Accounting Information Systems, 12E Marshall B. Romney – Test Bank

$20.00

Category:

Description

INSTANT DOWNLOAD WITH ANSWERS

Accounting Information Systems, 12E Marshall B. Romney – Test Bank

Accounting Information Systems, 12e (Romney/Steinbart)

Chapter 6   Computer Fraud and Abuse Techniques

 

1) Wally Hewitt maintains an online brokerage account. In early March, Wally received an email from the firm that explained that there had been a computer error and that provided a phone number so that Wally could verify his customer information. When he called, a recording asked that he enter the code from the email, his account number, and his social security number. After he did so, he was told that he would be connected with a customer service representative, but the connection was terminated. He contacted the brokerage company and was informed that they had not sent the email. Wally was a victim of

  1. A) Bluesnarfing.
  2. B) splogging.
  3. C) vishing.
  4. D) typosquatting.

 

 

 

 

 

 

2) When a computer criminal gains access to a system by searching records or the trash of the target company, this is referred to as

  1. A) data diddling.
  2. B) dumpster diving.
  3. C) eavesdropping.
  4. D) piggybacking.

 

 

 

 

 

 

3) Jerry Schneider was able to amass operating manuals and enough technical data to steal $1 million of electronic equipment by

  1. A) scavenging.
  2. B) skimming.
  3. C) Internet auction fraud.
  4. D) cyber extortion.

 

 

4) A part of a program that remains idle until some date or event occurs and then is activated to cause havoc in the system is a

  1. A) trap door.
  2. B) data diddle.
  3. C) logic bomb.
  4. D) virus.

 

 

 

 

 

 

5) The unauthorized copying of company data is known as

  1. A) data leakage.
  2. B) eavesdropping.
  3. C) masquerading.
  4. D) phishing.

 

 

 

 

 

 

6) Computer fraud perpetrators who use telephone lines to commit fraud and other illegal acts are typically called

  1. A) hackers.
  2. B) crackers.
  3. C) phreakers.
  4. D) jerks.

 

 

 

 

 

7) What is a denial of service attack?

  1. A) A denial of service attack occurs when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider’s e-mail server.
  2. B) A denial of service attack occurs when an e-mail message is sent through a re-mailer, who removes the message headers making the message anonymous, then resends the message to selected addresses.
  3. C) A denial of service attack occurs when a cracker enters a system through an idle modem, captures the PC attached to the modem, and then gains access to the network to which it is connected.
  4. D) A denial of service attack occurs when the perpetrator e-mails the same message to everyone on one or more Usenet newsgroups LISTSERV lists.

 

 

 

 

 

 

8) Gaining control of someone else’s computer to carry out illicit activities without the owner’s knowledge is known as

  1. A) hacking.
  2. B) hijacking.
  3. C) phreaking.
  4. D) sniffings.

 

 

 

 

 

 

9) Illegally obtaining and using confidential information about a person for economic gain is known as

  1. A) eavesdropping.
  2. B) identity theft.
  3. C) packet sniffing.
  4. D) piggybacking.

 

 

 

 

 

10) Tapping into a communications line and then entering the system by accompanying a legitimate user without their knowledge is called

  1. A) superzapping.
  2. B) data leakage.
  3. C) hacking.
  4. D) piggybacking.

 

 

 

 

 

 

11) Which of the following is not a method of identify theft?

  1. A) Scavenging
  2. B) Phishing
  3. C) Shoulder surfing
  4. D) Phreaking

 

12) Which method of fraud is physical in its nature rather than electronic?

  1. A) cracking
  2. B) hacking
  3. C) eavesdropping
  4. D) scavenging

 

 

 

 

 

 

13) Which of the following is the easiest method for a computer criminal to steal output without ever being on the premises?

  1. A) dumpster diving
  2. B) by use of a Trojan horse
  3. C) using a telescope to peer at paper reports
  4. D) electronic eavesdropping on computer monitors

 

 

 

 

 

14) The deceptive method by which a perpetrator gains access to the system by pretending to be an authorized user is called

  1. A) cracking.
  2. B) masquerading.
  3. C) hacking.
  4. D) superzapping.

 

 

15) The unauthorized access to, and use of, computer systems is known as

  1. A) hacking.
  2. B) hijacking.
  3. C) phreaking.
  4. D) sniffing.

 

 

16) A fraud technique that slices off tiny amounts from many projects is called the ________ technique.

  1. A) Trojan horse
  2. B) round down
  3. C) salami
  4. D) trap door

 

 

 

 

 

17) Data diddling is

  1. A) gaining unauthorized access to and use of computer systems, usually by means of a personal computer and a telecommunications network.
  2. B) unauthorized copying of company data such as computer files.
  3. C) unauthorized access to a system by the perpetrator pretending to be an authorized user.
  4. D) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data.

 

 

 

 

 

 

18) Spyware is

  1. A) software that tells the user if anyone is spying on his computer.
  2. B) software that monitors whether spies are looking at the computer.
  3. C) software that monitors computing habits and sends the data it gathers to someone else.
  4. D) none of the above

 

 

 

 

 

 

19) The unauthorized use of special system programs to bypass regular system controls and perform illegal act is called

  1. A) a Trojan horse.
  2. B) a trap door.
  3. C) the salami technique.
  4. D) superzapping.

 

 

 

 

 

 

20) Computer fraud perpetrators that modify programs during systems development, allowing access into the system that bypasses normal system controls are using

  1. A) a Trojan horse.
  2. B) a trap door.
  3. C) the salami technique.
  4. D) superzapping.

 

 

 

 

 

 

21) A fraud technique that allows a perpetrator to bypass normal system controls and enter a secured system is called

  1. A) superzapping.
  2. B) data diddling.
  3. C) using a trap door.
  4. D) piggybacking.

 

 

 

 

 

 

22) A set of unauthorized computer instructions in an otherwise properly functioning program is known as a

  1. A) logic bomb.
  2. B) spyware.
  3. C) trap door.
  4. D) Trojan horse.

 

 

 

 

 

23) A ________ is similar to a ________, except that it is a program rather than a code segment hidden in a host program.

