PCAOB) established the
True Securities and Exchange Commission (SEC) to provide independent
oversight of public accounting firms.
False
Processing controls are IT general controls. Select one:

Select one: True

True False
The Products table would include a foreign key to link it to Product
False Categories.
Which of the following statement is correct regarding internal control?
Select one:
Select one:
True
a. A well-designed and operated internal control environment should
detect collusion perpetrated by two people. False
Which of the following least reflects the purpose of a business rule in the
b. An inherent limitation to internal control is the fact that controls can be
conversion process?
circumvented by management override.
c. A well-designed internal control environment ensures the achievement Select one:
of an entity's control objectives. a. Ensuring no production without a customer order
d. Internal control in a necessary business function and should be b. Limiting who can view and change records in the system
designed and operated to detect errors and fraud.
c. Segregating authorizing, issuing, and conversion work duties
Which of the following is considered an application input control?

Select one: d. Assuring that all products meet quality standards

In a basic UML diagram of the conversion process, which of the following
a. Run control total. best describes the purpose of a duality association?
b. Reporting distribution log. Select one:
c. Exception report.
 Select one:
a. Tracks completion of work in process and increase to finished goods
inventory. True
b. Indicates issue of raw material into the process. False
c. Shows the participation of employees in the process. Check

d. Links work in process events to the original production authorization. An entity's ongoing monitoring activities often include
Control risk should be assessed in terms of Select one:
Select one: a. Periodic audits by the audit committee.
a. Specific controls. b. Reviewing the purchasing function.
b. Financial statement assertions. c. Control risk assessment in conjunction with quarterly reviews.
c. Control environment factors.
d. The audit of the annual financial statements.
d. Types of potential fraud. Refer to the following diagram. Which of the following answers does not
provide a valid interpretation of the multiplicities for the association
In a BPMN activity diagram, which of the following best describes the
between the Employees and the Product Categories classes?
purpose of an intermediate timer event?

Select one:
Select one:
a. All of the choices
a. Employees are assigned to manage product categories.
b. Indicates a delay to a relative date, such as next Thursday
b. Some employees do not manage at least one product category.
c. Represent a time delay
c. Each product category has one manager.
d. Indicates a delay to a specific date/time
Which of the following most likely would not be considered as an inherent d. Each product category can have no managers or multiple managers.
limitation of the effectiveness of a firm's internal control? All of the following are examples of internal control procedures except

Select one: Select one:

a. Management override. a. Insistence that employees take vacations

b. Collusion among employees. b. Using pre-numbered documents

c. Incompatible duties. c. Customer satisfaction surveys

d. Mistakes in judgment. d. Reconciling the bank statement

The linking table between Supplier Categories and Product Categories Internal control is a process consisting of ongoing tasks and activities. It
would contain the attribute summarizing year-to-date purchases for each is a means to an end, not an end in itself.
supplier category and product category combination.
Select one: Select one:
True True

False False
The Public Company Accounting Oversight Board (PCAOB) is not Segregation of duties is an example of a COSO control activity.
responsible for standards related to:
Select one:
Select one:
True
a. Accounting practice.
False
b. Quality control over attestation and/or assurance.
Management philosophy and operating style would have a relatively less
c. Auditing. significant influence on a firm's control environment when

d. Attestation. Select one:

Review the following diagram. Which answer provides the best a. The internal auditor reports directly to the controller.
interpretation of the multiplicities for the association between the
Employees and Production Authorization classes? b. Accurate management job descriptions delineate specific duties.

Select one: c. The audit committee does not have regular meetings.

a. Each production authorization results in the increase to the quantity on d. Management is dominated by one individual.
hand of one product. The overall attitude and awareness of a firm's top management and
b. One employee can authorize production multiple times. board of directors concerning the importance of internal control is often
reflected in its
c. Employees manage multiple products.
Select one:
d. The employee records the completion of a job and updates finished a. Computer-based controls.
goods.
An auditor assesses control risk because it b. Control environment.

