Term
|
Definition
| Two or more interrelated components that interact to achieve a goal, often composed of subsystems that support the larger system. |
|
|
Term
|
Definition
| When a subsystem’s goals are inconsistent with the goals of another subsystem or the system as a whole. |
|
|
Term
|
Definition
| When a subsystem achieves its goals while contributing to the organization’s overall goal. |
|
|
Term
|
Definition
| Facts that are collected, recorded, stored, and processed by a system. |
|
|
Term
|
Definition
| Data that have been organized and processed to provide meaning and improve decision-making. |
|
|
Term
| Information technology (IT) |
|
Definition
| The computers and other electronic devices used to store, retrieve, transmit and manipulate data. |
|
|
Term
|
Definition
| Exceeding the amount of information a human mind can absorb and process, resulting in a decline in decision-making quality and an increase in the cost of providing information. |
|
|
Term
| Data differ from information in which way? |
|
Definition
| Information is output, and data are input |
|
|
Term
| Characteristic that makes information useful |
|
Definition
- It is reliable.
- It is timely.
- It is relevant |
|
|
Term
| What is a primary activity in the value chain? |
|
Definition
|
|
Term
| Which transaction cycle includes interactions between an organization and its suppliers? |
|
Definition
|
|
Term
| A means by which information improves decision making? |
|
Definition
-reduces uncertainty
-provides feedback about the effectiveness of prior decisions
-identifies situations requiring management action |
|
|
Term
| In the value chain concept, upgrading IT is considered what kind of activity? |
|
Definition
| support activity - Technology activities, including investing in IT, are considered a support activity. |
|
|
Term
| In which cycle does a company ship goods to customers? |
|
Definition
| revenue cycle [The revenue cycle involves interactions between an organization and its customers, such as shipping them goods.] |
|
|
Term
| Which of the following is a function of an AIS? |
|
Definition
| transforming data into useful information [This is one of the primary functions of an AIS.] |
|
|
Term
| A firm, its suppliers, and its customers collectively form which of the following? |
|
Definition
| supply chain [The supply chain is made up of the firm, its suppliers, and customers.] |
|
|
Term
| A report telling how well all approved vendors have performed in the prior 12 months is information that is MOST needed in which business process? |
|
Definition
| acquiring inventory [Companies want to acquire inventory from companies that have performed well in the past. A vendor performance report would disclose whether the vendor shipped inventory on time, whether the inventory was of the requested quality, whether the prices were as agreed upon, etc.] |
|
|
Term
|
Definition
| The benefit provided by information less the cost of producing it. |
|
|
Term
|
Definition
| A set of related, coordinated, and structured activities and tasks, performed by a person, a computer, or a machine that help accomplish a specific organizational goal |
|
|
Term
|
Definition
| Process of capturing transaction data, processing it, storing it for later use, and producing information output, such as a managerial report or a financial statement |
|
|
Term
|
Definition
| An agreement between two entities to exchange goods or services, such as selling inventory in exchange for cash; any other event that can be measured in economic terms by an organization. |
|
|
Term
|
Definition
| Transactions that happen a great many times, such as giving up cash to get inventory from a supplier and giving employees a paycheck in exchange for their labor. |
|
|
Term
| five major business processes or transaction cycles: |
|
Definition
| Revenue Cycle, Expenditure Cycle, Production or conversion cycle, HR/payroll cycle and Financing cycle |
|
|
Term
| general ledger and reporting system |
|
Definition
| Information-processing operations involved in updating the general ledger and preparing reports for both management and external parties. |
|
|
Term
| accounting information system |
|
Definition
| A system that collects, records, stores, and processes data to produce information for decision makers. It includes people, procedures and instructions, data, software, information technology infrastructure, and internal controls and security measures. |
|
|
Term
| There are six components of an AIS: |
|
Definition
1. The people who use the system
2. The procedures and instructions used to collect, process, and store data
3. The data about the organization and its business activities
4. The software used to process the data
5. The information technology infrastructure, including the computers, peripheral devices, and network communications devices used in the AIS
6. The internal controls and security measures that safeguard AIS data |
|
|
Term
| These six components enable an AIS to fulfill three important business functions: |
|
Definition
1. Collect and store data about organizational activities, resources, and personnel. Organizations have a number of business processes, such as making a sale or purchasing raw materials, which are repeated frequently.
2. Transform data into information so management can plan, execute, control, and evaluate activities, resources, and personnel.