  1. A) worm; virus
  2. B) Trojan horse; worm
  3. C) worm; Trojan horse
  4. D) virus; worm

 

 

 

 

 

 

24) Wally Hewitt is an accountant with a large accounting firm. The firm has a very strict policy of requiring all users to change their passwords every sixty days. In early March, Wally received an email from the firm that explained that there had been an error updating his password and that provided a link to a Web site with instructions for re-entering his password. Something about the email made Wally suspicious, so he called the firm’s information technology department and found that the email was fictitious. The email was an example of

  1. A) social engineering.
  2. B) phishing.
  3. C) piggybacking.
  4. D) spamming.

 

 

 

 

 

 

25) Developers of computer systems often include a user name and password that is hidden in the system, just in case they need to get into the system and correct problems in the future. This is referred to as a

  1. A) Trojan horse.
  2. B) key logger.
  3. C) spoof.
  4. D) back door.

 

 

 

 

 

26) In the 1960s, techniques were developed that allowed individuals to fool the phone system into providing free access to long distance phone calls. The people who use these methods are referred to as

  1. A) phreakers.
  2. B) hackers.
  3. C) hijackers.
  4. D) superzappers.

 

 

 

 

 

 

 

27) During a routine audit, a review of cash receipts and related accounting entries revealed discrepancies. Upon further analysis, it was found that figures had been entered correctly and then subsequently changed, with the difference diverted to a fictitious customer account. This is an example of

  1. A) kiting.
  2. B) data diddling.
  3. C) data leakage.
  4. D) phreaking.

 

 

 

 

 

 

28) It was late on a Friday afternoon when Troy Willicott got a call at the help desk for Taggitt Finances. A man with an edge of panic clearly discernible in his voice was on the phone. “I’m really in a bind and I sure hope that you can help me.” He identified himself as Chet Frazier from the Accounting Department. He told Troy that he had to work on a report that was due on Monday morning and that he had forgotten to bring a written copy of his new password home with him. Troy knew that Taggitt’s new password policy, that required that passwords must be at least fifteen characters long, must contain letters and numbers, and must be changed every sixty days, had created problems. Consequently, Troy provided the password, listened as it was read back to him, and was profusely thanked before ending the call. The caller was not Chet Frazier, and Troy Willicott was a victim of

  1. A) phreaking.
  2. B) war dialing.
  3. C) identity theft.
  4. D) social engineering.

 

 

 

 

 

29) Chiller451 was chatting online with 3L3tCowboy. “I can’t believe how lame some people are! 🙂 I can get into any system by checking out the company web site to see how user names are defined and who is on the employee directory. Then, all it takes is brute force to find the password.” Chiller451 is a ________ and the fraud he is describing is ________.

  1. A) phreaker; dumpster diving
  2. B) hacker; social engineering
  3. C) phreaker; the salami technique
  4. D) hacker; password cracking

 

 

 

 

 

 

30) After graduating from college with a communications degree, Sylvia Placer experienced some difficulty in finding full-time employment. She free-lanced during the summer as a writer and then started a blog in the fall. Shortly thereafter she was contacted by Clickadoo Online Services, who offered to pay her to promote their clients by mentioning them in her blog and linking to their Web sites. She set up several more blogs for this purpose and is now generating a reasonable level of income. She is engaged in

  1. A) Bluesnarfing.
  2. B) splogging.
  3. C) vishing.
  4. D) typosquatting.

 

 

 

 

 

 

31) Telefarm Industries is a telemarketing firm that operates in the Midwest. The turnover rate among employees is quite high. Recently, the information technology manager discovered that an unknown employee had used a Bluetooth-enabled mobile phone to access the firm’s database and copy a list of customers from the past three years that included credit card information. Telefarm was a victim of

  1. A) Bluesnarfing.
  2. B) splogging.
  3. C) vishing.
  4. D) typosquatting.

 

 

 

 

32)  Jim Chan decided to Christmas shop online. He linked to Amazon.com, found a perfect gift for his daughter, registered, and placed his order. It was only later that he noticed that the Web site’s URL was actually Amazom.com. Jim was a victim of

  1. A) Bluesnarfing.
  2. B) splogging.
  3. C) vishing.
  4. D) typosquatting.

 

 

 

 

 

 

33) Computers that are part of a botnet and are controlled by a bot herder are referred to as

  1. A) posers.
  2. B) zombies.
  3. C) botsquats.
  4. D) evil twins.

 

 

 

 

 

 

34) Jiao Jan had been the Web master for Folding Squid Technologies for only three months when the Web site was inundated with access attempts. The only solution was to shut down the site and then selectively open it to access from certain Web addresses. FST suffered significant losses during the period. The company had been the victim of a(an)

  1. A) denial-of-service attack.
  2. B) zero-day attack.
  3. C) malware attack.
  4. D) cyber-extortion attack.

 

 

 

 

 

35) Jiao Jan had been the Web master for Folding Squid Technologies for only three months when he received an anonymous email that threatened to inundate the company Web site with access attempts unless a payment was wired to an account in Eastern Europe. Jiao was concerned that FST would suffer significant losses if the threat was genuine. The author of the email was engaged in

