Accounting Information Systems

Understanding Business Processes 4th

Edition Considine Test Bank
Visit to download the full and correct content document: https://testbankdeal.com/dow
nload/accounting-information-systems-understanding-business-processes-4th-edition
-considine-test-bank/
 Testbank
to accompany

Accounting Information
Systems 4e
Brett Considine, Alison Parkes, Karin
Olesen, Yvette Blount & Derek Speer

Prepared by
Zhong Zheng
and
Kent Wilson

John Wiley & Sons Australia, Ltd 2012

 Chapter 8: Internal controls II

Chapter 8 Internal controls II

Multiple Choice Questions

1. After identifying risks, management will decide on appropriate policies and

procedures to address the risks. These policies and procedures are called:

a. control policies
*b. control activities
c. control procedures
d. control processes

Correct answer: b
Learning Objective 8.1 ~ Relate control activities to the accounting process

2. The comparison of actual and budgeted figures and the conduct of variance analysis
to determine the source of the variance is a type of:

a. General control
b. Information processing control
*c. Performance review
d. Application control

Correct answer: c
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage

3. Information processing controls are those that are put in place within the organisation
to work towards the _______ of transactions.

a. efficiency, effectiveness, and accuracy

b. timeliness, efficiency, and completeness
*c. accuracy, completeness, and authorisation
d. authorisation, processing, accuracy

Correct answer: c
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage

© John Wiley & Sons Australia, Ltd 2012 8.1

Testbank to accompany: Accounting information systems 4e

4. Internal controls are necessary in all businesses because …

*a. business processes do not always go to plan

b. employees are basically corrupt
c. financial statements only contain assertions
d. external auditors insist on them

Correct answer: a
Learning Objective 8.1 ~ Relate control activities to the accounting process

5. Which of the following is a risk to the financial statement of a company when it

places a purchase order with a supplier?

a. the supplier delivers the goods with an invoice instead of a delivery note
b. the goods are not available
*c. the supplier delivers the wrong goods or wrong quantity
d. the purchasing officer orders the wrong goods.

Correct answer: c
Learning Objective 8.1 ~ Relate control activities to the accounting process

6. An antivirus program scans and monitors files in a computer continuously for viruses.
This is an example of:

a. Preventive control
*b. Detective control
c. Corrective control
d. Application control

Correct answer: b
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage

7. Checking customer details before finalising a sales order is an example of a ________

control.

*a. input
b. general
c. processing
d. performance

Correct answer: a
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage

© John Wiley & Sons Australia, Ltd 2012 8.2

 Chapter 8: Internal controls II

8. A computer virus is found in a file in the computer system. Because a solution for
recovering the file is not yet available, the infected file is quarantine by the antivirus
software. Quarantining the infected file is an example of:

*a. Preventive control

b. Detective control
c. Corrective control
d. None of the options are correct.

Correct answer: a
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage

9. Which of the following is not a type of controls classified in the Australian Auditing
Standard ASA 315?

a. Authorisation
b. Performance review
*c. Risk control
d. Segregation of duties

Correct answer: c
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage

10. Control of access to the server for the company database is an example of which type
of control?

a. input
*b. general
c. processing
d. performance

Correct answer: b
Learning Objective 8.3 ~ Link controls to the stages of data processing and COSO and
COBIT

© John Wiley & Sons Australia, Ltd 2012 8.3

Testbank to accompany: Accounting information systems 4e

11. Which aspect of document collection are pre-numbered documents used to establish?

a. input data is accurate

b. data from source documents is recorded in a timely manner
*c. all source documents are accounted for
d. all source documents have been authorised

Correct answer: c
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage

12. Which of the following is an example of a turnaround document?

a. balance sheet
b. sales order
*c. remittance advice
d. payslip

Correct answer: c
Learning Objective 8.3 ~ Link controls to the stages of data processing and COSO and
COBIT

13. Checking for accuracy is performed by ____________ checks.

a. edit
b. range
c. reasonableness
*d. all of the above

Correct answer: d
Learning Objective 8.3 ~ Link controls to the stages of data processing and COSO and
COBIT

14. Which of the following is NOT a major aim of a computerised accounting

information system?

a. Proper authorisation.
b. Timeliness.
c. Proper recording.
*d. User friendly.