3. Provide adequate controls to safeguard the organization’s assets and data |
|
|
Term
| A well-designed AIS can add value to an organization by: |
|
Definition
1. Improving the quality and reducing the costs of products or services
2. Improving efficiency
3. Sharing knowledge
4. Improving the efficiency and effectiveness of its supply chain
5. Improving the internal control structure
6. Improving decision making |
|
|
Term
|
Definition
| The use of data warehouses and complex algorithms to forecast future events, based on historical trends and calculated probabilities. |
|
|
Term
|
Definition
| Linking together of all the primary and support activities in a business. Value is added as a product passes through the chain. |
|
|
Term
|
Definition
Value chain activities that produce, market, and deliver products and services to customers and provide post-delivery service and support.
1. Inbound logistics consists of receiving, storing, and distributing the materials an organization uses to create the services and products it sells. For example, an automobile manufacturer receives, handles, and stores steel, glass, and rubber.
2. Operations activities transform inputs into final products or services. For example, assembly line activities convert raw materials into a finished car.
3. Outbound logistics activities distribute finished products or services to customers. An example is shipping automobiles to car dealers.
4. Marketing and sales activities help customers buy the organization’s products or services. Advertising is an example of a marketing and sales activity.
5. Service activities provide post-sale support to customers. Examples include repair and maintenance services. |
|
|
Term
| Support activities allow the five primary activities to be performed efficiently and effectively. They are grouped into four categories: |
|
Definition
Value chain activities such as firm infrastructure, technology, purchasing, and human resources that enable primary activities to be performed efficiently and effectively.
1. Firm infrastructure is the accounting, finance, legal, and general administration activities that allow an organization to function. The AIS is part of the firm infrastructure.
2. Human resources activities include recruiting, hiring, training, and compensating employees.
3. Technology activities improve a product or service. Examples include research and development, investments in IT, and product design.
4. Purchasing activities procure raw materials, supplies, machineries, and the buildings used to carry out the primary activities. |
|
|
Term
|
Definition
| An extended system that includes an organization’s value chain as well as its suppliers, distributors, and customers |
|
|
Term
|
Definition
| The four operations (data input, data storage, data processing, and information output) performed on data to generate meaningful and relevant information. |
|
|
Term
|
Definition
| Documents used to capture transaction data at its source – when the transaction takes place. Examples include sales orders, purchase orders, and employee time cards. |
|
|
Term
|
Definition
| Records of company data sent to an external party and then returned to the system as input. Turnaround documents are in machine-readable form to facilitate their subsequent processing as input records. An example is a utility bill. |
|
|
Term
|
Definition
| The collection of transaction data in machine-readable form at the time and place of origin. Examples are point-of-sale terminals and ATMs. |
|
|
Term
|
Definition
| A ledger that contains summary-level data for every asset, liability, equity, revenue, and expense account of the organization. |
|
|
Term
|
Definition
| A ledger used to record detailed data for a general ledger account with many individual subaccounts, such as accounts receivable, inventory, and accounts payable. |
|
|
Term
|
Definition
| A title given to a general ledger account that summarizes the total amounts recorded in a subsidiary ledger. For example, the accounts receivable control account in the general ledger represents the total amount owed by all customers. The balances in the accounts receivable subsidiary ledger indicate the amount owed by each specific customer. |
|
|
Term
| The following guidelines result in a better coding system. The code should: |
|
Definition
● Be consistent with its intended use, which requires that the code designer determine desired system outputs prior to selecting the code.
● Allow for growth. For example, don’t use a three-digit employee code for a fast-growing company with 950 employees.
● Be as simple as possible to minimize costs, facilitate memorization and interpretation, and ensure employee acceptance.
● Be consistent with the company’s organizational structure and across the company’s divisions |
|
|
Term
|
Definition
| A journal used to record infrequent or nonroutine transactions, such as loan payments and end-of-period adjusting and closing entries. |
|
|
Term
|
Definition
| A journal used to record a large number of repetitive transactions such as credit sales, cash receipts, purchases, and cash disbursements. |
|
|
Term
|
Definition
| A path that allows a transaction to be traced through a data processing system from point of origin to output or backwards from output to point of origin. It is used to check the accuracy and validity of ledger postings and to trace changes in general ledger accounts from their beginning balance to their ending balance. |
|
|
Term
| The four different types of data processing activities, referred to as CRUD, are as follows: |
|
Definition
1. Creating new data records, such as adding a newly hired employee to the payroll database.
2. Reading, retrieving, or viewing existing data.
3. Updating previously stored data. Figure 2-4 depicts the steps required to update an accounts receivable record with a sales transaction. The two records are matched using the account number. The sale amount ($360) is added to the account balance ($1,500) to get a new current balance ($1,860).