  1. A) a denial-of-service attack.
  2. B) Internet terrorism.
  3. C) hacking.
  4. D) cyber-extortion.

 

 

 

 

 

 

36) Mo Chauncey was arrested in Emporia, Kansas, on February 29, 2008, for running an online business that specialized in buying and reselling stolen credit card information. Mo was charged with

  1. A) typosquatting.
  2. B) carding.
  3. C) pharming.
  4. D) phishing.

 

 

 

 

 

37) I work in the information technology department of a company I’ll call CMV. On Wednesday morning, I arrived at work, scanned in my identity card and punched in my code. This guy in a delivery uniform came up behind me carrying a bunch of boxes. I opened the door for him, he nodded and went on in. I didn’t think anything of it until later. Then I wondered if he might have been

  1. A) pretexting.
  2. B) piggybacking.
  3. C) posing.
  4. D) spoofing.

 

 

 

 

 

38) The call to tech support was fairly routine. A first-time computer user had purchased a brand new PC two months ago and it was now operating much more slowly and sluggishly than it had at first. Had he been accessing the Internet? Yes. Had he installed any “free” software? Yes. The problem is likely to be a(an)

  1. A) virus.
  2. B) zero-day attack.
  3. C) denial of service attack.
  4. D) dictionary attack.

 

 

 

 

 

 

39) In November of 2005 it was discovered that many of the new CDs distributed by Sony BMG installed software when they were played on a computer. The software was intended to protect the CDs from copying. Unfortunately, it also made the computer vulnerable to attack by malware run over the Internet. The scandal and resulting backlash was very costly. The software installed by the CDs is a

  1. A) virus.
  2. B) worm.
  3. C) rootkit.
  4. D) squirrel.

 

 

 

 

 

 

 

40) Which of the following would be least effective to reduce exposure to a computer virus?

  1. A) Only transfer files between employees with USB flash drives.
  2. B) Install and frequently update antivirus software.
  3. C) Install all new software on a stand-alone computer for until it is tested.
  4. D) Do not open email attachments from unknown senders.

 

 

 

 

41) Which of the following is not an example of social engineering?

  1. A) Obtaining and using another person’s Social Security Number, credit card, or other confidential information
  2. B) Creating phony Web sites with names and URL addresses very similar to legitimate Web sites in order to obtain confidential information or to distribute malware or viruses
  3. C) Using email to lure victims into revealing passwords or user IDs
  4. D) Setting up a computer in a way that allows the user to use a neighbors unsecured wireless network

 

 

 

 

 

42) How can a system be protected from viruses?

 

43) Describe at least six computer attacks and abuse techniques.

 

44) Describe at least four social engineering techniques.

 

45) Describe the differences between a worm and a virus?

 

Accounting Information Systems, 12e (Romney/Steinbart)

Chapter 7   Control and Accounting Information Systems

 

1) What is one reason why AIS threats are increasing?

  1. A) LANs and client/server systems are easier to control than centralized, mainframe systems.
  2. B) Many companies do not realize that data security is crucial to their survival.
  3. C) Computer control problems are often overestimated and overly emphasized by management.
  4. D) Many companies believe that protecting information is a strategic requirement.

 

 

 

 

 

2) Which of the following is not one of the risk responses identified in the COSO Enterprise Risk Management Framework?

  1. A) Monitoring
  2. B) Avoidance
  3. C) Acceptance
  4. D) Sharing

 

 

 

 

 

3) A control procedure designed so that the employee that records cash received from customers does not also have access to the cash itself is an example of a(n)

  1. A) preventive control.
  2. B) detective control.
  3. C) corrective control.
  4. D) authorization control.

 

4) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Then, ticket stubs collected at the theater entrance are counted and compared with the number of tickets sold. Which of the following situations does this control detect?

  1. A) Some customers presented tickets purchased on a previous day when there wasn’t a ticket taker at the theater entrance (so the tickets didn’t get torn.)
  2. B) A group of kids snuck into the theater through a back door when customers left after a show.
  3. C) The box office cashier accidentally gives too much change to a customer.
  4. D) The ticket taker admits his friends without tickets.

 

 

 

 

 

 

5) At a movie theater box office, all tickets are sequentially prenumbered. At the end of each day, the beginning ticket number is subtracted from the ending number to calculate the number of tickets sold. Cash is counted and compared with the number of tickets sold. Which of the following situations does this control detect?

  1. A) Some customers presented tickets purchased on a previous day when there wasn’t a ticket taker at the theater entrance (so the tickets didn’t get torn.)
  2. B) A group of kids snuck into the theater through a back door when customers left after a show.
  3. C) The box office cashier accidentally gives too much change to a customer.
  4. D) The ticket taker admits his friends without tickets.

 

 

 

 

 

 

6) Which of the following is an example of a preventive control?

  1. A) approving customer credit prior to approving a sales order
  2. B) reconciling the bank statement to the cash control account
  3. C) counting inventory on hand and comparing counts to the perpetual inventory records
  4. D) maintaining frequent backup records to prevent loss of data

 

 

 

 

 

7) Independent checks on performance include all the following except

  1. A) data input validation checks.
  2. B) reconciling hash totals.
  3. C) preparing a trial balance report.
  4. D) supervisor review of journal entries and supporting documentation.

 

 

 

 

8) A computer operator is allowed to work as a programmer on a new payroll software project. Does this create a potential internal control problem?

