TEST BANK
ACCOUNTING INFORMATION SYSTEMS 9TH EDITION BY JAMES A. HALL TEST BANK Chapter 1—The Information System: An Accountant’s Perspective TRUE/FALSE 1. Information is a business resource. ANS: T
PTS: 1
2. IT outsourcing is location-independent computing. ANS: F
PTS: 1
3. Transaction processing systems convert non-financial transactions into financial transactions. ANS: F
PTS: 1
4. Information lacking reliability may still have value. ANS: F
PTS: 1
5. A balance sheet prepared in conformity with GAAP is an example of discretionary reporting. ANS: F
PTS: 1
6. The Management Reporting System provides the internal financial information needed to manage a business. ANS: T
PTS: 1
7. Most of the inputs to the General Ledger System come from the Financial Reporting System. ANS: F
PTS: 1
8. When preparing discretionary reports, organizations can choose what information to report and how to present it. ANS: T
PTS: 1
9. Retrieval is the task of permanently removing obsolete or redundant records from the database. ANS: F
PTS: 1
10. Systems development represents 80 to 90 percent of the total cost of a computer system. ANS: F
PTS: 1
11. The database administrator is responsible for the security and integrity of the database.
ANS: T
PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 12. Custom software is completely finished, tested, and ready for implementation. ANS: F
PTS: 1
13. The internal auditor represents the interests of third-party outsiders. ANS: F
PTS: 1
14. Information Technology (IT) audits can be performed by both internal and external auditors. ANS: T
PTS: 1
15. Custom software is the most affordable systems development option. ANS: F
PTS: 1
16. A database is a collection of interconnected computers and communications devices that allows users to communicate, access data and applications, and share information and resources. ANS: F
PTS: 1
17. Systems maintenance consumes the majority of a system’s total costs. ANS: T
PTS: 1
18. Cloud computing is a practice in which the organization sells its IT resources to a third-party outsourcing vendor then leases back IT services from the vendor for a contract period. ANS: F
PTS: 1
19. A potential benefit of cloud computing is that the client firm does not need to know where its data are bring processed. ANS: F
PTS: 1
20. One of the greatest disadvantages of database systems is that all data is always available to all users. ANS: F
PTS: 1
21. Under SOX legislation public accounting firms are no longer allowed to provide consulting services to audit clients. ANS: T
PTS: 1
22. One member of a company’s audit committee must be an independent CPA.
ANS: F
PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 MULTIPLE CHOICE 1. Which of the following is not a business resource? a. raw material b. labor c. information d. all are business resources ANS: D
PTS: 1
2. Which level of management is responsible for short-term planning and coordination of activities necessary to accomplish organizational objectives? a. operations management b. middle management c. top management d. line management ANS: B
PTS: 1
3. Which level of management is responsible for controlling day-to-day operations? a. top management b. middle management c. operations management d. executive management ANS: C
PTS: 1
4. Location-independent computing in which shared data centers deliver hosted IT services over the Internet. a. IT outsourcing b. Network administration c. Cloud computing d. Custom software ANS: C
PTS: 1
5. The value of information for users is determined by all of the following but a. reliability b. relevance c. convenience d. completeness ANS: C
PTS: 1
6. An example of a nonfinancial transaction is a. sale of products b. cash disbursement c. log of customer calls d. purchase of inventory ANS: C
PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 7. An example of a financial transaction is a. the purchase of computer b. a supplier’s price list c. a delivery schedule d. an employee benefit brochure ANS: A
PTS: 1
8. Which subsystem is not part of the Accounting Information System? a. Transaction Processing System b. Expert System c. General Ledger/Financial Reporting System d. Management Reporting System ANS: B
PTS: 1
9. The major difference between the Financial Reporting System (FRS) and the Management Reporting System (MRS) is the a. FRS provides information to internal and external users; the MRS provides information to internal users b. FRS provides discretionary information; the MRS provides nondiscretionary information c. FRS reports are prepared using information provided by the General Ledger System; the MRS provides information to the General Ledger System d. FRS reports are prepared in flexible, nonstandardized formats; the MRS reports are prepared in standardized, formal formats ANS: A
PTS: 1
10. The purpose of the Transaction Processing System includes all of the following except a. converting economic events into financial transactions b. recording financial transactions in the accounting records c. distributing essential information to operations personnel to support their daily operations d. measuring and reporting the status of financial resources and the changes in those resources ANS: D
PTS: 1
11. The Transaction Processing System includes all of the following cycles except a. the revenue cycle b. the administrative cycle c. the expenditure cycle d. the conversion cycle ANS: B
PTS: 1
12. The primary input to the Transaction Processing System is a. a financial transaction b. an accounting record c. an accounting report d. a nonfinancial transaction ANS: A
PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 13. When designing the data collection activity, which type of data should be avoided? a. data that is relevant b. data that is efficient c. data that is redundant d. data that is accurate ANS: C
PTS: 1
14. The most basic element of useful data in the database is a. the record b. the key c. the file d. the attribute ANS: D
PTS: 1
15. In a database, a complete set of attributes for a single occurrence of an entity class is called a. a key b. a file c. a record d. a character ANS: C
PTS: 1
16. Effective information has all of the following characteristics except a. relevance b. completeness c. summarization d. structure ANS: D
PTS: 1
17. Database management tasks do not include a. summarization b. storage c. retrieval d. deletion ANS: A
PTS: 1
18. The author distinguishes between the Accounting Information System and the management Information System based on a. whether the transactions are financial or nonfinancial b. whether discretionary or nondiscretionary reports are prepared c. the end users of the reports d. the organizational structure of the business ANS: A
PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 19. Which activity is not part of the finance function? a. cash receipts b. portfolio management c. credit d. general ledger ANS: D
PTS: 1
20. Market research and advertising are part of which business function? a. materials management b. finance c. marketing d. production ANS: C
PTS: 1
21. Which function manages the financial resources of the firm through portfolio management, banking, credit evaluation, and cash receipts and disbursements? a. accounting b. finance c. materials management d. distribution ANS: B
PTS: 1
22. Which of the following is not part of the accounting function? a. managing the financial information resource of the firm b. capturing and recording transactions in the database c. distributing transaction information to operations personnel d. managing the physical information system of the firm ANS: D
PTS: 1
23. The term “accounting independence” refers to a. data integrity b. separation of duties, such as record keeping and custody of physical resources c. generation of accurate and timely information d. business segmentation by function ANS: B
PTS: 1
24. In the distributed data processing approach a. computer services are consolidated and managed as a shared organization resource b. the computer service function is a cost center c. the end users are billed using a charge-back system d. computer services are organized into small information processing units under the control of end users ANS: D
PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 25. Which of the following is not a cloud computing service? a. Software as a service b. Infrastructure as a service c. Network as a service d. Platform as a service ANS: C
PTS: 1
26. Data processing does not involve a. data control b. computer operations c. system maintenance d. data conversion ANS: C
PTS: 1
27. Attestation services are performed by a. external auditors b. internal accountants c. internal auditors d. third-party accountants ANS: A
PTS: 1
28. Which individual is least involved in new systems development? a. systems analyst b. external auditor c. end user d. data librarian ANS: D
PTS: 1
29. The objectives of all information systems include all of the following except a. support for the stewardship function of management b. evaluating transaction data c. support for the day-to-day operations of the firm d. support for management decision making ANS: B
PTS: 1
30. Which individuals may be involved in the Systems Development Life Cycle? a. accountants b. systems professionals c. end users d. all of the above ANS: D
PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 31. An appraisal function housed within the organization that performs a wide range of services for management is a. internal auditing b. data control group c. external auditing d. database administration ANS: A
PTS: 1
32. Which of the following is not a production support activity? a. Maintenance b. Marketing c. Production planning d. Quality control ANS: B
PTS: 1
33. Advantages of cloud computing include all of the following except a. Access to whatever computing power is needed b. Paying only for what is used c. Unknown data processing location d. Flexible, short term contracts ANS: C
PTS: 1
34. Motivations for IT outsourcing include each of the following except a. IT’s highly technical nature b. Long term contracts in IT outsourcing c. Expense of IT d. Dynamically changing nature of IT ANS: B
PTS: 1
35. An internal audit department’s independence is compromised when the department reports to: a. the company controller b. the audit committee of the board of directors c. Both a. and b. d. Neither a. nor b. ANS: A
PTS: 1
36. What factor conceptually distinguishes external auditing and internal auditing? a. Tests of controls b. Substantive tests c. Education d. Constituencies ANS: D
PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 37. All of the following are external end users except a. Cost accountants b. Creditors c. Stockholders d. Tax authorities ANS: A
PTS: 1
38. Useful information must possess all of the following characteristics except a. relevance b. precision c. accuracy d. completeness ANS: B
PTS: 1
39. The objectives of an information system include each of the following except a. support for the stewardship responsibilities of management b. furthering the financial interests of shareholders c. support for management decision making d. support for the firm’s day-to-day operations ANS: B
PTS: 1
40. Accountants play many roles relating to the accounting information system, including all of the following except a. system users b. system designers c. system auditors d. system converters ANS: D
PTS: 1
SHORT ANSWER 1. Entities outside the organization with a direct or indirect interest in the firm, such as stockholders, financial institutions, and government agencies, are called . ANS: stakeholders PTS: 1 2. Location-independent sharing of data centers hosting IT servers over the internet is called . ANS: Cloud computing PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 3. Transactions with trading partners include
and
.
ANS: sales, purchases PTS: 1 4. A practice in which an organization sells its IT resources and leases them back is called . ANS: IT outsourcing PTS: 1 5. The task of locating and transferring an existing record from the database for processing is called data . ANS: retrieval PTS: 1 6. These tests focus on data rather than process:
,
ANS: Substantive tests PTS: 1 7. Three activities that are part of the finance function are , and
, .
ANS: portfolio management, treasury, credit, cash disbursements, cash receipts PTS: 1 8. Two distinct ways to structure the Data Processing Department are . ANS: centralized, distributed PTS: 1
and
Accounting Information Systems, 9e – Test Bank, Chapter 1
9. Two methods to acquire information systems are to .
and to
ANS: develop customized systems, purchase commercial systems PTS: 1 10. The most common audit types are auditors.
,
, and
ANS: internal (operational), external (attestation), fraud PTS: 1 11. Sales of products to customers, purchases of inventory from vendors, and cash disbursements are all example of . ANS: financial transactions PTS: 1 12. The three major subsystems of the AIS are , and
, .
ANS: the transaction processing system, the general ledger/financial reporting system, the management reporting system PTS: 1 13. The and AIS clearly distinguish it from the MIS.
standards that characterize the
ANS: legal, professional PTS: 1 14. The transaction processing system is comprised of three cycles: , and ANS: revenue, expenditure, conversion PTS: 1
, .