4. Deleting data, such as purging the vendor master file of all vendors the company no longer does business with. |
|
|
Term
|
Definition
| Accumulating transaction records into groups or batches for processing at a regular interval such as daily or weekly. The records are usually sorted into some sequence (such as numerically or alphabetically) before processing. |
|
|
Term
| What are the steps in the data processing cycle? |
|
Definition
| data input, data storage and data processing |
|
|
Term
| All of the information (name, GPA, major, etc.) about a particular student is stored in the same ______. |
|
Definition
|
|
Term
| What would contain the total value of all inventory owned by an organization? |
|
Definition
|
|
Term
| What is most likely to be a general ledger control account? |
|
Definition
|
|
Term
| What document is most likely to be used in the expenditure cycle? |
|
Definition
|
|
Term
| What are most likely to be a specialized journal? |
|
Definition
| sales journal, cash receipts journal and cash disbursement journal |
|
|
Term
| How does the chart of accounts list general ledger accounts? |
|
Definition
| the order in which they appear in financial statements |
|
|
Term
| Records of company data sent to an external party and then returned to the system as input are called ______. |
|
Definition
|
|
Term
| Recording and processing information about a transaction at the time it takes place is referred to as .... |
|
Definition
| online, real-time processing |
|
|
Term
| Flowcharting symbols are divided into four categories, |
|
Definition
1. Input/output symbols show input to or output from a system.
2. Processing symbols show data processing, either electronically or by hand.
3. Storage symbols show where data is stored.
4. Flow and miscellaneous symbols indicate the flow of data, where flowcharts begin or end, where decisions are made, and how to add explanatory notes to flowcharts. |
|
|
Term
| internal control flowchart |
|
Definition
| Used to describe, analyze, and evaluate internal controls, including identifying system strengths, weaknesses, and inefficiencies. |
|
|
Term
| A DFD is a representation of |
|
Definition
| flow of data in an organization |
|
|
Term
| Documentation methods such as DFDs, BPDs, and flowcharts save both time and money, adding value to an organization. |
|
Definition
| True -A picture is worth a thousand words: Many people learn more and learn it more quickly by studying the DFD, BPD, or flowchart of a system than by reading a narrative description of the same system |
|
|
Term
| A document flowchart emphasizes the flow of documents or records containing data |
|
Definition
| True: The reason it is called a document flowchart is that it shows the flow of documents or records containing data |
|
|
Term
| DFDs help convey the timing of events |
|
Definition
| True: DFDs show data movement, but not necessarily the timing of the movement |
|
|
Term
| A DFD consists of the following four basic elements: data sources and destinations, data flows, transformation processes, and data stores. Each is represented on a DFD by a different symbol. |
|
Definition
The four elements of DFDs are
Square: Data sources and destinations
Arrow: Data flows
Circle: Transformation processes
Equal sign: Data stores
Triangle/hazard sign: Internal control |
|
|
Term
| All of the following are guidelines that should be followed in naming DFD data elements |
|
Definition
-Process names should include action verbs such as update, edit, prepare, and record.
-Data element names should reflect what is known about the element
-Active and descriptive names should be used in naming data elements |
|
|
Term
| The documentation skills that accountants require vary with their job function. However, all accountants should at least be able to do which of the following? |
|
Definition
| Read documentation to determine how the system works. [All accountants should at least be able to read and understand system documentation. |
|
|
Term
| A flowchart is an analytical technique used to |
|
Definition
| describe some aspect of an information system in a clear, concise, and logical manner |
|
|
Term
| Flowcharts use a standard set of symbols to |
|
Definition
| describe pictorially the flow of documents and data through a system |
|
|
Term
| Flowcharts are easy to prepare and revise when the designer... |
|
Definition
| utilizes a flow-charting software package. [There are a number of good flow-charting software packages that make it easy to draw and modify flowcharts.] |
|
|
Term
| What flowchart illustrates the flow of data among areas of responsibility in an organization? |
|
Definition
| document flowchart [A document flowchart traces the life of a document from its cradle to its grave as it works its way through the areas of responsibility within an organization.] |
|
|
Term
| All of the following are recommended guidelines for making flowcharts more readable, clear, concise, consistent, and understandable |
|
Definition
-Divide a document flowchart into columns with labels.