  1. A) Yes, the computer operator could alter the payroll program to increase her salary.
  2. B) Yes, this is a potential problem unless the computer operator is supervised by the payroll manager.
  3. C) No, ideal segregation of duties is not usually possible, and operators are often the best at programming changes and updates.
  4. D) No, as long as the computer operator separately accounts for hours worked in programming and in operations.

 

 

 

 

 

9) One of the objectives of the segregation of duties is to

  1. A) make sure that different people handle different parts of the same transaction.
  2. B) ensure that no collusion will occur.
  3. C) make sure that different people handle different transactions.
  4. D) achieve an optimal division of labor for efficient operations.

 

Page Ref: 196

 

 

 

10) Pam is a receptionist for Dunderhead Paper Co., which has strict corporate policies on appropriate use of corporate resources. The first week of August, Pam saw Michael, the branch manager, putting pencils, pens, erasers, paper and other supplies into his briefcase on his way out the door. This situation best reflects a weakness in which aspect of internal environment, as discussed in the COSO Enterprise Risk Management Framework?

  1. A) Integrity and ethical values
  2. B) Risk management philosophy
  3. C) Restrict access to assets
  4. D) Methods of assigning authority and responsibility

 

Page Ref: 189

 

 

 

 

11) Which of the following statements is true?

  1. A) Internal auditors, rather than external auditors, can conduct evaluations of effectiveness of Enterprise Risk Management processes.
  2. B) Re-adding the total of a batch of invoices and comparing the total with the first total you calculated is an example of an independent check.
  3. C) Requiring two signatures on checks over $20,000 is an example of segregation of duties.
  4. D) Although forensic specialists utilize computers, only people can accurately identify fraud.

 

Page Ref: 201

 

 

 

 

12) Of the following examples of fraud, which will be the most difficult to prevent and detect? Assume the company enforces adequate segregation of duties.

  1. A) Jim issues credit cards to him and Marie, and when the credit card balances are just under $1,000, Marie writes off the accounts as bad debt. Jim then issues new cards.
  2. B) An employee puts inventory behind the dumpster while unloading a vendor’s delivery truck, then picks up the inventory later in the day and puts it in her car.
  3. C) A mail room employee steals a check received from a customer and destroys the documentation.
  4. D) The accounts receivable clerk does not record sales invoices for friends or family, so they can receive free goods.

 

Page Ref: 197

 

 

 

13) According to The Sarbanes-Oxley Act of 2002, the audit committee of the board of directors is directly responsible for

  1. A) hiring and firing the external auditors.
  2. B) performing tests of the company’s internal control structure.
  3. C) certifying the accuracy of the company’s financial reporting process.
  4. D) overseeing day-to-day operations of the internal audit department.

 

Page Ref: 186

 

 

 

 

 

14) Go-Go Corporation, a publicly traded company, has three brothers who serve as President, Vice President of Finance and CEO. This situation

  1. A) increases the risk associated with an audit.
  2. B) must be changed before your audit firm could accept the audit engagement.
  3. C) is a violation of the Sarbanes-Oxley Act.
  4. D) violates the Securities and Exchange Act.

 

Page Ref: 193

 

 

 

 

15) Which of the following is a control related to design and use of documents and records?

  1. A) Sequentially prenumbering sales invoices
  2. B) Comparing physical inventory counts with perpetual inventory records
  3. C) Reconciling the bank statement to the general ledger
  4. D) Locking blank checks in a drawer or safe

 

Page Ref: 199

 

 

 

16) Which of the following duties could be performed by the same individual without violating segregation of duties controls?

  1. A) Approving accounting software change requests and testing production scheduling software changes
  2. B) Programming new code for accounting software and testing accounting software upgrades
  3. C) Approving software changes and implementing the upgraded software
  4. D) Managing accounts payable function and revising code for accounting software to more efficiently process discount due dates on vendor invoices

 

Page Ref: 198

 

 

 

 

17) With a limited work force and a desire to maintain strong internal control, which combination of duties would result in the lowest risk exposure?

  1. A) Updating the inventory subsidiary ledgers and recording purchases in the purchases journal
  2. B) Approving a sales return on a customer’s account and depositing customers’ checks in the bank
  3. C) Updating the general ledger and working in the inventory warehouse
  4. D) Entering payments to vendors in the cash disbursements journal and entering cash received from customers in the cash receipts journal

 

Page Ref: 196-197

 

 

 

 

18) Which of the following is not a factor of internal environment according to the COSO Enterprise Risk Management Framework?

  1. A) Analyzing past financial performance and reporting
  2. B) Providing sufficient resources to knowledgeable employees to carry out duties
  3. C) Disciplining employees for violations of expected behavior
  4. D) Setting realistic targets for long-term performance

 

Page Ref: 188

 

 

 

19) Which of the following suggests a weakness in a company’s internal environment?

  1. A) The audit committee regularly meets with the external auditors.
  2. B) The Board of Directors is primarily independent directors.
  3. C) The company has an up-to-date organizational chart.
  4. D) Formal employee performance evaluations are prepared every three years.

 

Page Ref: 191

 

 

 

 

20) Which of the following statements about internal environment is false?

  1. A) Management’s attitudes toward internal control and ethical behavior have only minimal impact on employee beliefs or actions.
  2. B) Supervision is especially important in organizations that cannot afford elaborate responsibility reporting or are too small to have adequate segregation of duties.
  3. C) An overly complex or unclear organizational structure may be indicative of more serious problems.
  4. D) A written policy and procedures manual is an important tool for assigning authority and responsibility.

 

Page Ref: 189

 

 

 

 

21) Which of the following is not a reason for the increase in security problems for AIS?