Correct answer: d
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system

© John Wiley & Sons Australia, Ltd 2012 8.4

 Chapter 8: Internal controls II

15. With respect to the recording of transactions, which of the following statements is
true?

a. Proper recording of transactions is essentially about completeness.

*b. Proper recording of transactions is essentially about accuracy.
c. Proper recording of transactions is essentially about storing data in only one
place.
d. None of the options are correct.

Correct answer: b
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system

16. How does a computer system know that a sales manager has authorised a credit
transaction over $1000?

a. The input terminal has bio-security check eg retina scanning.

*b. A combination of checks on the size of the credit required and the access
rights of the manager when she logged in with her username and password
c. The system must insist on the sales manager entering the transaction
d. The control comes from the work practices outside the computer

Correct answer: b
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system

17. Purchasing goods over the Internet would fit into which of the following categories of
processing?

a. Batch
b. online real-time
*c. online data collection batched for later processing
d. Shopping basket

Correct answer: c
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system

18. Authorisation in a computerised information system can be established through: (i)

user privileges (ii) user access rights (iii) restrictions on what different users are able
to do within the system.

a. (i) (iii)
b. (ii) (iii)
c. (i) (ii)
*d. (i) (ii) (iii)

Correct answer: d
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system

© John Wiley & Sons Australia, Ltd 2012 8.5

Testbank to accompany: Accounting information systems 4e

19. In terms of proper recording of transactions, accuracy is concerned with making sure
that: (i) all data that enter the system are in the correct format (ii) all data that enter
the system are of the right type (iii) all data are stored in a secured place to prevent
unauthorised manipulation (iv) the data gathered accurately reflect the reality of the
underlying transaction or event.

a. (i) (ii)
b. (i) (ii) (iii)
*c. (i) (ii) (iv)
d. (i) (ii) (iii) (iv)

Correct answer: c
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system

20. Segregation of duties is a principle that applies to which sections of an organisation?

*a. throughout the organisation including office staff, accountants and IT workers
b. accountants
c. office staff who have to deal with money matters
d. programmers and computer support staff who could interfere with the
accounting information system

Correct answer: a
Learning Objective 8.5 ~ Define and provide examples of general controls

21. Which of the following is NOT a form of physical control?

a. Servers are placed in a locked room.

*b. A username and a password are needed to log into a computer.
c. Security cameras are put in place.
d. A swipe card system for controlling access to computer labs.

Correct answer: b
Learning Objective 8.5 ~ Define and provide examples of general controls

22. Which of the following is an example of poor segregation of duties?

a. Inventory control department is allowed to receive incoming goods.

b. Warehouse personnel are allowed to ship goods to customers.
c. The purchasing department is allowed to generate purchase requisitions.
*d. All of the options are correct.

Correct answer: d
Learning Objective 8.5 ~ Define and provide examples of general controls

© John Wiley & Sons Australia, Ltd 2012 8.6

 Chapter 8: Internal controls II

23. Which of the following is an example of good segregation of duties?

a. The sales department is allowed to bill customers.

b. The accounts receivable department is allowed to prepare bills.
c. The warehouse personnel are allowed to maintain the inventory record.
*d. None of the options are correct.

Correct answer: d
Learning Objective 8.5 ~ Define and provide examples of general controls

24. Which of the following would enable an organisation to detect that an unauthorised
person has entered a secure area?

a. Swipe card access

b. Physical lock of the door
*c. Security camera
d. Biometric access control

Correct answer: c
Learning Objective 8.5 ~ Define and provide examples of general controls

25. A cash disbursement clerk issues a cheque that has been approved by the treasurer.
This is an example of:

a. Separating record-keeping from asset custody

*b. Separating transaction processing to transaction authorisation
c. Separating asset custody from transaction processing.
d. Separating transaction authorisation from record-keeping.