-Design the flowchart so that flow proceeds from top to bottom and from left to right.
-Show the final disposition of all documents to prevent loose ends that leave the reader dangling. |
|
|
Term
| How are data sources and destinations represented in a data flow diagram? |
|
Definition
|
|
Term
| The relational data model portrays data as being stored in __________. |
|
Definition
| tables (The relational data model portrays data as being stored in a table or relation format.) |
|
|
Term
| How a user conceptually organizes and understands data is referred to as the __________ |
|
Definition
| logical view (The logical view shows how a user conceptually organizes and understands data.) |
|
|
Term
| What is each row in a relational database table called? |
|
Definition
| tuple (A tuple is also called a row in a relational database.) |
|
|
Term
| What is an individual user’s view of the database? |
|
Definition
| external-level schema (The external-level schema represents an individual user’s view of the database |
|
|
Term
| What would managers most likely use to retrieve information about sales during the month of October? |
|
Definition
| DQL (DQL—data query language—is used to retrieve information from a database.) |
|
|
Term
| What attributes would most likely be a primary key? |
|
Definition
| supplier number (A unique number can be assigned as a primary key for each entity.) |
|
|
Term
| What is a software program that runs a database system? |
|
Definition
| DBMS (A DBMS—database management system—is a software program that acts as an interface between a database and various application programs.) |
|
|
Term
| The constraint that all foreign keys must have either null values or the value of a primary key in another table is referred to as which of the following? |
|
Definition
| referential integrity rule (The referential integrity rule stipulates that foreign keys must have values that correspond to the value of a primary key in another table or be empty.) |
|
|
Term
| What attributes in the Cash Receipts table (representing payments received from customers) would most likely be a foreign key? |
|
Definition
| customer number (Customer number would be a foreign key in the Cash Receipts table and would link the Cash Receipts table to the Customer Table.) |
|
|
Term
| Internal controls perform three important functions: |
|
Definition
Preventative controls
Detective controls
Corrective controls |
|
|
Term
| Internal controls are often segregated into two categories: |
|
Definition
| General controls and Application controls |
|
|
Term
| COBIT 5 is based on the following five key principles of IT governance and management |
|
Definition
1. Meeting stakeholders needs
2. Covering the enterprise end-to-end
3. Applying a single, integrated framework
4. Enabling a holistic approach
5. Separating governance from management |
|
|
Term
| COBIT 5: The 32 management processes are broken down into the following four domains: |
|
Definition
1. Align, plan, and organize (APO)
2. Build, acquire, and implement (BAI)
3. Deliver, service, and support (DSS)
4. Monitor, evaluate, and assess (MEA) |
|
|
Term
| Enterprise Risk Management—Integrated Framework (ERM) |
|
Definition
| A COSO framework that improves the risk management process by expanding (adds three additional elements) COSO’s Internal Control—Integrated. |
|
|
Term
| The basic principles behind ERM are |
|
Definition
● Companies are formed to create value for their owners.
● Management must decide how much uncertainty it will accept as it creates value.
● Uncertainty results in risk, which is the possibility that something negatively affects the company’s ability to create or preserve value.
● Uncertainty results in opportunity, which is the possibility that something positively affects the company’s ability to create or preserve value.