  1. A) Confidentiality issues caused by interlinked inter-company networks
  2. B) Difficult to control distributed computing networks
  3. C) Increasing efficiency resulting from more automation
  4. D) Increasing numbers of information systems and users

 

 

 

22) One reason why many organizations do not adequately protect their systems is because

  1. A) control problems may be overestimated by many companies.
  2. B) productivity and cost cutting cause management to forgo implementing and maintaining internal controls.
  3. C) control technology has not yet been developed.
  4. D) all of the above

 

 

 

 

 

 

23) Accountants must try to protect the AIS from threats. Which of the following would be a measure that should be taken?

  1. A) Take a proactive approach to eliminate threats.
  2. B) Detect threats that do occur.
  3. C) Correct and recover from threats that do occur.
  4. D) All of the above are proper measures for the accountant to take.

 

 

 

 

 

 

24) The process that a business uses to safeguard assets, provide accurate and reliable information, and promote and improve operational efficiency is known as

  1. A) a phenomenon.
  2. B) internal control.
  3. C) an AIS threat.
  4. D) a preventive control.

 

 

 

 

 

25) Safeguarding assets is one of the control objectives of internal control. Which of the following is not one of the other control objectives?

  1. A) providing accurate and reliable information
  2. B) promoting operational efficiency
  3. C) ensuring that no fraud has occurred
  4. D) encouraging adherence to management policies

 

 

 

 

 

 

26) Internal control is often referred to as a(n) ________, because it permeates an organization’s operating activities and is an integral part of management activities.

  1. A) event
  2. B) activity
  3. C) process
  4. D) system

 

 

 

 

 

 

27) Which of the following is accomplished by corrective controls?

  1. A) Identify the cause of the problem.
  2. B) Correct the resulting errors.
  3. C) Modify the system to prevent future occurrences of the problem.
  4. D) All of the above are accomplished by corrective controls.

 

 

 

 

 

 

28) Duplicate checking of calculations is an example of a ________ control, and procedures to resubmit rejected transactions is an example of a ________ control.

  1. A) corrective; detective
  2. B) detective; corrective
  3. C) preventive; corrective
  4. D) detective; preventive

 

 

 

 

 

29) What is not a corrective control procedure?

  1. A) Identify the cause of a problem.
  2. B) Deter problems before they arise.
  3. C) Correct resulting errors or difficulties.
  4. D) Modify the system so that future problems are minimized or eliminated.

 

 

 

 

 

 

 

30) ________ controls are designed to make sure an organization’s control environment is stable and well managed.

  1. A) Application
  2. B) Detective
  3. C) General
  4. D) Preventive

 

 

 

 

 

 

31) ________ controls prevent, detect and correct transaction errors and fraud.

  1. A) Application
  2. B) Detective
  3. C) General
  4. D) Preventive

 

 

 

 

 

 

32) The primary purpose of the Foreign Corrupt Practices Act of 1977 was

  1. A) to require corporations to maintain a good system of internal control.
  2. B) to prevent the bribery of foreign officials by American companies.
  3. C) to require the reporting of any material fraud by a business.
  4. D) All of the above are required by the act.

 

 

 

 

 

33) Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies.

  1. A) Foreign Corrupt Practices Act of 1977
  2. B) The Securities Exchange Act of 1934
  3. C) The Sarbanes-Oxley Act of 2002
  4. D) The Control Provision of 1998

 

 

 

 

 

 

 

34) Which of the following is not one of the important aspects of the Sarbanes-Oxley Act?

  1. A) The creation of the Public Company Accounting Oversight Board
  2. B) New rules for auditors and management
  3. C) New roles for audit committees
  4. D) New rules for information systems development

 

Page Ref: 186

 

 

 

 

35) A(n) ________ helps employees act ethically by setting limits beyond which an employee must not pass.

  1. A) boundary system
  2. B) diagnostic control system
  3. C) interactive control system
  4. D) internal control system

 

 

 

 

 

36) A(n) ________ measures company progress by comparing actual performance to planned performance.

  1. A) boundary system
  2. B) diagnostic control system
  3. C) interactive control system
  4. D) internal control system

 

 

 

 

 

 

37) A(n) ________ helps top-level managers with high-level activities that demand frequent and regular attention.

  1. A) boundary system
  2. B) diagnostic control system
  3. C) interactive control system
  4. D) internal control system

 

 

 

 

 

 

 

38) This control framework addresses the issue of control from three vantage points: business objectives, information technology resources, and information technology processes.

  1. A) ISACA’s control objectives for information and related technology
  2. B) COSO’s internal control framework
  3. C) COSO’s enterprise risk management framework
  4. D) none of the above

 

Page Ref: 186

 

 

 

39) This control framework’s intent includes helping the organization to provide reasonable assurance that objectives are achieved and problems are minimized, and to avoid adverse publicity and damage to the organization’s reputation.

  1. A) ISACA’s control objectives for information and related technology
  2. B) COSO’s internal control framework
  3. C) COSO’s enterprise risk management framework
  4. D) none of the above

 

Page Ref: 187

 

 

 

 

40) The COSO Enterprise Risk Management Framework includes eight components. Which of the following is not one of them?

  1. A) control environment
  2. B) risk assessment
  3. C) compliance with federal, state, or local laws
  4. D) monitoring

 

Page Ref: 188

 

 

 

 

41) Which of the following is not one of the eight interrelated risk and control components of COSO Enterprise Risk Management Framework?

