Professional Documents
Culture Documents
Accounting Information Systems Understanding Business Processes 4th Edition Considine Test Bank
Accounting Information Systems Understanding Business Processes 4th Edition Considine Test Bank
Accounting Information Systems Understanding Business Processes 4th Edition Considine Test Bank
Accounting Information
Systems 4e
Brett Considine, Alison Parkes, Karin
Olesen, Yvette Blount & Derek Speer
Prepared by
Zhong Zheng
and
Kent Wilson
a. control policies
*b. control activities
c. control procedures
d. control processes
Correct answer: b
Learning Objective 8.1 ~ Relate control activities to the accounting process
2. The comparison of actual and budgeted figures and the conduct of variance analysis
to determine the source of the variance is a type of:
a. General control
b. Information processing control
*c. Performance review
d. Application control
Correct answer: c
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage
3. Information processing controls are those that are put in place within the organisation
to work towards the _______ of transactions.
Correct answer: c
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage
Correct answer: a
Learning Objective 8.1 ~ Relate control activities to the accounting process
a. the supplier delivers the goods with an invoice instead of a delivery note
b. the goods are not available
*c. the supplier delivers the wrong goods or wrong quantity
d. the purchasing officer orders the wrong goods.
Correct answer: c
Learning Objective 8.1 ~ Relate control activities to the accounting process
6. An antivirus program scans and monitors files in a computer continuously for viruses.
This is an example of:
a. Preventive control
*b. Detective control
c. Corrective control
d. Application control
Correct answer: b
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage
*a. input
b. general
c. processing
d. performance
Correct answer: a
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage
8. A computer virus is found in a file in the computer system. Because a solution for
recovering the file is not yet available, the infected file is quarantine by the antivirus
software. Quarantining the infected file is an example of:
Correct answer: a
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage
9. Which of the following is not a type of controls classified in the Australian Auditing
Standard ASA 315?
a. Authorisation
b. Performance review
*c. Risk control
d. Segregation of duties
Correct answer: c
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage
10. Control of access to the server for the company database is an example of which type
of control?
a. input
*b. general
c. processing
d. performance
Correct answer: b
Learning Objective 8.3 ~ Link controls to the stages of data processing and COSO and
COBIT
11. Which aspect of document collection are pre-numbered documents used to establish?
Correct answer: c
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage
a. balance sheet
b. sales order
*c. remittance advice
d. payslip
Correct answer: c
Learning Objective 8.3 ~ Link controls to the stages of data processing and COSO and
COBIT
a. edit
b. range
c. reasonableness
*d. all of the above
Correct answer: d
Learning Objective 8.3 ~ Link controls to the stages of data processing and COSO and
COBIT
a. Proper authorisation.
b. Timeliness.
c. Proper recording.
*d. User friendly.
Correct answer: d
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system
15. With respect to the recording of transactions, which of the following statements is
true?
Correct answer: b
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system
16. How does a computer system know that a sales manager has authorised a credit
transaction over $1000?
Correct answer: b
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system
17. Purchasing goods over the Internet would fit into which of the following categories of
processing?
a. Batch
b. online real-time
*c. online data collection batched for later processing
d. Shopping basket
Correct answer: c
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system
a. (i) (iii)
b. (ii) (iii)
c. (i) (ii)
*d. (i) (ii) (iii)
Correct answer: d
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system
19. In terms of proper recording of transactions, accuracy is concerned with making sure
that: (i) all data that enter the system are in the correct format (ii) all data that enter
the system are of the right type (iii) all data are stored in a secured place to prevent
unauthorised manipulation (iv) the data gathered accurately reflect the reality of the
underlying transaction or event.
a. (i) (ii)
b. (i) (ii) (iii)
*c. (i) (ii) (iv)
d. (i) (ii) (iii) (iv)
Correct answer: c
Learning Objective 8.4 ~ Describe the aims of a computerised accounting information system
*a. throughout the organisation including office staff, accountants and IT workers
b. accountants
c. office staff who have to deal with money matters
d. programmers and computer support staff who could interfere with the
accounting information system
Correct answer: a
Learning Objective 8.5 ~ Define and provide examples of general controls
Correct answer: b
Learning Objective 8.5 ~ Define and provide examples of general controls
Correct answer: d
Learning Objective 8.5 ~ Define and provide examples of general controls
Correct answer: d
Learning Objective 8.5 ~ Define and provide examples of general controls
24. Which of the following would enable an organisation to detect that an unauthorised
person has entered a secure area?