● The ERM framework can manage uncertainty as well as create and preserve value. |
|
|
Term
| An internal environment consists of the following: |
|
Definition
1. Management’s philosophy, operating style, and risk appetite
2. Commitment to integrity, ethical values, and competence
3. Internal control oversight by the board of directors
4. Organizational structure
5. Methods of assigning authority and responsibility
6. Human resource standards that attract, develop, and retain competent individuals
7. External influences |
|
|
Term
|
Definition
| Impact × Likelihood The value of a control procedure is the difference between the expected loss with the control procedure(s) and the expected loss without it. |
|
|
Term
| Control procedures fall into the following categories: |
|
Definition
1. Proper authorization of transactions and activities
2. Segregation of duties
3. Project development and acquisition controls
4. Change management controls
5. Design and use of documents and records
6. Safeguarding assets, records, and data
7. Independent checks on performance |
|
|
Term
| The updated IC framework specifies that the following three principles apply to the information and communication process: |
|
Definition
1. Obtain or generate relevant, high-quality information to support internal control
2. Internally communicate the information, including objectives and responsibilities, necessary to support the other components of internal control
3. Communicate relevant internal control matters to external parties |
|
|
Term
| COSO’s internal control integrated framework has been widely accepted as the authority on internal controls. |
|
Definition
| The internal control integrated framework is the accepted authority on internal controls and is incorporated into policies, rules, and regulations that are used to control business activities |
|
|
Term
| All other things being equal, this is true regarding preventive and detective controls |
|
Definition
| Preventive controls are superior to detective controls |
|
|
Term
| To achieve effective segregation of duties, certain functions must be separated. what is the correct listing of the accounting-related functions that must be segregated? |
|
Definition
| authorization, recording, and custody |
|
|
Term
| Examples of independent checks |
|
Definition
-Bank reconciliation
-Periodic comparison of subsidiary ledger totals to control accounts
-Trial balance-top level analytical review |
|
|
Term
| What is a control procedure relating to both the design and the use of documents and records? |
|
Definition
| sequentially prenumbering sales invoices (Designing documents so that they are sequentially prenumbered and then using them in order is a control procedure relating to both the design and the use of documents.) |
|
|
Term
| What is the correct order of the risk assessment steps? |
|
Definition
| Identify threats, estimate risk and exposure, identify controls, and estimate costs and benefits. |
|
|
Term
| The Trust Services Framework organizes IT-related controls into five principles that jointly contribute to systems reliability: |
|
Definition
1. Security—access (both physical and logical) to the system and its data is controlled and restricted to legitimate users.
2. Confidentiality—sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure.
3. Privacy—personal information about customers, employees, suppliers, or business partners is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure.
4. Processing Integrity—data are processed accurately, completely, in a timely manner, and only with proper authorization.
5. Availability—the system and its information are available to meet operational and contractual obligations. |
|
|
Term
| time-based model of security |
|
Definition
| Implementing a combination of preventive, detective and corrective controls that protect information assets long enough to enable an organization to recognize that an attack is occurring and take steps to thwart it before any information is lost or compromised. |
|
|
Term
|
Definition
| P = the time it takes an attacker to break through the organization’s preventive controls D = the time it takes to detect that an attack is in progress C = the time it takes to respond to the attack and take corrective action |
|
|
Term
|
Definition
| then the organization’s security procedures are effective. Otherwise, security is ineffective. |
|
|
Term
| What is a preventive control? |
|
Definition
| training (Training is designed to prevent employees from falling victim to social engineering attacks and unsafe practices such as clicking on links embedded in e-mail from unknown sources.) |
|
|
Term
| The control procedure designed to restrict what portions of an information system an employee can access and what actions he or she can perform is called ________. |
|
Definition
| authorization (Authorization is the process of controlling what actions—read, write, delete, etc.—a user is permitted to perform.) |
|
|
Term
| A weakness that an attacker can take advantage of to either disable or take control of a system is called a(n) ________. |
|
Definition
| vulnerability (A vulnerability is any weakness that can be used to disable or take control of a system.) |
|
|
Term
| What is a corrective control designed to fix vulnerabilities? |
|
Definition
| patch management (Patch management involves replacing flawed code that represents a vulnerability with corrected code, called a patch.) |
|
|
Term
| What is a detective control? |
|
Definition
| penetration testing (Penetration testing is a detective control designed to identify how long it takes to exploit a vulnerability.) |
|
|
Term
| Change controls are necessary to |
|
Definition
| maintain adequate segregation of duties. |
|
|
Term
| Changes should be tested in a system... |
|
Definition
| separate from the one used to process transactions |
|
|
Term
| “Emergency” changes need to be documented... |
|
Definition
| once the problem is resolved |
|
|
Term
| What techniques is the most effective way for a firewall to protect the perimeter? |
|
Definition
| deep packet inspection (Deep packet inspection examines the contents of the data in the body of the IP packet, not just the information in the packet header. This is the best way to catch malicious code.) |
|
|
Term
| What combinations of credentials is an example of multifactor authentication? |
|
Definition
| a PIN and an ATM card (The PIN is something a person knows, the ATM card is something the person has.) |
|
|
Term
| Difficulties accountants have experienced using the traditional systems development life cycle? |
|
Definition
-AIS development projects are backlogged for years.
