Excellent knowledge of financial analysis and general accounting practice

Excellent computer, multi-tasking, and job prioritizing skills

Strong written and verbal communication and interpersonal skills
Excellent research, reporting, and organizational skills
Fair financial acumen and business skills
Self-motivated with ability to work in a fast-paced environment
o obtain a finance intern position with Perfect e-Solutions, and provide
support to the technical team in various projects and conduct financial
analysis.

RF9RN-VBTPR-R2HCF-MPCBJ-WB4W8Chapter 8Financial Reporting, and

Management Reporting Systems

MULTIPLE CHOICE

1. Which of the following is not a report attribute needed to make a report effective?
a. relevance
b. accuracy
c. detailed
d. exception orientation

2. XBRL
a. is the basic protocol that permits
communication between Internet sites.
b. controls Web browsers that access the Web.
c. is the document format used to produce Web
pages.
d. was designed to provide the financial
community with a standardized method for
preparing financial and business information
e. is a low-level encryption scheme used to
secure transmissions in higher-level (HTTP)
format.

3. An XBRL taxonomy:
a. is the document format used to produce web
pages.
b. is the final product (report).
c. is a classification scheme.
 d. is a tag stored in each database record.
e. none of the above is true.

4. All of the following are elements of problem structure except

a. certainty
b. data
c. procedures
d. objectives

5. A fundamental principle of responsibility accounting is that

a. managers are accountable only for items
they control
b. a managers span of control should not
exceed eight people
c. structured reports should be prepared weekly

d. the information flow is in one direction, top-

down

SHORT ANSWER
6. Contrast the four decision types, strategic planning, tactical planning, management
control and operational control, by the five decision characteristics, time frame, scope,
level of details, recurrence, nature of the problem as structured or unstructured and
certainty (3 points).

Time Scope Detail Level Recurrence Structured Certainty

Frame or
Unstructur
ed
Problems
Strategic
Planning
Tactical
Planning
Mgmt
Control
Operationa
l Control

Chapter 9Database Management Systems

MULTIPLE CHOICE
7. Which characteristic is associated with the database approach to data management?
a. data sharing
b. multiple storage procedures
c. data redundancy
d. excessive storage costs

8. The data definition language

a. identifies, for the database management system,
the names and relationships of all data elements,
records, and files that comprise the database
b. inserts database commands into application
programs to enable standard programs to interact
with and manipulate the database
c. permits users to process data in the database
without the need for conventional programs
d. describes every data element in the database
9. In the relational database model all of the following are true except
a. data is presented to users as tables
b. data can be extracted from specified rows from
specified tables
c. a new table can be built by joining two tables
d. only one-to-many relationships can be supported
10. Which of the following is a level of the database that is defined by the data definition language?
a. user view
b. schema
c. internal view
d. all are levels or views of the database
11. A table is in third normal form when it is
a. free of repeating group data
b. free of transitive dependencies
c. free of partial dependencies
d. free of deletion anomalies
e. none of the above
SHORT ANSWER

12. Explain the three types of anomalies associated with database tables that have not been
normalized.

Chapter 15IT Controls Part I: Sarbanes-Oxley and IT Governance

MULTIPLE CHOICE
13. In a computer-based information system, which of the following duties needs to be separated?
a. program coding from program operations
b. program operations from program maintenance
c. program maintenance from program coding
d. all of the above duties should be separated

14. Which of the following is NOT a requirement in managements report on the effectiveness of
internal controls over financial reporting?
a. A statement of managements responsibility for
establishing and maintaining adequate internal
control user satisfaction.
b. A statement that the organizations internal
auditors has issued an attestation report on
managements assessment of the companys
internal controls.
c. A statement identifying the framework used by
management to conduct their assessment of
internal controls.
d. An explicit written conclusion as to the
effectiveness of internal control over financial
reporting.
15. Systems development is separated from data processing activities because failure to do so
a. weakens database access security
b. allows programmers access to make
unauthorized changes to applications during
execution
c. results in inadequate documentation
d. results in master files being inadvertently erased
16. All of the following are control risks associated with the distributed data processing structure
except
a. lack of separation of duties
b. system incompatibilities
c. system interdependency
d. lack of documentation standards
17. A cold site backup approach is also known as
a. internally provided backup
b. recovery operations center
c. empty shell
d. mutual aid pact