Correct answer: c
Learning Objective 8.5 ~ Define and provide examples of general controls
25. A cash disbursement clerk issues a cheque that has been approved by the treasurer.
This is an example of:
Correct answer: b
Learning Objective 8.5 ~ Define and provide examples of general controls
a. ah@123re$d
b. Nik890102336757099924PoT
*c. A_d33erZb#4G
d. Qwertyuiopasdfghjklzxcvbnm1234567890
Correct answer: c
Learning Objective 8.5 ~ Define and provide examples of general controls
Correct answer: c
Learning Objective 8.5 ~ Define and provide examples of general controls
Correct answer: c
Learning Objective 8.6 ~ Define and provide examples of application controls
29. A purchase order is entered into a computer purchasing system. The purchase is for
$25 000 and has been entered by the purchase clerk. Company policy dictates that
purchases over $2000 must be entered by the purchasing manager. This is an example
of a breach of controls relating to:
a. Timeliness
b. Input accuracy
c. Input validity
*d. Authorisation
Correct answer: d
Learning Objective 8.6 ~ Define and provide examples of application controls
30. What should happen if a valid username is supplied but the password is incorrect?
Correct answer: a
Learning Objective 8.5 ~ Define and provide examples of general controls
32. A reasonableness check that is used when processing fortnightly employee wage
payments would best be used to:
Correct answer: d
Learning Objective 8.6 ~ Define and provide examples of application controls
33. Which of the following controls will best help detect inventory input accuracy
concerns when entering credit sales into a system?
Correct answer: b
Learning Objective 8.6 ~ Define and provide examples of application controls
34. Which control would best help achieve the aim of correct valuation for purchase
transactions entered into a system?
*a. Range checks – checking the quantity ordered against acceptable ranges.
b. Validity checks – checking the supplier is listed in our supplier master file.
c. Sequence check – ensuring the purchase order number is the next number in
the sequence.
d. Authorisation – getting a manager to approve all purchases.
Correct answer: a
Learning Objective 8.6 ~ Define and provide examples of application controls
Correct answer: b
Learning Objective 8.6 ~ Define and provide examples of application controls
36. In general, disaster recovery plans include all of the following except:
a. Temporary sites
b. Staffing
*c. Employee evacuation procedures
d. Business relationships restoration
Correct answer: c
Learning Objective 8.7 ~ Describe the operation and components of a disaster recovery plan
37. In terms of disaster recovery, organisations’ reaction to the threat of disaster can be:
a. detective or preventive
*b. preventive or corrective
c. detective or corrective
d. preventive, detective and corrective.
Correct answer: b
Learning Objective 8.7 ~ Describe the operation and components of a disaster recovery plan
38. Which of the following is NOT one of the main aims for an organisation in the event
of a natural disaster that disrupts business operations?
Correct answer: c
Learning Objective 8.7 ~ Describe the operation and components of a disaster recovery plan
a. A separate facility located close to the organisation’s usual premises but does
not contain offices and the necessary equipment.
b. A separate facility located away from the organisation’s usual premises but
does not contain offices and the necessary equipment.
c. A separate facility located close to the organisation’s usual premises and
contains offices and the necessary equipment to get the business back up and
running in the minimal amount of time after a disaster occurs.
*d. A separate facility located away from the organisation’s usual premises and
contains offices and the necessary equipment to get the business back up and
running in the minimal amount of time after a disaster occurs.