Correct answer: b
Learning Objective 8.5 ~ Define and provide examples of general controls

26. Which of the following is the strongest password?

a. ah@123re$d
b. Nik890102336757099924PoT
*c. A_d33erZb#4G
d. Qwertyuiopasdfghjklzxcvbnm1234567890

Correct answer: c
Learning Objective 8.5 ~ Define and provide examples of general controls

© John Wiley & Sons Australia, Ltd 2012 8.7

Testbank to accompany: Accounting information systems 4e

27. Which of the following statements concerning passwords is true?

a. Strong passwords are not required to be changed periodically.

b. As long as a strong password is devised, it can be as the password to multiple
accounts of a single user.
*c. A good control system should force the users to change their password
periodically.
d. For the sake of convenience and efficiency, users should select simple easy to
remember passwords.

Correct answer: c
Learning Objective 8.5 ~ Define and provide examples of general controls

28. The pre-numbering of cheques helps to achieve completeness because it:

a. provides control over cheques

b. prevents the issue of false cheques
*c. allows us to account for all cheques through a sequence check
d. allows us to ensure all cheque payments are properly authorised

Correct answer: c
Learning Objective 8.6 ~ Define and provide examples of application controls

29. A purchase order is entered into a computer purchasing system. The purchase is for
$25 000 and has been entered by the purchase clerk. Company policy dictates that
purchases over $2000 must be entered by the purchasing manager. This is an example
of a breach of controls relating to:

a. Timeliness
b. Input accuracy
c. Input validity
*d. Authorisation

Correct answer: d
Learning Objective 8.6 ~ Define and provide examples of application controls

30. What should happen if a valid username is supplied but the password is incorrect?

*a. the user is allowed to retry

b. the user’s account is frozen
c. nothing happens, not even a message to say the login failed
d. security guards appear and interrogate the user

Correct answer: a
Learning Objective 8.5 ~ Define and provide examples of general controls

© John Wiley & Sons Australia, Ltd 2012 8.8

 Chapter 8: Internal controls II

32. A reasonableness check that is used when processing fortnightly employee wage
payments would best be used to:

a. avoid the entry of false employee names

b. detect any employees who have their payments entered twice
c. detect any potentially incorrect employee numbers
*d. detect potentially high values for hours worked

Correct answer: d
Learning Objective 8.6 ~ Define and provide examples of application controls

33. Which of the following controls will best help detect inventory input accuracy
concerns when entering credit sales into a system?

a. A batch total of the number of sales invoices in the batch.

*b. A hash total of the number of inventory items ordered across all invoices.
c. A hash total of customer numbers from all sales invoices.
d. A sequence check on sales invoice numbers.

Correct answer: b
Learning Objective 8.6 ~ Define and provide examples of application controls

34. Which control would best help achieve the aim of correct valuation for purchase
transactions entered into a system?

*a. Range checks – checking the quantity ordered against acceptable ranges.
b. Validity checks – checking the supplier is listed in our supplier master file.
c. Sequence check – ensuring the purchase order number is the next number in
the sequence.
d. Authorisation – getting a manager to approve all purchases.

Correct answer: a
Learning Objective 8.6 ~ Define and provide examples of application controls

35. An example of an output control in a payroll system may be that:

a. Only the HR manager can change an employee’s rate of pay.

*b. Only an employee with a valid employee number and password can request a
summary of wages received over the past month.
c. Only the payroll clerk can enter payroll details each month.
d. Only the payroll clerk can process payments made to employees.

Correct answer: b
Learning Objective 8.6 ~ Define and provide examples of application controls

© John Wiley & Sons Australia, Ltd 2012 8.9

Testbank to accompany: Accounting information systems 4e

36. In general, disaster recovery plans include all of the following except:

a. Temporary sites
b. Staffing
*c. Employee evacuation procedures
d. Business relationships restoration

Correct answer: c
Learning Objective 8.7 ~ Describe the operation and components of a disaster recovery plan

37. In terms of disaster recovery, organisations’ reaction to the threat of disaster can be:

a. detective or preventive
*b. preventive or corrective
c. detective or corrective
d. preventive, detective and corrective.