-Changes are usually not possible after requirements have been frozen
-The AIS that is developed may not meet their needs |
|
|
Term
| Companies that buy rather than develop an AIS must still go through the systems development life cycle. |
|
Definition
| True [Purchasing a system still requires a company to follow the systems development life cycle of analyzing, designing (conceptual and physical), and implementing a new system. Otherwise, the company risks not purchasing the right system for its needs.] |
|
|
Term
| As a general rule, companies should buy rather than develop software if they can |
|
Definition
| find a package that meets their needs |
|
|
Term
| Companies can hope to find a package ____ that meets their needs |
|
Definition
| there is a greater likelihood that canned software can be found that meets user needs. |
|
|
Term
| A company should not attempt to develop its own custom software unless |
|
Definition
| experienced, in-house programming personnel are available and the job can be completed less expensively on the inside |
|
|
Term
| As a general rule, a company should develop custom software |
|
Definition
| only when it will provide a significant competitive advantage. |
|
|
Term
| When a company is buying large and complex systems, vendors are invited to submit systems for consideration. What is such a solicitation called? |
|
Definition
|
|
Term
| To compare system performance, a company can create a data processing task with input, processing, and output jobs. This task is performed on the systems under consideration and the processing times are compared. The AIS with the lowest time is the most efficient. What is this process called? |
|
Definition
|
|
Term
| what is NOT a benefit of outsourcing |
|
Definition
| It offers a great deal of flexibility because it is relatively easy to change outsourcers |
|
|
Term
| What is a true statement with respect to prototyping |
|
Definition
In the early stages of prototyping, system controls and exception handling may be sacrificed in the interests of simplicity, flexibility, and ease of use.
A prototype is a scaled-down, first-draft model that is quickly and inexpensively built and given to users to evaluate.
The first step in prototyping is to identify system requirements. |
|
|
Term
| What is NOT an advantage of prototyping? |
|
Definition
| adequately tested and documented systems |
|
|
Term
| What are two traits of useful information? |
|
Definition
| Accessibility & Reliability |
|
|
Term
| Businesses must pay a variety of taxes. |
|
Definition
Sales tax-Point-of-purchase rate tables
Payroll tax-Total wage expense
Sales tax-Total sales |
|
|
Term
| Which events are part of the revenue cycle? |
|
Definition
| Taking orders from customers, shipping finished goods, and depositing payments in the bank |
|
|
Term
| Which three actions are part of the revenue cycle? |
|
Definition
Receiving and answering customer inquires
Approving credit sales of finished goods
Initiating back orders for finished goods that are out of stock |
|
|
Term
| In which two ways does an accounting information system (AIS) safeguard assets? |
|
Definition
By requiring a correct password to be entered to access the company network
By providing tools to alert managers when an unauthorized user attempts to use assets |
|
|
Term
| Improves the effectiveness of the supply chain |
|
Definition
| A function that informs a supervisor when manufacturing production performance falls below standards |
|
|
Term
| Improves the internal control structure |
|
Definition
| A function that checks payroll entries for mistakes that would cause overpayment or underpayment of employees |
|
|
Term
| Improves the quality and reduces the costs of products or services |
|
Definition
| A function that provides up-to-the-minute information about inventory items that are low in stock |
|
|
Term
| A patio furniture store uses its accounting information system to allow salespeople to check the inventory level of an item at the main warehouse. |
|
Definition
| By improving knowledge sharing |
|
|
Term
| How can an accounting information system be used for the value chain activity of operations? |
|
Definition
| By transforming inputs into final products or services |
|
|
Term
| Which step in the data processing cycle relies on coding techniques, such as sequence codes and block codes, to organize data in ledgers? |
|
Definition
|
|
Term
| Which action improves data accuracy during the data input process? |
|
Definition
| Using pre-numbered source data |
|
|
Term
| Which two methods improve the accuracy and completeness of data that is entered into an accounting information system (AIS)? |
|
Definition
Using pull-down menus on the data input screen
Using point-of-sale scanners to capture machine-readable data |
|
|
Term
| How does an audit trail work in an accounting information system? |
|
Definition
| By capturing a transaction’s path through the data processing system |
|
|
Term
| Which two guidelines result in a better coding system for storing data in an accounting information system (AIS)? |
|
Definition
The coding system should be consistent with the company’s organizational structure.