  1. A) Internal environment
  2. B) Monitoring
  3. C) Risk response
  4. D) Event assessment

 

Page Ref: 188

 

 

42) The COSO Enterprise Risk Management Integrated Framework stresses that

  1. A) risk management activities are an inherent part of all business operations and should be considered during strategy setting.
  2. B) effective risk management is comprised of just three interrelated components; internal environment, risk assessment, and control activities.
  3. C) risk management is the sole responsibility of top management.
  4. D) risk management policies, if enforced, guarantee achievement of corporate objectives.

 

Page Ref: 187

 

 

 

 

43) Which of the following would be considered a “red flag” for problems with management operating style if the question were answered “yes”?

  1. A) Does management take undue business risks to achieve its objectives?
  2. B) Does management attempt to manipulate performance measures such as net income?
  3. C) Does management pressure employees to achieve results regardless of the methods?
  4. D) All of the above statements would raise “red flags” if answered “yes.”

 

Page Ref: 189

 

 

 

 

44) Which component of the COSO Enterprise Risk Management Integrated Framework is concerned with understanding how transactions are initiated, data are captured and processed, and information is reported?

  1. A) Information and communication
  2. B) Internal environment
  3. C) Event identification
  4. D) Objective setting

 

Page Ref: 201

 

 

 

45) The COSO Enterprise Risk Management Integrated Framework identifies four objectives necessary to achieve corporate goals. Objectives specifically identified include all of the following except

  1. A) implementation of newest technologies.
  2. B) compliance with laws and regulations.
  3. C) effective and efficient operations.
  4. D) reliable reporting.

 

Page Ref: 192

 

 

 

 

46) The audit committee of the board of directors

  1. A) is usually chaired by the CFO.
  2. B) conducts testing of controls on behalf of the external auditors.
  3. C) provides a check and balance on management.
  4. D) does all of the above.

 

Page Ref: 189

 

 

 

 

47) The audit committee is responsible for

  1. A) overseeing the internal control structure.
  2. B) overseeing the financial reporting process.
  3. C) working with the internal and external auditors.
  4. D) All of the above are responsibilities.

 

Page Ref: 189

 

 

 

 

48) The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the

  1. A) control activities
  2. B) organizational structure
  3. C) budget framework
  4. D) internal environment

 

Page Ref: 190

 

 

 

49) Reducing management layers, creating self-directed work teams, and emphasizing continuous improvement are all related to which aspect of internal environment?

  1. A) Organizational structure
  2. B) Methods of assigning authority and responsibility
  3. C) Management philosophy and operating style
  4. D) Commitment to competence

 

Page Ref: 190

 

 

50) Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter

  1. A) unintentional errors.
  2. B) employee fraud or embezzlement.
  3. C) fraud by outsiders.
  4. D) disgruntled employees.

 

Page Ref: 190-191

 

 

 

 

51) The SEC and FASB are best described as external influences that directly affect an organization’s

  1. A) hiring practices.
  2. B) philosophy and operating style.
  3. C) internal environment.
  4. D) methods of assigning authority.

 

Page Ref: 192

 

 

 

52) Which attribute below is not an aspect of the COSO ERM Framework internal environment?

  1. A) Enforcing a written code of conduct
  2. B) Holding employees accountable for achieving objectives
  3. C) Restricting access to assets
  4. D) Avoiding unrealistic expectations

 

Page Ref: 188

 

 

 

 

53) The amount of risk a company is willing to accept in order to achieve its goals and objectives is

  1. A) Inherent risk
  2. B) Residual risk
  3. C) Risk appetite
  4. D) Risk assessment

 

Page Ref: 189

 

 

 

 

 

54) The risk that remains after management implements internal controls is

  1. A) Inherent risk
  2. B) Residual risk
  3. C) Risk appetite
  4. D) Risk assessment

 

Page Ref: 193

 

 

 

 

55) The risk that exists before management takes any steps to control the likelihood or impact of a risk is

  1. A) Inherent risk
  2. B) Residual risk
  3. C) Risk appetite
  4. D) Risk assessment

 

Page Ref: 193

 

 

 

56) When undertaking risk assessment, the expected loss is calculated like this.

  1. A) Impact times expected loss
  2. B) Impact times likelihood
  3. C) Inherent risk times likelihood
  4. D) Residual risk times likelihood

 

Page Ref: 194

 

 

 

 

57) Generally in a risk assessment process, the first step is to

  1. A) identify the threats that the company currently faces.
  2. B) estimate the risk probability of negative events occurring.
  3. C) estimate the exposure from negative events.
  4. D) identify controls to reduce all risk to zero.

 

Page Ref: 194

 

 

 

 

 

58) Store policy that allows retail clerks to process sales returns for $300 or less, with a receipt dated within the past 60 days, is an example of

  1. A) general authorization.
  2. B) specific authorization.
  3. C) special authorization.
  4. D) generic authorization.

 

Page Ref: 196

 

 

 

 

59) Corporate policy that requires a purchasing agent and purchasing department manager to sign off on asset purchases over $1,500 is an example of

  1. A) general authorization.
  2. B) specific authorization.
  3. C) special authorization.
  4. D) generic authorization.

 

Page Ref: 196

 

 

 

60) A document that shows all projects that must be completed and the related IT needs in order to achieve long-range company goals is known as a

  1. A) performance evaluation.
  2. B) project development plan.
  3. C) data processing schedule.
  4. D) strategic master plan.

 

Page Ref: 198

 

 

 

 

61) A ________ is created to guide and oversee systems development and acquisition.

  1. A) performance evaluation
  2. B) project development plan
  3. C) steering committee
  4. D) strategic master plan

 

Page Ref: 198

 

 

 

 

 

62) A ________ shows how a project will be completed, including tasks and who will perform them as well as a timeline and cost estimates.