Accounting Information Systems, 9e – Test Bank, Chapter 1 15. The tests that focus on the system itself and how it is designed to reduce risk is called . ANS: Tests of controls PTS: 1 16. Sarbanes-Oxley legislation requires that management designs and implements controls over the entire financial reporting process. What systems does this include? ANS: This includes the financial reporting system, the general ledger system, and the transaction processing systems that supply the data for financial reporting. PTS: 1 17. Why is it necessary to distinguish between AIS and MIS? ANS: Because of the highly integrative nature of modern information systems, management and auditors need a conceptual view of the information system that distinguishes key processes and areas of risk and legal responsibility from the other (non-legally binding) aspects of the system. Without such a model, critical management and audit responsibilities under SOX may not be met. PTS: 1 18. How has SOX legislation impacted the consulting practices of public accounting firms? ANS: Prior to SOX, a gray area of overlap existed between assurance and consulting services. Auditors were once allowed to provide consulting services to their audit clients. This is now prohibited from doing so under SOX legislation. PTS: 1 19. What is discretionary reporting? ANS: Reports used by management that the company is not obligated by law, regulation, or contract to provide. These are often used for internal problem-solving issues rather than by external constituents. PTS: 1 20. Name the five characteristics of information. ANS: Relevance, accuracy, completeness, summarization, and timeliness. PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 ESSAY 1. Contrast the responsibilities of operations management, middle management, and top management. Explain the different information needs for each level of management. ANS: Operations management is directly responsible for controlling day-to-day operations. Operations managers require detailed information on individual transactions such as sales, shipment of goods, usage of labor and materials in the production process, and internal transfers of resources from one department to another. Budgeting information and instructions flow downward from top and middle management to operations management. Middle managers perform short-term planning and coordination of activities necessary to accomplish organizational objectives. Middle management requires information that is more summarized and oriented toward reporting on overall performance and problems, rather than routine operations. Top management is responsible for longer-term planning and setting organizational objectives. Information provided to top management is highly summarized. PTS: 1 2. Explain the difference between data and information. ANS: Data are facts which may or may not be processed; data have no particular impact on the user. Information is processed data that causes the user to take action. PTS: 1 3. Why do auditors need to understand the organizational structure of the business? ANS: The structure of an organization reflects the distribution of responsibility, authority, and accountability throughout the organization. Auditors need to know how the organization functions to properly audit it. PTS: 1 4. Several advantages of cloud computing have been discussed. Discuss at least three. ANS: The advantages of cloud computing include access to whatever computing power it needs, paying only for what is used, and flexible and relatively short term computing contracts. PTS:
1
Accounting Information Systems, 9e – Test Bank, Chapter 1 5. Name and explain the purpose of the three major subsystems of the AIS:
ANS: TPS
records the financial transactions of the firm
GL/FRS
produces the financial statements etc. required by law
MRS
provides information to internal management for decision making
PTS: 1 6. What are the three primary functions performed by the transaction processing system? ANS: converting economic events into financial transaction, recording financial transaction in the accounting records (journals and ledgers), and distributing essential financial information to operations personnel to support daily operations. PTS: 1 7. What factors motivate management to outsource IT? ANS: Management may be motivated to outsource It because the IT segment of an organization comprises highly technical, dynamically changing, and expensive activities. The administrative burden and high costs associated with managing and maintaining IT functions are also motivation. PTS: 1 8. Describe the problem of data redundancy. ANS: Information systems have limited collection, processing, and data storage capacity. Data redundancy overloads facilities and reduces the overall efficiency of the system. Inconsistency among redundant data elements can result in inappropriate actions and bad decisions. PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 9. Compare and contrast IT outsourcing and cloud computing. ANS: IT outsourcing involved an organization selling its IT resources (hardware, software, and facilities) to a third-party outsourcing vendor and then leasing back IT services from the vendor for a contract period of typically between five and ten years. A variant of IT outsourcing, called cloud computing, is locationindependent computing whereby shared data centers deliver hosted IT services over the Internet. An organization pursuing cloud computing signs a contract with an IT service provider to provide computing resources. When demand exceeds the provider’s IT capacity, it acquires additional capacity from data centers in the “cloud” that are connected via the Internet. The advantage to the client organization is access to whatever computing power it needs, while it pays only for what it uses. Also, cloud computing contracts are flexible and relatively short term. In contrast, traditional outsourcing contracts tend to be fixed price, inflexible, and much longer term. PTS: 1 10. Distinguish between the accounting information system and the management information system. ANS: The AIS processes financial (e.g., cash receipts) and nonfinancial (e.g., addition to the approved vendor list) transactions that directly affect the processing of the financial transaction. These are handled by the three major subsystems: transaction processing, general ledger/financial reporting, and management reporting. The MIS processes additional nonfinancial transactions that contribute to the decision making of managers. PTS: 1 11. Describe the attest function and its objectives. ANS: The attest function, or the takst of an external audit is an independent attestation performed by an expert—the auditor—who expresses an opinion regarding the presentation of financial statements. The attest function is performed by Certified Public Accountants (CPA) who work for public accounting firms that are independent of the client organization being audited. The audit objective is always associated with assuring the fair presentation of financial statements. These audits are, therefore, often referred to as financial audits. The Securities and Exchange Commission (SEC) requires all publicly traded companies to undergo a financial audit annually. CPAs conducting such audits represent the interests of outsiders: stockholders, creditors, government agencies, and the general public. PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1 12. Why is it important to organizationally separate the accounting function from other functions of the organization? ANS: The accounting function provides record-keeping services for all of the operations and day-to-day activities of other departments, which affect the financial position of the organization. Record keeping tasks must be kept separate from any area that has custody over assets. Thus, the accounting function must remain independent so that the protection of the firm’s assets is carried out in an environment with minimum possibilities for theft. PTS: 1 13. How does SOX affect the provision of attest and advisory services? ANS: Prior to the passage of SOX, accounting firms could provide advisory services concurrently to audit (attest function) clients. SOX legislation, however, greatly restricts the types of non-audit services