Select one: c. Safeguards over access to assets.

a. affects the level of detection risk that the auditor may accept. d. System of segregation of duties.
b. indicates to the auditor where inherent risk may be the greatest. Obtaining an understanding of an internal control involves evaluating the
design of the control and determining whether the control has been:
c. provides assurance that the auditor's materiality levels are appropriate.
Select one:
d. is relevant to the auditor's understanding of the control environment. a. Implemented.
Corporate governance is a set of processes and policies in managing an
organization with sound ethics to safeguard the interests of its b. Tested.
stakeholders.
c. Authorized.
 Public Company Accounting Oversight Board (PCAOB) Auditing
d. Monitored. Standard No. 5 (AS 5) encourages auditors to start from the basic/bottom
The linking table between Purchase Orders and Products would likely of financial records to identify the key controls.
indicate the quantity of each product ordered and the quantity of each
Select one:
product received.
True
Select one:
True False
The association between Purchase Orders and Cash Disbursements
False could be implemented with a foreign key in either table but not both.
In a BPMN collaboration model of the purchase process, which of the
Select one:
following best describes the purpose of swimlanes is which of the
following? True
Select one: False
a. Clarifying the interaction between pools Refer to the following diagram. Which of the following answers does not
provide a valid interpretation of the multiplicities for the association
b. Capturing the process complexity between the Employees and the Sales classes?
c. Showing different jobs in the purchase process

d. Showing the sequence of activities in a pool Select one:

One-to-many relationships are implemented by posting a foreign key. a. Several employees participate in each sale.
Select one: b. Some employees do not participate in sales.
True c. Only one employee participates in each sale.

False d. Some employees participate in several sales.

Check A manufacturing firm identified that it would have difficulty sourcing raw
materials locally, so it decided to relocate its production facilities.
Proper segregation of duties calls for separation of the following According to COSO, this decision represents which of the following
functions: response to the risk?
Select one: Select one:
a. Authorization, payment, and recording. a. Prospect theory.
b. Authorization, recording, and custody. b. Risk sharing.
c. Authorization, execution, and payment. c. Risk reduction.
d. Custody, execution, and reporting. d. Risk acceptance.
A query using Purchase Orders and Cash Disbursements could report
accounts payable by showing records where the foreign key was NULL a. A digital signature is an encrypted message digest.
(blank). b. A digital signature also authenticates the document creator.
Select one: c. A digital signature is a message digest encrypted using the document
True creator's public key.

False d. A digital signature can ensure data integrity.

Integrity of information means the information is: Fraud triangle includes incentive, opportunity and an attitude to
rationalize the fraud.
Select one:
Select one:
a. Accurate
True
b. Complete
False
c. Accessible
An entity doing business on the internet most likely could use any of the
following methods to prevent unauthorized intruders from accessing
d. A and B are correct.
proprietary information except:
Key distribution and key management are problematic under the
symmetric-key encryption. Select one:

Select one: a. Batch processing.

True b. Digital certificates.

False c. Data encryption.

What is the primary objective of data security controls?
Select one:
a. To establish a framework for controlling the design, security, and use
of computer programs throughout an organization.
d. Password management.
The goal of information security management is to maintain
confidentiality, integrity and availability of a firm's information.
Select one:

b. To formalize standard, rules, and procedures to ensure the True

organization's control are properly executed.
False
c. To ensure that data storage media are subject to authorization prior to
Asymmetric-key encryption is suitable for encrypting large data sets or
access, change, or destruction.
messages.
d. To monitor the use of system software to prevent unauthorized access Select one:
to system software and computer programs.
Which of the following statements is incorrect about digital signature? True

Select one: False

 Check
c. Restricting access to the computer center by use of biometric devices.
Encryption is a preventive control ensuring data confidentiality and
privacy during transmission and for storage. d. Creating hash totals from social security number for the weekly
payroll.
Select one: Certificate Authority (CA) issues digital certificates to bond the subscriber
True with a public key and a private key.

