Escolar Documentos
Profissional Documentos
Cultura Documentos
MULTIPLE CHOICE
1. Which of the following is not a report attribute needed to make a report effective?
a. relevance
b. accuracy
c. detailed
d. exception orientation
2. XBRL
a. is the basic protocol that permits
communication between Internet sites.
b. controls Web browsers that access the Web.
c. is the document format used to produce Web
pages.
d. was designed to provide the financial
community with a standardized method for
preparing financial and business information
e. is a low-level encryption scheme used to
secure transmissions in higher-level (HTTP)
format.
3. An XBRL taxonomy:
a. is the document format used to produce web
pages.
b. is the final product (report).
c. is a classification scheme.
d. is a tag stored in each database record.
e. none of the above is true.
SHORT ANSWER
6. Contrast the four decision types, strategic planning, tactical planning, management
control and operational control, by the five decision characteristics, time frame, scope,
level of details, recurrence, nature of the problem as structured or unstructured and
certainty (3 points).
MULTIPLE CHOICE
7. Which characteristic is associated with the database approach to data management?
a. data sharing
b. multiple storage procedures
c. data redundancy
d. excessive storage costs
12. Explain the three types of anomalies associated with database tables that have not been
normalized.
MULTIPLE CHOICE
13. In a computer-based information system, which of the following duties needs to be separated?
a. program coding from program operations
b. program operations from program maintenance
c. program maintenance from program coding
d. all of the above duties should be separated
14. Which of the following is NOT a requirement in managements report on the effectiveness of
internal controls over financial reporting?
a. A statement of managements responsibility for
establishing and maintaining adequate internal
control user satisfaction.
b. A statement that the organizations internal
auditors has issued an attestation report on
managements assessment of the companys
internal controls.
c. A statement identifying the framework used by
management to conduct their assessment of
internal controls.
d. An explicit written conclusion as to the
effectiveness of internal control over financial
reporting.
15. Systems development is separated from data processing activities because failure to do so
a. weakens database access security
b. allows programmers access to make
unauthorized changes to applications during
execution
c. results in inadequate documentation
d. results in master files being inadvertently erased
16. All of the following are control risks associated with the distributed data processing structure
except
a. lack of separation of duties
b. system incompatibilities
c. system interdependency
d. lack of documentation standards
17. A cold site backup approach is also known as
a. internally provided backup
b. recovery operations center
c. empty shell
d. mutual aid pact
18. The major disadvantage of an empty shell solution as a second site backup is
a. the host site may be unwilling to disrupt its
processing needs to process the critical
applications of the disaster stricken company
b. intense competition for shell resources during a
widespread disaster
c. maintenance of excess hardware capacity
d. the control of the shell site is an administrative
drain on the company
19. All of the following are recommended features of a fire protection system for a computer center
except
a. clearly marked exits
b. an elaborate water sprinkler system
c. manual fire extinguishers in strategic locations
d. automatic and manual alarms in strategic
locations
20. Which statement is not true?
a. Auditors must maintain independence.
b. IT auditors attest to the integrity of the computer
system.
c. IT auditing is independent of the general
financial audit.
d. IT auditing can be performed by both external
and internal auditors.
21. All of the following are components of audit risk except
a. control risk
b. legal risk
c. detection risk
d. inherent risk
22. Which of the following is not a generally accepted auditing standard general standard?
a. The auditor must have adequate technical
training and proficiency.
b. The auditor must obtain sufficient, competent
evidence.
c. The auditor must have independence of mental
attitude.
d. All of the above are generally accepted auditing
standard general standards.
23. Operations fraud includes
a. altering program logic to cause the application to
process data incorrectly
b. misusing the firms computer resources
c. destroying or corrupting a programs logic using
a computer virus
d. creating illegal programs that can access data
files to alter, delete, or insert values
24. Which of the following is not true?
a. Management may outsource their organizations IT functions, but they cannot outsource their
management responsibilities for internal control.
b. Section 404 requires the explicit testing of outsourced controls.
c. The SAS 70 report, which is prepared by the outsourcers auditor, attests to the adequacy of
the vendors internal controls.
d. Auditors issue two types of SAS 70 reports: SAS 70 Type I report and SAS 70 Type II report.
SHORT ANSWER
25. Describe the two broad groupings of information system controls COSO identifies.
26. List three pairs of system functions that should be separated in the centralized computer services
organization. Describe a risk exposure if the functions are not separated.
separate new systems development from writing fraudulent code and keeping it
systems maintenance concealed during
maintenance__________________________
27. Explain the relationship between internal controls and substantive testing.
29. Which method will render useless data captured by unauthorized receivers?
a. echo check
b. parity bit
c. public key encryption
d. message sequencing
30. All of the following techniques are used to validate electronic data interchange transactions
except
a. value added networks can compare passwords to
a valid customer file before message
transmission
b. prior to converting the message, the translation
software of the receiving company can compare
the password against a validation file in the
firm's database
c. the recipient's application software can validate
the password prior to processing
d. the recipient's application software can validate
the password after the transaction has been
processed
31. All of the following tests of controls will provide evidence that adequate computer virus control
techniques are in place and functioning except
a. verifying that only authorized software is used
on company computers
b. reviewing system maintenance records
c. confirming that antivirus software is in use
d. examining the password policy including a
review of the authority table
32. Audit objectives for the database management system include all of the following except
a. verifying that the security group monitors and
reports on fault tolerance violations
b. confirming that backup procedures are adequate
c. ensuring that authorized users access only those
files they need to perform their duties
d. verifying that unauthorized users cannot access
data files
33. All of the following tests of controls will provide evidence that access to the data files is limited
except
a. inspecting biometric controls
b. reconciling program version numbers
c. comparing job descriptions with access
privileges stored in the authority table
d. attempting to retrieve unauthorized data via
inference queries
34. Audit objectives for communications controls include all of the following except
a. detection and correction of message loss due to
equipment failure
b. prevention and detection of illegal access to
communication channels
c. procedures that render intercepted messages
useless
d. all of the above
35. In determining whether a system is adequately protected from attacks by computer viruses, all of
the following policies are relevant except
a. the policy on the purchase of software only from
reputable vendors
b. the policy that all software upgrades are checked
for viruses before they are implemented
c. the policy that current versions of antivirus
software should be available to all users
d. the policy that permits users to take files home to
work on them
41. Describe two tests of controls that would provide evidence that the database management system
is protected against unauthorized access attempts.
42. What are the three security objectives of audit trails? Explain.
EXTRA CREDIT