that auditors may render audit clients. It is now unlawful for a registered public accounting firm that is currently providing attest services for a client to provide the following services: bookkeeping or other services related to the accounting records or financial statements of the audit client, financial information systems design and implementation, appraisal or valuation services, fairness opinions, or contribution-inkind reports, actuarial services, internal audit outsourcing services, management functions or human resources, broker or dealer, investment adviser, or investment banking services, legal services and expert services unrelated to the audit, or any other service that the Board determines, by regulation, is impermissible. PTS: 1 14. What are the similarities and differences between external auditors and internal auditors? ANS: The characteristic that conceptually distinguishes external auditors from internal auditors is their respective constituencies: while external auditors represent outsiders, internal auditors represent the interests of the organization. Nevertheless, in this capacity, internal auditors often cooperate with and assist external auditors in performing aspects of financial audits. This cooperation is done to achieve audit efficiency and reduce audit fees. For example, a team of internal auditors can perform tests of computer controls under the supervision of a single external auditor. The independence and competence of the internal audit staff determine the extent to which external auditors may cooperate with and rely on work performed by internal auditors. External auditors can rely in part on evidence gathered by internal audit departments that are organizationally independent and report to the board of directors’ audit committee. A truly independent internal audit staff adds value to the external audit process. PTS: 1
Accounting Information Systems, 9e – Test Bank, Chapter 1
15. What are fraud audits and why have they become more common? ANS: The objective of a fraud audit is to investigate anomalies and gather evidence of fraud that may lead to criminal conviction. Sometimes fraud audits are initiated when corporate management suspects employee fraud. Alternatively, boards of directors may hire fraud auditors to investigate their own executives if theft of assets or financial fraud is suspected. Organizations victimized by fraud usually contract with specialized fraud units of public accounting firms or with companies that specialize in forensic accounting. In recent years fraud audits have increased in popularity as a corporate governance tool. They have been thrust into prominence by a corporate environment in which both employee theft of assets and major financial frauds by management (e.g., Enron, WorldCom, etc.) have become rampant. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
Chapter 2—Introduction to Transaction Processing TRUE/FALSE 1. Processing more transactions at a lower unit cost makes batch processing more efficient than real-time systems. ANS: T
PTS: 1
2. The process of acquiring raw materials is part of the conversion cycle. ANS: F
PTS: 1
3. Directing work-in-process through its various stages of manufacturing is part of the conversion cycle. ANS: T
PTS: 1
4. The portion of the monthly bill from a credit card company is an example of a turn-around document. ANS: T
PTS: 1
5. The general journal is used to record recurring transactions that are similar in nature. ANS: F
PTS: 1
6. Document flowcharts are used to represent systems at different levels of detail. ANS: F
PTS: 1
7. Data flow diagrams represent the physical system. ANS: F
PTS: 1
8. System flowcharts are often used to depict processes that are handled in batches. ANS: T
PTS: 1
9. Program flowcharts depict the type of media being used (paper, magnetic tape, or disks) and terminals. ANS: F
PTS: 1
10. System flowcharts represent the input sources, programs, and output products of a computer system. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
11. Program flowcharts are used to describe the logic represented in system flowcharts. ANS: T
PTS: 1
12. Batch processing systems can store data on direct access storage devices. ANS: T
PTS: 1
13. Selecting a specific record from a master file containing millions of records requires a direct access file environment. ANS: T
PTS: 1
14. The box symbol represents a temporary file. ANS: F
PTS: 1
15. Auditors may prepare program flowcharts to verify the correctness of program logic. ANS: T
PTS: 1
16. A control account is a general ledger account which is supported by a subsidiary ledger. ANS: T
PTS: 1
17. The most significant characteristic of direct access files is access speed. ANS: T
PTS: 1
18. Real time processing is used for routine transactions in large numbers. ANS: F
PTS: 1
19. Batch processing is best used when timely information is needed because this method processes data efficiently. ANS: F
PTS: 1
20. An inverted triangle with the letter “N” represents a file in “name” order. ANS: F
PTS: 1
21. Real-time processing in systems that handle large volumes of transactions each day can create operational inefficiencies. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
22. Operational inefficiencies occur because accounts unique to many concurrent transactions need to be updated in real time. ANS: F
PTS: 1
23. Operational inefficiencies occur because accounts common to many concurrent transactions need to be updated in real time. ANS: T
PTS: 1
24. Batch processing of non-critical accounts improves operational efficiency. ANS: T
PTS: 1
25. Batch processing of accounts common to many concurrent transactions reduces operational efficiency. ANS: F
PTS: 1
26. The block code is the coding scheme most appropriate for a chart of accounts. ANS: T
PTS: 1
27. Sequential codes may be used to represent complex items or events involving two or more pieces of related data. ANS: F
PTS: 1
28. Block codes restrict each class to a pre-specified range. ANS: T
PTS: 1
29. For a given field size, a system that uses alphabetic codes can represent far more situations than a system with that uses numeric codes. ANS: T
PTS: 1
30. Mnemonic codes are appropriate for items in either an ascending or descending sequence, such as the numbering of checks or source documents. ANS: F
PTS: 1
31. The flat-file approach is most often associated with so-called legacy systems. ANS: T
PTS: 1
32. In a flat-file system, files are easily shared by users. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
MULTIPLE CHOICE 1. Which system is not part of the expenditure cycle? a. cash disbursements b. Payroll c. production planning/control d. purchases/accounts payable
ANS: C
PTS: 1
2. Which system produces information used for inventory valuation, budgeting, cost control, performance reporting, and make-buy decisions? a. sales order processing b. purchases/accounts payable c. cash disbursements d. cost accounting
ANS: D
PTS: 1
3. Which of the following is a turn-around document? a. remittance advice b. sales order c. purchase order d. payroll check
ANS: A
PTS: 1
4. The order of the entries made in the ledger is by a. transaction number b. account number c. Date d. User
ANS: B
PTS: 1
5. The order of the entries made in the general journal is by a. Date b. account number c. User d. customer number
ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
6. In general, a special journal would not be used to record a. sales b. cash disbursements c. depreciation d. purchases
ANS: C
PTS: 1
7. Which account is least likely to have a subsidiary ledger? a. sales b. accounts receivable c. fixed assets d. inventory
ANS: A
PTS: 1
8. Subsidiary ledgers are used in manual accounting environments. What file is comparable to a subsidiary ledger in a computerized environment? a. archive file b. reference file c. transaction file d. master file
ANS: D
PTS: 1
9. A journal is used in manual accounting environments. What file is comparable to a journal in a computerized environment? a. archive file b. reference file c. transaction file d. master file
ANS: A
PTS: 1
10. In a computerized environment, a list of authorized suppliers would be found in the a. master file b. transaction file c. reference file d. archive file
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
11.