Correct answer: b
Learning Objective 8.7 ~ Describe the operation and components of a disaster recovery plan

38. Which of the following is NOT one of the main aims for an organisation in the event
of a natural disaster that disrupts business operations?

a. Limit the time the business is out of operation.

b. Minimise the extent of loss to existing business resources.
*c. Limit the extended harm done to business partners.
d. Minimise the loss of data and information.

Correct answer: c
Learning Objective 8.7 ~ Describe the operation and components of a disaster recovery plan

39. A “hot site” is:

a. A separate facility located close to the organisation’s usual premises but does
not contain offices and the necessary equipment.
b. A separate facility located away from the organisation’s usual premises but
does not contain offices and the necessary equipment.
c. A separate facility located close to the organisation’s usual premises and
contains offices and the necessary equipment to get the business back up and
running in the minimal amount of time after a disaster occurs.
*d. A separate facility located away from the organisation’s usual premises and
contains offices and the necessary equipment to get the business back up and
running in the minimal amount of time after a disaster occurs.

Correct answer: d
Learning Objective 8.7 ~ Describe the operation and components of a disaster recovery plan

© John Wiley & Sons Australia, Ltd 2012 8.10

 Chapter 8: Internal controls II

40. The first that financial giant Morgan Stanley knew about the 9/11 bombings were that
their business started running from their ________________ several kilometres away
from Wall St.

a. cold site
*b. hot site
c. off-site backup
d. hosted site

Correct answer: b
Learning Objective 8.7 ~ Describe the operation and components of a disaster recovery plan

41. Disadvantages of manual controls include all of the following except:

a. Manual controls are prone to human errors.

b. Manual controls are prone to inconsistent application.
*c. Manual controls used up too many human resources.
d. Manual controls are easier to avoid and work around.

Correct answer: c
Learning Objective 8.8 ~ Analyse the execution of control activities

42. Advantages of computer-based controls include all of the following except:

a. Consistent application
b. Timely execution
c. Greater degree of difficulty in working around or avoiding the control
*d. Handling one-off events

Correct answer: d
Learning Objective 8.8 ~ Analyse the execution of control activities

43. Computer-based controls are extremely dependent on: (i) a sound control environment
(ii) sound general controls (iii) the COBIT framework

*a. (i) (ii)

b. (i) (iii)
c. (ii) (iii)
d. (i) (ii) (iii)

Correct answer: a
Learning Objective 8.8 ~ Analyse the execution of control activities

© John Wiley & Sons Australia, Ltd 2012 8.11

Testbank to accompany: Accounting information systems 4e

44. A company wants all sales orders over $1000 to be authorised by the sales manager.
Are the procedures covering this an example of computer or human controls?

a. human
b. computer
c. human followed by computer
*d. computer followed by human

Correct answer: d
Learning Objective 8.8 ~ Analyse the execution of control activities

45. The control matrix does NOT tell us:

a. the control objectives of a control system

b. how control objectives would ideally be attained
c. whether control objectives actually exist within a system
*d. the effectiveness of the control objectives

Correct answer: d
Learning Objective 8.9 ~ Understand different techniques for documenting a control system

46. The system documentation tool that is most useful for documenting controls is …

a. process map
b. structured narrative
c. logical data flow diagram
*d. system flowchart

Correct answer: d
Learning Objective 8.9 ~ Understand different techniques for documenting a control system

47. CPA Australia identifies five reasons an internal control system does not provide 100
per cent assurance that an organisation’s objectives will be achieved. These reasons
do NOT include:

a. Judgement error
b. Unexpected transactions
c. Weak internal controls
*d. Natural disasters

Correct answer: d
Learning Objective 8.1 ~ Relate control activities to the accounting process

© John Wiley & Sons Australia, Ltd 2012 8.12

 Chapter 8: Internal controls II

48. To minimise the possible negative impact brought about by unexpected transactions,
an organisation should:

a. Ask designers of a control system to predict every possible outcome and every
future event.
*b. Place a strong emphasis on ethical and responsible behaviour.
c. Ask external auditors to audit their internal control system.
d. Refuse carrying out unexpected transactions.