Select one:
False
When client's accounts payable computer system was relocated, the True
administrator provided support through a dial-up connection to server.
Subsequently, the administrator left the company. No changes were False
made to the accounts payable system at that time. Which of the following A company's audit committee is responsible for fraud risk assessments.
situations represents the greatest security risk?
Select one:
Select one:
True
a. Security logs are not periodically reviewed for violations.
False
b. Management procedures for user accounts are not documented.
Symmetric-key encryption method is used to authenticate users.
c. User accounts are not removed upon termination of employees.
Select one:
d. User passwords are not required to the in alpha-numeric format.
True
In a large multinational organization, which of the following job
responsibilities should be assigned to be network administrator? False
Select one: Which of the following outcomes is a likely benefit of information
technology used for internal control?
a. Managing remote access.
Select one:
b. Developing application programs.
a. Processing of unusual or nonrecurring transactions.
c. Reviewing security policy.
b. Recording of unauthorized transactions.
d. Installing operating system upgrades.
c. Potential loss of data.
Which of the following statements presents an example of a general
control for a computerized system? d. Enhanced timeliness of information.
Select one: An information technology director collected the names and locations of
key vendors, current hardware configuration, names of team members,
a. Limiting entry of sales transactions to only valid credit customers. and an alternative processing location. What is the director most likely
preparing?
b. Restricting entry of accounts payable transactions to only authorized
users. Select one:
 Segregation of duties can be the source of IT material weaknesses when
a. System hardware policy. assessing the effectiveness of internal controls over the company's
b. System security policy. accounting information system.

c. Disaster recovery plan. Select one:

True
d. Data restoration plan.
Disaster recovery planning and business continuity management are False
preventive controls. The analysis phase of the SDLC involves a complete, detailed analysis of
Select one: the systems needs of the end user.

True Select one:

True
False
Bacchus, Inc. is a large multinational corporation with various business False
units around the world. After a fire destroyed the corporation The design phase of the SDLC begins with a business need for a new or
headquarters and largest manufacturing site, plans for which of the better information system.
following would help Bacchus ensure a timely recovery?
Select one:
Select one:
True
a. Daily backup.
b. Business continuity. False
The maintenance phase of the SDLC is the final phase of the SDLC and
c. Network security. includes making changes, corrections, additions, and upgrades
(generally smaller in scope) to ensure the system continues to meet the
d. Backup power. business requirements that have been set out for it.
One type of fault tolerance is using redundant units to provide a system
the ability to continue functioning when part of the system fails. Select one:

Select one: True

True False
In making the business case for an IT investment, companies should
False assess the sensitivity of results to the assumptions.
One weakness of the internal rate of return financial metric is that larger
projects tend to have higher internal rates of return. Select one:

Select one: True

True False
The appropriate cost of capital to use in valuing an IT project is the same
False regardless of the project riskiness.
Select one:
b. Design Phase
True
c. Implementation Phase
False
d. Analysis Phase
The project sponsor is generally the same person as the project
manager. The project sponsor generally obtains necessary resources for
successful project completion.
Select one:
Select one:
True
True
False
False
Capital budgeting techniques provide precise estimates on an IT projects
costs and benefits. Check

Select one: The triple constraints of project management include time, scope, and
effort.
True
Select one:
False
True
Net present value techniques compute the unique rate of return for a
particular IT project. False
Select one: The IFAC suggested ten core principles of effective information
technology planning. Which of these are not one of those ten core
True principles?

False Select one:

The final phase of the systems development life cycle is the a. Reassessment
Select one: b. Benefits Realization
a. Analysis Phase c. Reliability
b. Maintenance phase
d. Relevant Scope
c. Implementation Phase The triple constraints of project management are also referred to as
Dempster's triangle.
d. Design Phase
Select one:
Which phase of the systems development life cycle includes transforming
the plan from the design phase into an actual, functioning system: True
Select one:
False
a. Maintenance Phase
 Check Select one:

The 15-15 Rule states that if a project is more than 15 percent over True
budget or 15 percent off the desired schedule, it will likely never recoup
the time or cost necessary to be considered successful. False
Virus is a self-replicating, self-propagating, self-contained program that
Select one: uses networking mechanisms to spread itself.
True
Select one:
False True
PERT is actually an acronym for Program Evaluation Review Tool.
False
Select one: Which of the following statements is incorrect?
True
Select one:
False a. A fraud prevention program starts with a fraud risk assessment across
Which phase of the systems development life cycle would describe in the entire firm.
detail the desired features of the system?
b. The audit committee typically has an oversight role in risk assessment
Select one: process.

a. Implementation Phase c. Communicating a firm's policy file to employees is one of the most
important responsibilities of management.
b. Analysis Phase
d. A fraud prevention program should include an evaluation on the
c. Planning Phase efficiency of business processes.
d. Design Phase Encryption and hashing are similar process to maintain data
confidentiality.
The IFAC suggested ten core principles of effective information
technology planning. Which of these are not one of those ten core Select one:
principles?
True
Select one:
False
a. Benefits Realization
The 100% rule suggests that before a PERT chart is done, a project
b. Timeliness manager must:

c. Measurable Performance Select one:

d. Relevant Timeframe a. Make sure 100% of the project is funded.