Which of the following is an archive file? a. an accounts payable subsidiary ledger b. a cash receipts file c. a sales journal d. a file of accounts receivable that have been written off
ANS: D
PTS: 1
12. Which document is not a type of source document? a. a sales order b. an employee time card c. a paycheck d. a sales return receipt
ANS: C
PTS: 1
13. The most important purpose of a turnaround document is to a. serve as a source document b. inform a customer of the outstanding amount payable c. provide an audit trail for the external auditor d. inform the bank of electronic funds deposits
ANS: A
PTS: 1
14. Which type of graphical documentation represents systems at different levels of detail? a. data flow diagram b. document flowchart c. system flowchart d. program flowchart
ANS: A
PTS: 1
15. Data flow diagrams a. depict logical tasks that are being performed, but not who is performing them b. illustrate the relationship between processes, and the documents that flow between them and trigger activities c. represent relationships between key elements of the computer system d. describe in detail the logic of the process
ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
16. System flowcharts a. depict logical tasks that are being performed, but not who is performing them b. illustrate the relationship between database entities in systems. c. represent relationships between key elements of both manual and computer systems. d. describe the internal logic of computer applications in systems. .
ANS: C 17.
PTS: 1
When determining the batch size, which consideration is the least important? a. achieving economies by grouping together large numbers of transactions b. complying with legal mandates c. providing control over the transaction process d. balancing the trade-off between batch size and error detection
ANS: B
PTS: 1
18. In contrast to a real-time system, in a batch processing system a. there is a lag between the time when the economic event occurs and the financial records are updated b. relatively more resources are required c. a greater resource commitment per unit of output is required d. processing takes place when the economic event occurs
ANS: A
PTS: 1
19. In contrast to a batch processing system, in a real-time system a. a lag occurs between the time of the economic event and when the transaction is recorded b. relatively fewer hardware, programming, and training resources are required c. a lesser resource commitment per unit of output is required d. processing takes place when the economic event occurs
ANS: D
PTS: 1
20. The type of transaction most suitable for batch processing is a. airline reservations b. credit authorization c. payroll processing d. adjustments to perpetual inventory
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
21. The type of transaction most suitable for real-time processing is a. recording fixed asset purchases b. recording interest earned on long-term bonds c. adjusting prepaid insurance d. recording a sale on account
ANS: D
PTS: 1
22. A(n) structure employs an algorithm that converts the primary key of a record directly into a storage address. a. hashing b. indexed c. pointer d. sequential
ANS: A
PTS: 1
23. Both the revenue and the expenditure cycle can be viewed as having two key parts. These are a. manual and computerized b. physical and financial c. input and output d. batch and real-time
ANS: B
PTS: 1
24. All of the following can provide evidence of an economic event except a. source document b. turn-around document c. master document d. product document
ANS: C
PTS: 1
25. An entity is a. a physical resource b. an event c. an agent d. all of the above are entities
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
26. Which symbol represents an on-page connector? a.
b. c.
d.
ANS: C
PTS: 1
27. Which symbol represents a manual operation? a.
b.
c.
d.
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
28. Which symbol represents accounting records? a.
b.
c.
d.
ANS: A
PTS: 1
29. Which symbol represents a document? a.
b.
c.
d.
ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
30. Which symbol represents a magnetic tape (sequential storage device)? a.
b.
c.
d.
ANS: D
PTS: 1
31. Which symbol represents a decision? a.
b. c.
d.
ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
32. The characteristics that distinguish between batch and real-time systems include all of the following except a. time frame b. resources used c. file format d. efficiency of processing
ANS: C
PTS: 1
33. A file that stores data used as a standard when processing transactions is a. a reference file b. a master file c. a transaction file d. an archive file
ANS: A
PTS: 1
34. Sequential storage means a. data is stored on tape b. access is achieved through an index c. access is direct d. reading record 100 requires first reading records 1 to 99
ANS: D
PTS: 1
35. Real-time processing would be most beneficial in handling a firm’s a. fixed asset records b. retained earning information c. merchandise inventory d. depreciation records
ANS: C
PTS: 1
36. Which accounting application is least suited to batch processing? a. general ledger b. vendor payments c. sales order processing d. payroll
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
37. Which accounting application is best suited to batch processing? a. general ledger b. updating inventory reductions to the subsidiary ledger c. sales order processing d. credit checking
ANS: D
PTS: 1
38. Operational inefficiencies occur because a. accounts both common and unique to many concurrent transactions need to be updated in real time. b. accounts common to many concurrent transactions need to be updated in real time. c. accounts unique to many concurrent transactions need to be updated in real time. d. None of the above are true statements
ANS: B
PTS: 1
39. Operational efficiencies can be improved by a. updating accounts both common and unique to many concurrent transactions in real time. b. updating accounts both common and unique to many concurrent transactions in batch mode. c. updating accounts unique to many concurrent transactions in real time and updating common accounts in batch mode. d. None of the above are true statements
ANS: C
PTS: 1
40. The coding scheme most appropriate for a chart of accounts is a. sequential code b. block code c. group code d. mnemonic code
ANS: B
PTS: 1
41. A common use for sequential coding is a. creating the chart of accounts b. identifying inventory items c. identifying documents d. identifying fixed assets
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
42. The most important advantage of sequential coding is that a. missing or unrecorded documents can be identified b. the code itself lacks informational content c. items cannot be inserted d. deletions affect the sequence
ANS: A
PTS: 1
43. When a firm wants its coding system to convey meaning without reference to any other document, it would choose a. an alphabetic code b. a mnemonic code c. a group code d. a block code
ANS: B
PTS: 1
44. The most important advantage of an alphabetic code is that a. meaning is readily conveyed to users b. sorting is simplified c. the capacity to represent items is increased d. missing documents can be identified
ANS: C
PTS: 1
SHORT ANSWER 1. List two of the three transaction cycles. ANS: expenditure cycle, conversion cycle, revenue cycle PTS: 1 2. Documents that are created at the beginning of the transaction are called . ANS: source documents PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
3.