Correct answer: b
Learning Objective 8.1 ~ Relate control activities to the accounting process

49. Which of the follow is also considered threats to internal controls?

a. Management incompetence.
b. Employee turnover.
c. Complexity of organisational structure.
*d. All of the options are correct.

Correct answer: d
Learning Objective 8.1 ~ Relate control activities to the accounting process

50. Information processing controls are those that are put in place within the organisation
to work towards the ____________ of transactions.

a. efficiency, effectiveness, and accuracy

b. timeliness, efficiency, and completeness
*c. accuracy, completeness, and authorisation
d. authorisation, processing, accuracy

Correct answer: c
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage

© John Wiley & Sons Australia, Ltd 2012 8.13

Testbank to accompany: Accounting information systems 4e

Short Answer Questions

1. Briefly describe and compare general controls and application controls.

Answer:
General controls are those policies and procedures that ‘relate to many applications and
support the effective functioning of application controls by helping to ensure the continued
proper operation of information systems’. General controls operate across the organisation
and relate to the overall environment in which different information systems are located. Note
from the definition that general controls do not relate to a specific application or process and,
as a result, will not directly affect the operation of the different information systems that may
exist within the organisation. General controls may provide a suitable environment in which
separation of duties and restricted access to resources can be applied, but they do not help to
control the actual operation of the different computer systems that the organisation uses. As
such, general controls provide the environment within which application controls operate.
General controls, Controls that relate to the overall computerised information system
environment.

Application controls ‘apply to the processing of individual applications’ or processes. As

stated in the previous version of ASA 315, ‘these controls help to provide reasonable
assurance that all transactions have occurred, are authorised, and are completely and
accurately recorded and processed’. As this definition indicates, application controls are
designed around the control objectives of a specific business process or system and relate to
processing within individual applications. That is, application controls are specific to a
particular business process in that they will be implemented to address the risks and threats
unique to that process. Application controls operate within the scope of general controls.

2. Briefly describe and compare preventive control, detective control, and corrective control.

Answer:
Preventive controls are designed to stop errors or irregularities occurring. Unlike preventive
controls, detective controls will not prevent errors from occurring. Rather, the function of a
detective control is to alert those involved in the system when an error or anomaly occurs. So,
as the name would suggest, it detects errors or anomalies. Corrective controls are designed to
correct an error or irregularity after it has occurred.

3. Briefly describe and compare input control, processing control, and output control.

Answer:
Input controls are designed to operate as data enters the system. These controls will typically
aim to provide reasonable assurance about the accuracy, validity and completeness of data
being entered. Processing controls are put in place to work towards the correct handling of
data within the information processing stages. Output controls are concerned with the various
outputs generated by the process, and are focused on issues such as who can request outputs,
how outputs are prepared and making sure all outputs are accounted for.

© John Wiley & Sons Australia, Ltd 2012 8.14

 Chapter 8: Internal controls II

4. Describe the advantages and disadvantages of batch processing.

Answer:
Batch processing operates by accumulating transactions in a group or batch and then
processing the group of transactions together. Batch processing can have several advantages
for an organisation, including efficiency in processing transactions and fewer system
demands during regular operations. However, it also means that data are not immediately
updated after each transaction.

5. What are the two types of temporary sites? What are the differences between the two?

Answer:
In general there are two types of temporary sites, hot site and cold site. A hot site is a separate
facility located away from the organisation’s usual premises that contains offices and the
necessary equipment (such as IT, telecommunications and data) to get the business back up
and running in a minimal amount of time after a disaster occurs. Unlike a hot site, a cold site
does not have the necessary equipment and data in place for the organisation to immediately
continue operations. Rather, it is an available office with basic telephone and electricity
supplies ready for use should they be required. However, the organisation using the cold site
still has to arrange for the necessary data, technology and other resources that are required to
resume business operations.