The impact of an IT investment can depend on managers' decision- b. Make sure the project team is devoted solely or 100%, to this project.
making abilities.
c. Make sure that each person on the project team got 100% on their True
project management final exam.
False
d. Make sure 100% of the project tasks are defined. Parallel simulation attempts to simulate the firm's key features or
The goal of information security management is to enhance the processes.
confidence, integrity and authority (CIA) of a firm's management.
Select one:
Select one:
True
True
False
False Which of the following is not included in the remediation phrase for
The PERT and Gantt charts primarily address the triple constraint of: vulnerability management?

Select one: Select one:

a. Cost a. Vulnerability Prioritization
b. Time b. Risk Response Plan
c. Scope c. Policy and procedures for remediation

d. Technical issues d. Control Implementation

The results of a generalized audit software simulation of the aging of Information security is a critical factor in maintaining systems integrity.
accounts receivable revealed substantial differences in the aging
contribution, even though grand totals reconciled. Which of the following Select one:
should the IS auditor do first to resolve the discrepancy?
True
Select one:
False
a. Ignore the discrepancy because the grand totals reconcile and instruct Tasks that must be completed in a specific sequence but don't require
the controller to correct program. additional resources or a specific completion time are considered to have
b. List a sample of actual data to verify the accuracy of the test program. task dependency.

c. Create test transactions and run test data on both the production and Select one:
simulation program. True
d. Recreate the test, using different software. False
The Technology Acceptance Model defines perceived usefulness as the In 2009, _____ of the projects failed or were challenged.
extent to which a person believes that the use of a particular system
would be free of effort. Select one:
Select one: a. 82%
b. 35% d. Embedded audit modules cannot be protected from computer viruses.
c. 68% The value of IT investments often depends on the level of complementary
resources, which can change over time.
d. 49%
Select one:
The benefits of an IT project are not necessarily measurable in financial
terms. True
Select one: False
True Common IT techniques that are needed to implement continuous auditing
include
False
Select one:
Which of the following does not represent a viable data backup method?
a. All of the choices.
Select one:
b. Transaction logging and query tools
a. Cloud computing
c. Computer-assisted audit techniques.
b. Virtualization
c. Disaster recovery plan d. Data warehouse and data mining
Time that employees devote to self-training on new technology is an
d. Redundant arrays of independent drives example of direct operating costs.
Embedded audit module is a programmed audit module that is added to Select one:
the system under review.
True
Select one:
True False
The balanced scorecard management process starts with the Formulate
False step.
Which of the following is the primary reason that many auditors hesitate Select one:
to use embedded audit modules?
True
Select one:
a. Auditors are required to monitor embedded audit modules False
continuously to obtain valid results. Check

b. Auditors are required to be involved in the system design of the A continuous audit is to perform audit-related activities on a continuous
application to be monitored. basis.
c. Embedded audit modules can easily be modified through management Select one:
tampering.
True
 False False
Accountants increasingly participate in designing internal controls and Research shows that standardized, integrated, and networked
improving business and IT processes in a database environment. technology enhances decision making and performance management.

Select one: Select one:

True True

False False
Check A data warehouse is for daily operations and often includes data for the
current fiscal year only.
Investments in business analytics systems support the balanced
scorecard management process during the Link to Operations step. Select one:

Select one: True

True False

False
The breakdown of all of the project tasks needed for completion is often
called the work breakdown structure.

Select one:
True

False
Within a WAN, a router would perform which of the following functions?

Select one:
a. Provide the communication within the network
b. Select network pathways within a network for the flow of data packets.
c. Amplify and rebroadcast signals in a network

d. Forward data packets to their internal network destination

The Technology Acceptance Model defines perceived ease of use as
users adopting a new or modified system to the extent they believe the
system will help them perform their job better.

Select one:
True