are the two data processing approaches used in modern systems. ANS: Batch processing and real-time processing PTS: 1
4. Give a specific example of a turn-around document. ANS: credit card, electricity, water, or telephone bill, etc. PTS: 1 5. Explain when it is appropriate to use special journals. ANS: Special journals are used to record large volumes of recurring transactions that are similar in nature. PTS: 1 6. What are the subsystems of the revenue cycle? ANS: sales order processing, cash receipts PTS: 1 7. What are the subsystems of the expenditure cycle? ANS: purchasing, cash disbursements, payroll, fixed asset system PTS: 1 8. Most organizations have replaced the general journal with a ANS: journal voucher system PTS: 1
.
Accounting Information Systems, 9e—Test Bank, Chapter 2
9. Provide a specific example of a general ledger account and a corresponding subsidiary ledger. ANS: accounts receivable control account and accounts receivable subsidiary, accounts payable control account and accounts payable subsidiary, inventory control and a subsidiary of specific inventory items, fixed asset control account and a subsidiary of specific fixed assets, notes receivable/payable and individual notes receivable and payable PTS: 1 10. Name four documentation techniques. ANS: entity-relationship diagrams, data flow diagrams, system flowcharts, program flowcharts PTS: 1 11. Why is the audit trail important? ANS: The audit trail is used to track transactions from the source document to the financial statements and vice versa. Accountants use the audit trail to correct errors, answer queries, and perform audits. PTS: 1 12. What is a ledger? ANS: A ledger is a book of accounts that reflects the financial effects of the firm’s transactions after they are posted to journals. Ledgers show activity by account type. PTS: 1 13. Only four symbols are used in data flow diagrams. What are they? ANS: process, data store, data flow, entity PTS: 1 14. Which documentation technique depicts data relationship in databases.? ANS: Entity relationship diagram PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
15. What are the three characteristics that are used to distinguish between batch and real-time systems. ANS: time frame, resources, operational efficiency PTS: 1 16. Give one advantages of real-time data collection. ANS: Certain transaction errors can be prevented or detected and corrected at their source. PTS: 1 17. In one sentence, what does updating a master file record involve? ANS: Updating a master file record involves changing the value of one or more of its variable fields to reflect the effects of a transaction. PTS: 1 18. What are the two broad classes of file technologies? ANS: Flat files and databases PTS: 1 19.. Explain two types of coding schemes and give examples of their use. ANS: Sequential codes represent items in some sequential order. Pre-numbered checks are one example. Block codes use sequential numbering in specific parts of the total code–all current assets begin with ‘1,’ fixed asset ‘2,’ etc. Traditional charts of accounts use block codes and start assets with 1, liabilities with 2, etc. Alphabetic codes are similar to numeric codes with increased options. A two character code AA has potential for 676 items (26 26) whereas a two digit code can accommodate only 100 (10 10). Mnemonic codes use letters with meaning. The postal state abbreviations are mnemonic. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
ESSAY 1. Describe the key activities in the revenue, conversion, and expenditure cycles. ANS: Revenue cycle: Sales order processing involves preparation of sales orders, credit granting, shipment and billing. Cash receipts collects cash and makes bank deposits. Conversion cycle: Production system involves planning, scheduling, and control of the manufacturing process. Cost accounting system monitors the flow of cost information related to production. Expenditure cycle: Purchases/accounts payable involves the acquisition of physical inventory. Cash disbursements authorizes payment and disburses funds. Payroll monitors labor usage and disburses paychecks to employees. PTS: 1 2. Categorize each of the following activities into the expenditure, conversion or revenue cycles and identify the applicable subsystem. a. Preparing the weekly payroll for manufacturing personnel. b. Releasing raw materials for use in the manufacturing cycle. c. Recording the receipt of payment for goods sold. d. Recording the order placed by a customer. e. Ordering raw materials. f. Determining the amount of raw materials to order. ANS: a. Expenditure cycle-payroll subsystem. b. Conversion cycle-production system subsystem. c. Revenue cycle-cash receipts subsystem. d. Revenue cycle-sales order processing subsystem. e. Expenditure cycle-purchases subsystem. f. Conversion cycle-production subsystem. PTS: 1 3. What does an entity-relationship diagram represent? Why do accountants need to understand them? ANS: Entity relationship diagrams represent the relationship between entities in a system. An entity is either 1) a resource (such as cash or inventory), 2) an event (such as a sale or a receipt of cash), or 3) an agent (such as a customer or vendor). ERDs represent the relationship between entities graphically. ERDs are used in the design of databases. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
4. Time lag is one characteristic used to distinguish between batch and real-time systems. Explain. Give an example of when each is a realistic choice. ANS: Batch processing collects similar transactions into groups (batches) and processes them all at once. Hence, affected files are up to date immediately after the update, but can be expected to be out of date until the next run. Hence, there is a time lag between the event and its recording in the system. A payroll system is often handled with batch processing since it must be up to date at fixed time periods and need not be modified between pay dates. Real-time systems process each transaction as it occurs and files are always up to date–there is no time lag. This is preferred when there may be a need to query the system for the status of transactions. A sales order processing system would benefit from real-time processing. Hence, customer questions could be answered easily, without waiting for the next update (as would be required if the system was batch). PTS: 1 5. The revenue cycle has two subsystems. What are they and what occurs within each? ANS: The two subsystems of the revenue cycle are sales order processing and cash receipts. In the sales order processing subsystem, the sales order is processed, credit granted, goods are shipped, customer is billed, and related files updated (sales, accounts receivable, inventory, etc.). In the cash receipts subsystem, cash is collected and deposited in the bank and files updated (cash, accounts receivable, etc.). PTS: 1 6. Resource use is one characteristic used to distinguish between batch and real-time systems. Explain. ANS: Batch processing typically requires the use of fewer resources including programmer time and effort, computer time, hardware, and user training. Real-time systems require significantly more programming time, especially in the development of the user interface, often require much more computer time, and more expensive hardware, even a dedicated processor. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