Correct answer: d
Learning Objective 8.7 ~ Describe the operation and components of a disaster recovery plan
40. The first that financial giant Morgan Stanley knew about the 9/11 bombings were that
their business started running from their ________________ several kilometres away
from Wall St.
a. cold site
*b. hot site
c. off-site backup
d. hosted site
Correct answer: b
Learning Objective 8.7 ~ Describe the operation and components of a disaster recovery plan
Correct answer: c
Learning Objective 8.8 ~ Analyse the execution of control activities
a. Consistent application
b. Timely execution
c. Greater degree of difficulty in working around or avoiding the control
*d. Handling one-off events
Correct answer: d
Learning Objective 8.8 ~ Analyse the execution of control activities
43. Computer-based controls are extremely dependent on: (i) a sound control environment
(ii) sound general controls (iii) the COBIT framework
Correct answer: a
Learning Objective 8.8 ~ Analyse the execution of control activities
44. A company wants all sales orders over $1000 to be authorised by the sales manager.
Are the procedures covering this an example of computer or human controls?
a. human
b. computer
c. human followed by computer
*d. computer followed by human
Correct answer: d
Learning Objective 8.8 ~ Analyse the execution of control activities
Correct answer: d
Learning Objective 8.9 ~ Understand different techniques for documenting a control system
46. The system documentation tool that is most useful for documenting controls is …
a. process map
b. structured narrative
c. logical data flow diagram
*d. system flowchart
Correct answer: d
Learning Objective 8.9 ~ Understand different techniques for documenting a control system
47. CPA Australia identifies five reasons an internal control system does not provide 100
per cent assurance that an organisation’s objectives will be achieved. These reasons
do NOT include:
a. Judgement error
b. Unexpected transactions
c. Weak internal controls
*d. Natural disasters
Correct answer: d
Learning Objective 8.1 ~ Relate control activities to the accounting process
48. To minimise the possible negative impact brought about by unexpected transactions,
an organisation should:
a. Ask designers of a control system to predict every possible outcome and every
future event.
*b. Place a strong emphasis on ethical and responsible behaviour.
c. Ask external auditors to audit their internal control system.
d. Refuse carrying out unexpected transactions.
Correct answer: b
Learning Objective 8.1 ~ Relate control activities to the accounting process
a. Management incompetence.
b. Employee turnover.
c. Complexity of organisational structure.
*d. All of the options are correct.
Correct answer: d
Learning Objective 8.1 ~ Relate control activities to the accounting process
50. Information processing controls are those that are put in place within the organisation
to work towards the ____________ of transactions.
Correct answer: c
Learning Objective 8.2 ~ Classify internal controls as general or application, and based on
function and business process stage
Answer:
General controls are those policies and procedures that ‘relate to many applications and
support the effective functioning of application controls by helping to ensure the continued
proper operation of information systems’. General controls operate across the organisation
and relate to the overall environment in which different information systems are located. Note
from the definition that general controls do not relate to a specific application or process and,
as a result, will not directly affect the operation of the different information systems that may
exist within the organisation. General controls may provide a suitable environment in which
separation of duties and restricted access to resources can be applied, but they do not help to
control the actual operation of the different computer systems that the organisation uses. As
such, general controls provide the environment within which application controls operate.
General controls, Controls that relate to the overall computerised information system
environment.
2. Briefly describe and compare preventive control, detective control, and corrective control.
Answer:
Preventive controls are designed to stop errors or irregularities occurring. Unlike preventive
controls, detective controls will not prevent errors from occurring. Rather, the function of a
detective control is to alert those involved in the system when an error or anomaly occurs. So,
as the name would suggest, it detects errors or anomalies. Corrective controls are designed to
correct an error or irregularity after it has occurred.
3. Briefly describe and compare input control, processing control, and output control.
Answer:
Input controls are designed to operate as data enters the system. These controls will typically
aim to provide reasonable assurance about the accuracy, validity and completeness of data
being entered. Processing controls are put in place to work towards the correct handling of
data within the information processing stages. Output controls are concerned with the various
outputs generated by the process, and are focused on issues such as who can request outputs,
how outputs are prepared and making sure all outputs are accounted for.