6. What are the advantages and disadvantages of manual controls?

Answer:
Manual controls, by definition, are performed by people. The main disadvantage is that they
are prone to human error and inconsistent application. However, a benefit of manual controls
is that they offer the ability to handle one-off, irregular or infrequent events that cannot
necessarily be prescribed by an algorithm that forms the basis of computer programs. For less
frequent or irregular transactions manual controls may be the more suitable option.

© John Wiley & Sons Australia, Ltd 2012 8.15

Testbank to accompany: Accounting information systems 4e

7. What are the advantages and disadvantages of computer-based controls?

Answer:
Computer-based controls offer the benefits of consistent application, timely execution and a
greater degree of difficulty in working around or avoiding the control. Controls that are
programmed into the computer and are exercised by the computer will provide an assurance
of consistent application – the computer follows the same steps and rules each time the
control needs to be applied. In addition, controls that require any degree of computation are
best performed by computers because of their relative efficiency and accuracy in executing
calculations. In addition, the data that can be gathered by the computer in executing control
activities can provide for further analysis and follow up by the organisation if required.
Computer-based controls are also more difficult to work around. The most obvious way of
avoiding computer-based controls is to manipulate the programmed instructions that the
computer follows; however, few people in an organisation would possess the necessary
knowledge to do this. Computer-based controls, however, are extremely dependent on a
sound control environment and general controls. For example, if general controls are soundly
structured (e.g. the separation of duties within the IT environment, particularly systems
development and programming from users), the probability of program manipulation and
alteration is reduced. However, if separation is not present there is the risk of program and
data manipulation by staff in the operation of the computer systems. As a consequence, when
designing computer-based controls it is necessary to consider how well the general controls
are applied throughout the organisation.

8. Why unexpected transactions can contribute the ineffectiveness of an internal control

system? How can an organisation minimise the impact brought about by unexpected
transactions?

Answer:
Control systems are usually designed around the typical transactions a business undertakes
and the typical errors or threats that apply to those transactions and the environments in
which they occur. However, the designers of a control system are not clairvoyants – they
cannot predict every possible outcome and every future event. Therefore, there will be events
or transactions that were unanticipated when the control system was put in place. A sound
control environment accompanied by a strong emphasis on ethical and responsible behaviour
can assist employees in carrying out these unexpected transactions, as can regularly
reviewing the controls and their appropriateness to the business environment.

© John Wiley & Sons Australia, Ltd 2012 8.16

 Chapter 8: Internal controls II

9. Provide at least five examples of processing controls.

Answer:
Run-to-run totals will help identify whether any transaction data have gone missing between
when they were first gathered and after their processing, while accuracy is attained by
checking totals to ensure that they are the same before and after the processing of data.

Batch totals can also be used as a control for data processing, since if data is being shifted
from one file to another the data should not change. As such, the total of the data (be it
number of records or dollar values) should be the same before and after the processing
occurs.

Sequence checks can also be used during the processing of data. At the processing stage,
these checks can operate to ensure that no data have gone missing during processing
activities.

Hash totals are batch totals based around meaningless figures, and reconciliations can also
help.

10. Describe the checks that can be performed during data entry.

Answer:
Validity checks take a given input for a field and ensure that it is an acceptable value.
Completeness checks ensure that all required data are entered.
Limit checks will check values input into a field to make sure they fit within a pre-determined
upper limit.
Range checks function in a manner similar to limit checks, with the exception that the checks
apply to both upper and lower limits.
Reasonableness checks operate to check that numeric input for a field is within a reasonable
numeric range.
Redundant data check operates by having the data entered twice and then checking
the two sets of inputs and making sure that they are identical.

© John Wiley & Sons Australia, Ltd 2012 8.17