7. Give a brief description of each of the following documentation techniques: systems flowchart, and program flowchart. ANS: System flowcharts portray the relationships between source data, transaction files, computer programs, master files, and output, including the form or type of media of each. Program flowcharts represent the logic of a particular program. Each step is represented by a separate symbol, each of which represents one or more lines of computer instructions. The order of the steps is represented by the flow lines. PTS: 1 8. Give an example of how cardinality relates to business policy. ANS: Cardinality reflects normal business rules as well as organizational policy. For instance, the 1:1 cardinality between the entities “Salesperson” and “Company Car” suggests that each salesperson in the organization is assigned one company car. If instead the organization’s policy were to assign a single automobile to one or more salespersons who share it, this policy would be reflected by a 1:M relationship. PTS: 1 9. For what purpose are ER diagrams used? ANS: An entity relationship (ER) diagram is a documentation technique used to represent the relationship between entities. One common use for ER diagrams is to model an organization’s database. PTS: 1 10. With regard to an entity relationship diagram, what is an entity? ANS: Entities are physical resources (automobiles, cash, or inventory), events (ordering inventory, receiving cash, shipping goods) and agents (salesperson, customer, or vendor) about which the organization wishes to capture data. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
11. Is a DFD an effective documentation technique for identifying who or what performs a particular task? Explain. ANS: No. A DFD shows which tasks are being performed, but not who performs them. It depicts the logical system. PTS: 1 12. Is a flowchart an effective documentation technique for identifying who or what performs a particular task? Explain. ANS: Yes. A flowchart depicts the physical system and illustrates who, what, and where a task is performed. PTS: 1 13. How may batch processing be used to improve operational efficiency? ANS: A single transaction may affect several different accounts. Some of these accounts, however, may not need to be updated in real-time. In fact, the task of doing so takes time which, when multiplied by hundreds or thousands of transactions, can cause significant processing delays. Batch processing of non-critical accounts, however, improves operational efficiency by eliminating unnecessary activities at critical points in the process. PTS: 1 14. If an organization processes large numbers of transactions that use common data records, what type of system would work best (all else being equal)? ANS: Large-scale systems that process high volumes of transactions, often use real-time data collection and batch updating. Master file records that are unique to a transaction such as customer accounts and individual inventory records can be updated in real time without causing operational delays. Common accounts should be updated in batch mode. Real-time processing is better suited to systems that process lower transaction volumes and those that do not share common records. PTS: 1 15. Why might an auditor use a program flowchart? ANS: When testing an application program, the auditor needs details about its internal logic provided by the program flowchart to design the audit tests. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
16. How are computer system flowcharts and program flowcharts related? ANS: The system flowchart shows the relationship between two computer programs, the files that they use, and the outputs that they produce. However, this level of documentation does not provide the operational details that are sometimes needed. An auditor wishing to assess the correctness a program’s logic cannot do so from the system flowchart. A program flowchart provides this detail. Every program represented in a system flowchart should have a supporting program flowchart that describes its logic. PTS: 1 17. What are the key distinguishing features of legacy systems? ANS: Legacy systems tend to have the following distinguishing features: they are mainframe based applications; they tend to be batch oriented; early legacy systems use flat-files for data storage, however, hierarchical and network databases are often associated with later era legacy systems. These highly structured and inflexible storage systems promote a single-user environment that discourages information integration within business organizations. PTS: 1 18. What information is provided by a record layout diagram? ANS: Record layout diagrams are used to reveal the internal structure of the records that constitute a file or database table. The layout diagram usually shows the name, data type, and length of each attribute (or field) in the record. PTS: 1 19. Comment on the following statement: “Legacy systems use flat file structures.” ANS: A flat-file model is a single-view model that characterizes legacy systems in which data files are structured, formatted, and arranged to suit the specific needs of the owner or primary user of the system. Such structuring, however, may omit or corrupt data attributes that are essential to other users, thus preventing successful integration of systems across the organization. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
20. What factor influences the decision to employ real-time data collection with batch updating rather that purely real-time processing? Explain. ANS: Transaction volume is the key factor. Large scale systems that process high volumes of transactions, often use real-time data collection and batch updating. Master file records that are unique to a transaction such as customer accounts and individual inventory records can be updated in real time without causing operational delays. Common accounts should be updated in batch mode. Real-time processing is better suited to systems that process lower transaction volumes and those that do not share common records. PTS: 1 21. Why is the master file backup procedure important? ANS: Master file backup is a standard procedure in transaction processing systems to maintain master file integrity in the event that any of the following problems should occur: 1) An update program error corrupts the master files being updated. 2) Undetected errors in the transaction data result in corrupted master file balances. 3) A disaster such as a fire or flood physically destroys current master files. If the current master file becomes corrupted or is destroyed, corporate IT professionals can retrieve the most current backed-up file from the archives and use it to reconstruct the current version of the master file. PTS: 1 22. What are the reasons companies use coding schemes in their accounting information systems? ANS: Companies use coding schemes in their AISs because codes concisely represent large amounts of complex information that would otherwise be unmanageable. They also provide a means of accountability over the completeness of the transactions processed and identify unique transactions and accounts within a file. In addition, coding supports the audit function by providing an effective audit trail. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 2