Answer:
Batch processing operates by accumulating transactions in a group or batch and then
processing the group of transactions together. Batch processing can have several advantages
for an organisation, including efficiency in processing transactions and fewer system
demands during regular operations. However, it also means that data are not immediately
updated after each transaction.
5. What are the two types of temporary sites? What are the differences between the two?
Answer:
In general there are two types of temporary sites, hot site and cold site. A hot site is a separate
facility located away from the organisation’s usual premises that contains offices and the
necessary equipment (such as IT, telecommunications and data) to get the business back up
and running in a minimal amount of time after a disaster occurs. Unlike a hot site, a cold site
does not have the necessary equipment and data in place for the organisation to immediately
continue operations. Rather, it is an available office with basic telephone and electricity
supplies ready for use should they be required. However, the organisation using the cold site
still has to arrange for the necessary data, technology and other resources that are required to
resume business operations.
Answer:
Manual controls, by definition, are performed by people. The main disadvantage is that they
are prone to human error and inconsistent application. However, a benefit of manual controls
is that they offer the ability to handle one-off, irregular or infrequent events that cannot
necessarily be prescribed by an algorithm that forms the basis of computer programs. For less
frequent or irregular transactions manual controls may be the more suitable option.
Answer:
Computer-based controls offer the benefits of consistent application, timely execution and a
greater degree of difficulty in working around or avoiding the control. Controls that are
programmed into the computer and are exercised by the computer will provide an assurance
of consistent application – the computer follows the same steps and rules each time the
control needs to be applied. In addition, controls that require any degree of computation are
best performed by computers because of their relative efficiency and accuracy in executing
calculations. In addition, the data that can be gathered by the computer in executing control
activities can provide for further analysis and follow up by the organisation if required.
Computer-based controls are also more difficult to work around. The most obvious way of
avoiding computer-based controls is to manipulate the programmed instructions that the
computer follows; however, few people in an organisation would possess the necessary
knowledge to do this. Computer-based controls, however, are extremely dependent on a
sound control environment and general controls. For example, if general controls are soundly
structured (e.g. the separation of duties within the IT environment, particularly systems
development and programming from users), the probability of program manipulation and
alteration is reduced. However, if separation is not present there is the risk of program and
data manipulation by staff in the operation of the computer systems. As a consequence, when
designing computer-based controls it is necessary to consider how well the general controls
are applied throughout the organisation.
Answer:
Control systems are usually designed around the typical transactions a business undertakes
and the typical errors or threats that apply to those transactions and the environments in
which they occur. However, the designers of a control system are not clairvoyants – they
cannot predict every possible outcome and every future event. Therefore, there will be events
or transactions that were unanticipated when the control system was put in place. A sound
control environment accompanied by a strong emphasis on ethical and responsible behaviour
can assist employees in carrying out these unexpected transactions, as can regularly
reviewing the controls and their appropriateness to the business environment.
Answer:
Run-to-run totals will help identify whether any transaction data have gone missing between
when they were first gathered and after their processing, while accuracy is attained by
checking totals to ensure that they are the same before and after the processing of data.
Batch totals can also be used as a control for data processing, since if data is being shifted
from one file to another the data should not change. As such, the total of the data (be it
number of records or dollar values) should be the same before and after the processing
occurs.
Sequence checks can also be used during the processing of data. At the processing stage,
these checks can operate to ensure that no data have gone missing during processing
activities.
Hash totals are batch totals based around meaningless figures, and reconciliations can also
help.
10. Describe the checks that can be performed during data entry.
Answer:
Validity checks take a given input for a field and ensure that it is an acceptable value.
Completeness checks ensure that all required data are entered.
Limit checks will check values input into a field to make sure they fit within a pre-determined
upper limit.
Range checks function in a manner similar to limit checks, with the exception that the checks
apply to both upper and lower limits.
Reasonableness checks operate to check that numeric input for a field is within a reasonable
numeric range.
Redundant data check operates by having the data entered twice and then checking
the two sets of inputs and making sure that they are identical.