18. The major disadvantage of an empty shell solution as a second site backup is
a. the host site may be unwilling to disrupt its
processing needs to process the critical
applications of the disaster stricken company
b. intense competition for shell resources during a
 widespread disaster
c. maintenance of excess hardware capacity
d. the control of the shell site is an administrative
drain on the company
19. All of the following are recommended features of a fire protection system for a computer center
except
a. clearly marked exits
b. an elaborate water sprinkler system
c. manual fire extinguishers in strategic locations
d. automatic and manual alarms in strategic
locations
20. Which statement is not true?
a. Auditors must maintain independence.
b. IT auditors attest to the integrity of the computer
system.
c. IT auditing is independent of the general
financial audit.
d. IT auditing can be performed by both external
and internal auditors.
21. All of the following are components of audit risk except
a. control risk
b. legal risk
c. detection risk
d. inherent risk
22. Which of the following is not a generally accepted auditing standard general standard?
a. The auditor must have adequate technical
training and proficiency.
b. The auditor must obtain sufficient, competent
evidence.
c. The auditor must have independence of mental
attitude.
d. All of the above are generally accepted auditing
standard general standards.
23. Operations fraud includes
a. altering program logic to cause the application to
process data incorrectly
b. misusing the firms computer resources
c. destroying or corrupting a programs logic using
a computer virus
d. creating illegal programs that can access data
files to alter, delete, or insert values
24. Which of the following is not true?
a. Management may outsource their organizations IT functions, but they cannot outsource their
management responsibilities for internal control.
b. Section 404 requires the explicit testing of outsourced controls.
 c. The SAS 70 report, which is prepared by the outsourcers auditor, attests to the adequacy of
the vendors internal controls.
d. Auditors issue two types of SAS 70 reports: SAS 70 Type I report and SAS 70 Type II report.

SHORT ANSWER

25. Describe the two broad groupings of information system controls COSO identifies.

26. List three pairs of system functions that should be separated in the centralized computer services
organization. Describe a risk exposure if the functions are not separated.

Functions to Separate Risk Exposure

separate systems development from data
processing operations
separate database administrator from
systems
development__________________________
unauthorized changes to application
programs during execution
unauthorized access to database
files__________________________

separate new systems development from writing fraudulent code and keeping it
systems maintenance concealed during
maintenance__________________________

separate data library from computer loss of files or erasing current

operations files__________________________

27. Explain the relationship between internal controls and substantive testing.

Chapter 16IT Controls Part II: Security and Access

MULTIPLE CHOICE

28. Audit trails cannot be used to

a. detect unauthorized access to systems
b. facilitate reconstruction of events
c. reduce the need for other forms of security
d. promote personal accountability

29. Which method will render useless data captured by unauthorized receivers?
a. echo check
b. parity bit
c. public key encryption
d. message sequencing

30. All of the following techniques are used to validate electronic data interchange transactions
except
a. value added networks can compare passwords to
a valid customer file before message
 transmission
b. prior to converting the message, the translation
software of the receiving company can compare
the password against a validation file in the
firm's database
c. the recipient's application software can validate
the password prior to processing
d. the recipient's application software can validate
the password after the transaction has been
processed

31. All of the following tests of controls will provide evidence that adequate computer virus control
techniques are in place and functioning except
a. verifying that only authorized software is used
on company computers
b. reviewing system maintenance records
c. confirming that antivirus software is in use
d. examining the password policy including a
review of the authority table

32. Audit objectives for the database management system include all of the following except
a. verifying that the security group monitors and
reports on fault tolerance violations
b. confirming that backup procedures are adequate
c. ensuring that authorized users access only those
files they need to perform their duties
d. verifying that unauthorized users cannot access
data files

33. All of the following tests of controls will provide evidence that access to the data files is limited
except
a. inspecting biometric controls
b. reconciling program version numbers
c. comparing job descriptions with access
privileges stored in the authority table
d. attempting to retrieve unauthorized data via
inference queries

34. Audit objectives for communications controls include all of the following except
a. detection and correction of message loss due to
equipment failure
b. prevention and detection of illegal access to
communication channels
c. procedures that render intercepted messages
useless
d. all of the above
35. In determining whether a system is adequately protected from attacks by computer viruses, all of
the following policies are relevant except
a. the policy on the purchase of software only from
reputable vendors
b. the policy that all software upgrades are checked
for viruses before they are implemented
c. the policy that current versions of antivirus
software should be available to all users
d. the policy that permits users to take files home to
work on them

36. Which of the following is not a test of access controls?

a. biometric controls
b. encryption controls
c. backup controls
d. inference controls

37. In an electronic data interchange environment, the audit trail

a. is a printout of all incoming and outgoing
transactions
b. is an electronic log of all transactions received,
translated, and processed by the system
c. is a computer resource authority table
d. consists of pointers and indexes within the
database

38. Firewalls are:

a. special materials used to insulate computer
facilities
b. a system that enforces access control between
two networks
c. special software used to screen Internet access
d. none of the above

39. Which of the following is true?

a. Deep Packet Inspection uses a variety of
analytical and statistical techniques to evaluate
the contents of message packets.
b. An Intrusion prevention system works in parallel
with a firewall at the perimeter of the network to
act as a filer that removes malicious packets
from the flow before they can affect servers and
networks.
c. A distributed denial of service attack is so named
because it is capable of attacking many victims
simultaneously who are distributed across the
internet.
d. None of the above are true statements.
 SHORT ANSWER

40. List three methods of controlling unauthorized access to telecommunication messages.

41. Describe two tests of controls that would provide evidence that the database management system
is protected against unauthorized access attempts.

42. What are the three security objectives of audit trails? Explain.
EXTRA CREDIT

1. What have you learned from this class? (2 points)

2. SUMPRODUCT can be used instead of what command? (2 points) SUMIFS
3. What kind of car does my wife drive? (1 point)