The coding system should take into consideration expected company growth. |
|
|
Term
| Which two activities occur during the accounts receivable file updating process? |
|
Definition
Adding a transaction amount to a customer’s account balance
Comparing the customer’s new balance to the customer’s credit limit |
|
|
Term
| Which type of accounting information system (AIS) output is a gross margin analysis by product line? |
|
Definition
|
|
Term
| Which action is a function of an enterprise resource planning (ERP) system? |
|
Definition
| Integrating a company’s business processes with a traditional accounting information system |
|
|
Term
| Which two tasks are part of the process of auditing computer-based information systems? |
|
Definition
Evaluating evidence in a systematic manner
Providing recommendations for improvement |
|
|
Term
| Which task do information systems auditors perform when they audit transaction processing? |
|
Definition
| Testing the accuracy of data edit routines |
|
|
Term
| Which two issues do information systems auditors look for when they audit security provisions? |
|
Definition
Proper procedures for assigning user IDs
Effective use of data encryption |
|
|
Term
| What are two advantages of purchasing or renting an accounting information system (AIS)? |
|
Definition
The company can test-drive the system.
Software upgrades are automated. |
|
|
Term
| What is a benefit of a well-designed computer input screen? |
|
Definition
| It reduces data entry errors and omissions |
|
|
Term
| Which task is part of the selecting and training personnel step of implementing an accounting information system (AIS)? |
|
Definition
| Experimenting with the new system in a controlled environment |
|
|
Term
| Which two recommendations are included in a post-implementation review report? |
|
Definition
Improvements to the new system
Improvements to the development process |
|
|
Term
| Why is system documentation created? |
|
Definition
| To help during transitions of information technology employees |
|
|
Term
| Which tool shows the flow of bills of lading and packing slips between the shipping department and the accounts receivable department? |
|
Definition
|
|
Term
| Which tool is useful when analyzing internal control procedures? |
|
Definition
|
|
Term
| How is cross-functional analysis a database benefit? |
|
Definition
| It allows data relationships to be defined so that management reports can be easily prepared |
|
|
Term
A database contains data that can be used by many authorized users.
Which benefit of a database does this example describe? |
|
Definition
|
|
Term
| What is the difference between a conceptual-level schema and an internal-level schema? |
|
Definition
| A conceptual-level schema is a high-level view of the entire database, and an internal-level schema is a low-level, more detailed view of the database. |
|
|
Term
| What is the difference between a primary key and a foreign key in a database? |
|
Definition
| A primary key uniquely identifies a specific row in a table, whereas a foreign key is a primary key in another table and is used to link the two tables. |
|
|
Term
| How can information sharing between customers and suppliers contribute to information system failures? |
|
Definition
| Customers and suppliers having access to each other’s systems and data can lead to breaches in confidentiality. |
|
|
Term
| Why is data in an Internet-based system sometimes not protected as well as data in a centralized computer system? |
|
Definition
| Companies fail to completely understand the control and protection implications of moving to an Internet-based system. |
|
|
Term
| Which two types of functions do internal controls provide? |
|
Definition
Detective
Corrective
Prevenative |
|
|
Term
| What is the function of a corrective control? |
|
Definition
| To remedy problems after they occur in an information system |
|
|
Term
| COSO’s enterprise risk management framework |
|
Definition
| It uses a three-dimensional model. |
|
|
Term
| COSO’s internal control framework |
|
Definition
| It contains only five components. |
|
|
Term
|
Definition
| It consolidates control standards from 36 sources into a single framework |
|
|
Term
When employees start working at a company, they are given a formal job description and a policy and procedures manual. The manual includes the company’s vision statement and code of conduct and explains the expected business practices and procedures used at the company. The job description and manual communicate components of this company’s internal environment.
Which two components do they communicate? |
|
Definition
Methods of assigning authority and responsibility
Commitment to integrity, ethical values, and competence |
|
|
Term
| What is an inherent risk? |
|
Definition
| A risk that exists before internal controls are instated |
|
|
Term
| What are cost-effective controls? |
|
Definition
| Controls that offer a higher risk reduction benefit than the controls cost |
|
|
Term
| What is the formula to calculate expected loss? |
|
Definition
|
|
Term
A company has a policy that all purchase orders $100,000 or greater be approved by the controller prior to being entered into the accounting system.