  1. A) performance evaluation
  2. B) project development plan
  3. C) steering committee
  4. D) strategic master plan

 

Page Ref: 198

 

 

 

63) Which of the following is not a violation of the Sarbanes-Oxley Act (SOX)? The management at Folding Squid Technologies

  1. A) asked their auditors to make recommendations for the redesign of their information technology system and to aid in the implementation process.
  2. B) hired the manager from the external audit team as company CFO twelve months after the manager had worked on the audit.
  3. C) selected the company’s Chief Financial Officer to chair the audit committee.
  4. D) did not mention to auditors that the company had experienced significant losses due to fraud during the past year.

 

Page Ref: 186

 

 

 

 

64) The Sarbanes-Oxley Act (SOX) applies to

  1. A) all companies with gross annual revenues exceeding $500 million.
  2. B) publicly held companies with gross annual revenues exceeding $500 million.
  3. C) all private and publicly held companies incorporated in the United States.
  4. D) all publicly held companies.

 

 

 

 

 

 

 

65) Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinions about his company’s budgeting practices. It seems that, as a result of “budget handcuffs” that require managers to explain material deviations from budgeted expenditures, his ability to creatively manage his department’s activities have been curtailed. The level of control that the company is using in this case is a

  1. A) boundary system.
  2. B) belief system.
  3. C) interactive control system.
  4. D) diagnostic control system.

 

 

 

 

 

66) Chuck Hewitt was relaxing after work with a colleague at a local watering hole. Well into his second martini, he began expressing his opinions about his work environment. It seems that, as a result of “feminazi” interference, the suggestive banter that had been prevalent in the workplace during his youth was no longer acceptable. He even had to sit through a sexual harassment workshop! The level of control that the company is using in this case is a

  1. A) boundary system.
  2. B) belief system.
  3. C) interactive control system.
  4. D) diagnostic control system.

 

 

 

 

 

 

67) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the impact of this risk without insurance?

  1. A) $50,000
  2. B) $650,000
  3. C) $650
  4. D) $50

 

Page Ref: 194

 

 

 

 

 

68) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss without insurance?

  1. A) $50,000
  2. B) $650,000
  3. C) $650
  4. D) $50

 

Page Ref: 194

 

 

 

69) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits has an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. What is the expected loss with insurance?

  1. A) $50,000
  2. B) $650,000
  3. C) $650
  4. D) $50

 

Page Ref: 194

 

 

 

 

70) River Rafting Adventures of Iowa provides rafts and tour guides to tourists eager to ride the wild rivers of Iowa. Management has determined that there is one chance in a thousand of a client being injured or killed. Settlement of resulting lawsuits have an average cost of $650,000. Insurance with a $50,000 deductible is available. It covers the costs of lawsuits, unless there is evidence of criminal negligence. Based on cost-benefit analysis, what is the most that the business should pay for the insurance?

  1. A) $500
  2. B) $650
  3. C) $600
  4. D) $50

 

Page Ref: 194

 

 

 

 

71) Due to data errors occurring from time to time in processing the Albert Company’s payroll, the company’s management is considering the addition of a data validation control procedure that is projected to reduce the risk of these data errors from 13% to 2%. The cost of the payroll reprocessing is estimated to be $11,000. The cost of implementing the data validation control procedure is expected to be $700. Which of the following statements is true?

  1. A) The data validation control procedure should be implemented because its net estimated benefit is $510.
  2. B) The data validation control procedure should be implemented because its cost of $700 is less than the payroll reprocessing cost of $1,430.
  3. C) The data validation control procedure should not be implemented because its cost of $700 exceeds the expected benefit by $480.
  4. D) The data validation control procedure should not be implemented because its net estimated benefit is a negative $1,210.

 

Page Ref: 194

 

 

 

 

72) The organization chart for Geerts Corporation includes a controller and an information processing manager, both of whom report to the vice president of finance. Which of the following would be a control weakness?

  1. A) Assigning the programming and operating of the computer system to an independent control group which reports to the controller
  2. B) Providing for maintenance of input data controls by an independent control group which reports to the controller
  3. C) Periodically rotating assignment of application processing among machine operators, who all report to the information processing manager
  4. D) Providing for review and distribution of system-generated reports by an independent control group which reports to the controller

 

Page Ref: 198

 

 

 

 

73) Global Economic Strategies, L.L.D., has been diligent in ensuring that their operations meet modern control standards. Recently, they have extended their control compliance system by incorporating policies and procedures that require the specification of company objectives, uncertainties associated with objectives, and contingency plans. They are transitioning from a ________ to a ________ control framework.

  1. A) COSO-Integrated Framework; COBIT
  2. B) COBIT; COSO-Integrated Framework
  3. C) COBIT; COSO-ERM
  4. D) COSO-Integrated Framework; COSO-ERM
  5. E) COSO-ERM; COBIT

 

Page Ref: 187-188

 

 

 

 

74) FranticHouse Partners, L.L.C., does home remodeling and repair. All employees are bonded, so the firm’s risk exposure to employee fraud is

  1. A) reduced.
  2. B) shared.
  3. C) avoided.
  4. D) accepted.

 

Page Ref: 193

 

 

 

 

75) FranticHouse Partners, L.L.C., does home remodeling and repair. The firm does not accept jobs that require the installation of slate or copper roofing because these materials often require costly post-installation services. The firm’s risk exposure to costly post-installation services is

  1. A) reduced.
  2. B) shared.
  3. C) avoided.
  4. D) accepted.

 

Page Ref: 193

 

 

 

 

76) According to the COSO Enterprise Risk Management Framework, the risk assessment process incorporates all of the following components except

  1. A) reporting potential risks to auditors.
  2. B) identifying events that could impact the enterprise.
  3. C) evaluating the impact of potential events on achievement of objectives.
  4. D) establishing objectives for the enterprise.