Which category does this control procedure relate to? |
|
Definition
| Proper authorization of transactions and activities |
|
|
Term
| Which 6 tools are project development and acquisition controls? |
|
Definition
1. Steering committee
2. A strategic master plan
3. Project development plan
4. data processing schedule
5. System performance measurements
6. Post implementation review |
|
|
Term
| What is one purpose of the COBIT framework? |
|
Definition
| To provide assurance that data produced by an information system is reliable |
|
|
Term
| Which action is an example of a social engineering technique? |
|
Definition
| Calling a newly hired assistant and pretending to be an employee who needs help obtaining files |
|
|
Term
| Which step does an attacker perform when conducting research for the purpose of penetrating an information system? |
|
Definition
| Finds out the vulnerabilities of the software that the company is using |
|
|
Term
| What does an attacker do when scanning and mapping a target information system? |
|
Definition
| Identifies computers that can be remotely accessed |
|
|
Term
| Which tool is an example of a preventive information security control? |
|
Definition
|
|
Term
| Which preventive control is designed to stop an attacker from installing a hardware-based keystroke logging device on a computer? |
|
Definition
| A physical access control |
|
|
Term
| Which tool is used to identify system vulnerabilities? |
|
Definition
|
|
Term
| Which two security controls detect intrusions? |
|
Definition
Log analysis
Security testing |
|
|
Term
A company has a procedure that installs updates to all of its security programs and operating systems on a monthly basis.
Which type of corrective control does this scenario describe? |
|
Definition
|
|
Term
| Who designs and implements procedures that prevent attackers from penetrating a company’s accounting information system (AIS)? |
|
Definition
| The chief information security officer |
|
|
Term
| What is the purpose of information rights management (IRM) software? |
|
Definition
| It controls access to sensitive data. |
|
|
Term
|
Definition
| Unauthorized use of someone’s personal information for the perpetrator’s benefit |
|
|
Term
| What is the process of data encryption? |
|
Definition
| Transforming plain text into gibberish |
|
|
Term
| Which type of processing integrity control includes using turnaround documents? |
|
Definition
|
|
Term
A company’s cash clearing account is debited for the gross value of the weekly accounts payable check run. The cash clearing account is then credited as each amount is allocated to the correct expense account. The cash clearing account should have a zero balance after both sets of entries have been made.
Which type of IT control is employed in this scenario? |
|
Definition
|
|
Term
| Which activity in the revenue cycle involves picking and packing a customer order? |
|
Definition
|
|
Term
| Which action does a company take during the customer order process in the revenue cycle? |
|
Definition
| It checks and approves customer credit. |
|
|
Term
| Which activity in the expenditure cycle has the threat of discrepancies between the quoted price and the actual price charged? |
|
Definition
| Approving supplier invoices |
|
|
Term
| During which step in the expenditure cycle could an incorrect posting to accounts payable occur? |
|
Definition
| Approving supplier invoices |
|
|
Term
A company changes to a lean manufacturing process to minimize inventories in the manufacturing plant.
Which activity of the production cycle will this impact the most? |
|
Definition
|
|
Term
| What three objectives of cost accounting? |
|
Definition
1. Providing product data to be used for making pricing decisions
2. Collecting information to calculate the cost of goods sold
3. Provide info for planning control and evaluating performance of production objectives |
|
|
Term
| Which activities are part of the human resources management (HRM)/payroll cycle? |
|
Definition
1.Tracking the job assignments of each employee at a company
2. Recruiting/hiring
3. Training
4. Compensation/payroll
5. Performance Evaluations
6. Discharge |
|
|
Term
| Which threat applies to the human resources management (HRM)/payroll cycle? |
|
Definition
| Disclosing confidential salary information |
|
|
Term
| Which two steps are part of the human resources management (HRM)/payroll cycle? |
|
Definition
Adding new employees to the master database
Recording rate changes for employees who have received raises |
|
|
Term
| Which threat to the payroll process applies to the disbursement of payroll? |
|
Definition
| Wages being issued to a fictitious employee |
|
|
Term
| Which control is applied to the payroll preparation step of the payroll cycle? |
|
Definition
| Comparing hash totals of employee numbers |
|
|
Term
| Preventative IT solutions: |
|
Definition
Antimalware controls
Network access controls
Device and software hardening controls
Encryption |
|
|
Term
| How to mitigate risk of attack |
|
Definition
Preventative controls:
People, process, IT solutions, physical security, and change controls and change management
Detective controls:
Log analysis
Intrusion detection systems
Penetration testing
Continuous monitoring |
|
|
Term
| Business process diagram basic symbols |
|
Definition
Circle-start/begining
Bold Circle-End
Rounded rectangle-Activity in process
Diamond-Decision
Arrow-flow
Broken arrow-annotation information |
|
|