 

Page Ref: 193

 

 

 

 

77) Ferdinand Waldo Demara was known as the great imposter. He had an astounding ability to convince people that he was who he truly was not. He worked as a naval officer, physician, college teacher, prison warden, and other jobs without any of the prerequisite qualifications. By not diligently checking references, the organizations fooled by Demara (including the Canadian Navy) apparently chose to ________ the risk of fraud.

  1. A) reduce
  2. B) share
  3. C) avoid
  4. D) accept

 

Page Ref: 193

 

 

 

 

78) Which of the following is an independent check on performance?

  1. A) The Purchasing Agent physically reviews the contents of shipments and compares them with the purchase orders he has placed.
  2. B) Production teams perform quality evaluations of the products that they produce.
  3. C) The General Manager compares budgeted amounts with expenditure records from all departments.
  4. D) Petty cash is disbursed by Fred Haynes. He also maintains records of disbursements, places requests to finance to replace expended funds, and periodically reconciles the petty cash balance.

 

Page Ref: 200

 

 

 

 

79) Petty cash is disbursed by the Fred Haynes in the Cashier’s Office. He also maintains records of disbursements, places requests to the Finance Department to replace expended funds, and periodically reconciles the petty cash balance. This represents a(an) ________ segregation of duties.

  1. A) effective
  2. B) ideal
  3. C) ineffective
  4. D) limited

 

Page Ref: 196

 

 

 

 

80) Hiring decisions at Frazier’s Razors are made by Sheila Frazier, the Director of Human Resources. Pay rates are approved by the Vice President for Operations. At the end of each pay period, supervisors submit time cards to Sheila, who prepares paycheck requisitions. Paychecks are then distributed through the company’s mail room. This represents a(an) ________ segregation of duties.

  1. A) effective
  2. B) partial
  3. C) ineffective
  4. D) limited

 

Page Ref: 196

 

 

 

 

81) Change management refers to

  1. A) disbursement controls on petty cash.
  2. B) operational controls applied to companies after mergers or acquisitions.
  3. C) replacement of upper management and their introduction to the organization.
  4. D) controls designed to ensure that updates in information technology do not have negative consequences.

 

Page Ref: 199

 

 

 

 

82) The Director of Information Technology for the city of Bumpkiss, Minnesota, formed a company to sell computer supplies and software. All purchases made on behalf of the City were made from his company. He was later charged with fraud for overcharging the City, but was not convicted. The control issue in this case arose because the Director had both ________ and ________ duties.

  1. A) custody; authorization
  2. B) custody; recording
  3. C) recording; authorization
  4. D) management; custody

 

Page Ref: 196

 

 

 

 

83) According to the ERM, these help the company address all applicable laws and regulations.

  1. A) Compliance objectives
  2. B) Operations objectives
  3. C) Reporting objectives
  4. D) Strategic objectives

 

Page Ref: 192

 

 

 

 

84) According to the ERM, high level goals that are aligned with and support the company’s mission are

  1. A) compliance objectives.
  2. B) operations objectives.
  3. C) reporting objectives.
  4. D) strategic objectives.

 

Page Ref: 192

 

 

 

85) According to the ERM, these deal with the effectiveness and efficiency of company operations, such as performance and profitability goals.

  1. A) Compliance objectives
  2. B) Operations objectives
  3. C) Reporting objectives
  4. D) Strategic objectives

 

Page Ref: 192

 

 

 

86) According to the ERM, these objectives help ensure the accuracy, completeness and reliability of internal and external company reports.

  1. A) Compliance objectives
  2. B) Operations objectives
  3. C) Reporting objectives
  4. D) Strategic objectives

 

Page Ref: 192

 

 

 

 

87) Which of the following is not a risk reduction element of a disaster recovery plan?

  1. A) Identification of alternate work site
  2. B) Off-site storage of backup files and programs
  3. C) Documentation of procedures and responsibilitie
  4. D) Adequate casualty insurance

 

Page Ref: 193

 

 

 

88) Describe the differences between general and specific authorization.

 

89) Explain how a company could be the victim of fraud, even if ideal segregation of duties is enforced.

 

90) Classify each of the following controls as preventive, detective, or corrective.

Periodic bank reconciliation

Separation of cash and accounting records

Maintaining backup copies of master and transaction files

Pre-numbering of sales invoices

Chart of accounts

Retina scan before entering a sensitive R & D facility

Resubmission of error transactions for subsequent processing

Internal auditor rechecking the debits and credits on the payment voucher

Depositing all cash receipts intact

Hiring qualified accounting personnel

 

91) Discuss four reasons why AIS threats are increasing.

 

92) Explain why the Foreign Corrupt Practices Act was important to accountants.

 

93) Discuss the internal environment and identify the elements that comprise the internal environment.

 

94) Explain why management’s philosophy and operating style are considered to be the most important element of the internal environment.

 

95) What are some of the ways to assign authority and responsibility within an organization?

 

96) Discuss the weaknesses in COSO’s internal control framework that led to the development of the COSO Enterprise Risk Management framework.

 

 

0.0/5
0 reviews
0
0
0
0
0

There are no reviews yet.

Be the first to review “Accounting Information Systems, 12E Marshall B. Romney – Test Bank”