23. Compare and contrast the relative advantages and disadvantages of sequential, block, group, alphabetic and mnemonic codes. ANS: Sequential codes are appropriate for items in either an ascending or descending sequence, such as the numbering of checks or source documents. An advantage is that during batch processing, any gapdetected in the sequence is a signal that a transaction may be missing. A disadvantage is that the codes carry little, if any, information other than the sequence order. Another disadvantage is that sequential codes are difficult to manage when items need to be added; the sequence needs either to be reordered or the items must be added to the end of the list. Block codes provide some remedies to sequential codes by restricting each class to a pre-specified range. The first digit typically represents a class, whereas the following digits are sequential items which may be spaced in intervals in case of future additions. An example of block coding is a chart of accounts. A disadvantage of block coding is that the information content does not provide much meaning, i.e. an account number only means something if the chart of accounts is known. Group codes may be used to represent complex items or events involving two or more pieces of related data. The code is comprised of fields which possess specific meaning. The advantages of group codes over sequential and block codes are 1) they facilitate the representation of large amounts of diverse data, 2) they allow complex data structures to be represented in a hierarchical form that is logical and thus more easily remembered by humans, and 3) they permit detailed analysis and reporting both within an item class and across different classes of items. A disadvantage is that the codes may be overused to link classes which do not need to be linked, and thus creating a more complex coding system that is necessary. Alphabetic codes may be used sequentially or in block or group codes. An advantage is that a system which uses alphabetic codes can represent far more situations than a system with numeric codes given a specific field size. Some disadvantages are that sequentially assigned codes mostly have little meaning. Also, humans typically find alphabetic codes more difficult to sort than numeric data. Lastly, mnemonic codes are alphabetic characters in the form of acronyms, abbreviations or other combinations that convey meaning. The meaning aspect is its advantage. A disadvantage of mnemonic codes is that they are limited in their ability to represents items within a class i.e. names of all of American Express's customers.
Accounting Information Systems, 9e—Test Bank, Chapter 2
APPENDIX QUESTION 24. Explain how a hashing structure works and why it is quicker than using an index. Give an example. If it so much faster, why isn't it used exclusively? ANS: A hashing structure typically works by taking a key value and using it to divide a prime number. The result is a unique number almost all of the time if enough decimal places are used. The resulting numbers are used to find the unique location of the record. Calculating a record's address is faster than searching for it through an index, therefore the principal advantage of hashing is access speed.. It is not used exclusively because it does not use the storage disk efficiently. Some disk locations will never be selected because they do not correspond to legitimate key values. Also, different record keys may sometimes translate to the same address and data collision could occur. A way around this exists using pointers, but the additional pointers slow down the system. PTS: 1 25. Explain the following three types of pointers: physical address pointer, relative address pointer, and logical key pointer. ANS: A physical address pointer contains the actual disk storage location (cylinder, surface, and record number) needed by the disk controller. This approach allows the system to access the record directly without obtaining further information. A relative address pointer contains the relative position of a record in the file. This address (i.e., the 200th record on the file) must be further manipulated to convert it to the actual physical address. The conversion software determines this by using the physical address of the beginning of the file, the length of each record in the file, and the relative address of the record being sought. A logical key pointer contains the primary key of the related record. This key value is then converted into the record’s physical address by a hashing algorithm. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
Chapter 3—Ethics, Fraud, and Internal Control TRUE/FALSE 1. The ethical principle of justice asserts that the benefits of the decision should be distributed fairly to those who share the risks. ANS: T
PTS: 1
2. The ethical principle of informed consent suggests that the decision should be implemented so as to minimize all of the risks and to avoid any unnecessary risks. ANS: F
PTS: 1
3. Employees should be made aware of the firm’s commitment to ethics. ANS: T
PTS: 1
4. Business ethics is the analysis of the nature and social impact of computer technology, and the corresponding formulation and justification of policies for the ethical use of such technology. ANS: F
PTS: 1
5. Para computer ethics is the exposure to stories and reports found in the popular media regarding the good or bad ramifications of computer technology. ANS: F
PTS: 1
6. Computer programs are intellectual property. ANS: T
PTS: 1
7. Copyright laws and computer industry standards have been developed jointly and rarely conflict. ANS: F
PTS: 1
8. Business bankruptcy cases always involve fraudulent behavior. ANS: F
PTS: 1
9. Defalcation is another word for financial fraud. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
10. According to the Association of Certified Fraud Examiners (ACFE) study, most frauds are committed by employees in management positions. ANS: F
PTS: 1
11. The external auditor is responsible for establishing and maintaining the internal control system. ANS: F
PTS: 1
12. Segregation of duties is an example of an internal control procedure. ANS: T
PTS: 1
13. Of the three fraud factors (situational pressure, ethics, and opportunity), situational pressure is the factor that actually facilitates the act. ANS: F
PTS:
1
14. Preventive controls are passive techniques designed to reduce fraud. ANS: T
PTS: 1
15. Ethical issues and legal issues are essentially the same. ANS: F
PTS: 1
16. Internal control systems are recommended but not required of firms subject to the Sarbanes-Oxley Act. ANS: F
PTS: 1
17. Collusion among employees in the commission of a fraud is difficult to prevent but easy to detect. ANS: F
PTS:
1
18. The Sarbanes-Oxley Act requires only that a firm keep good records. ANS: F
PTS: 1
19. A key modifying assumption in internal control is that the internal control system is the responsibility of management. ANS: T
PTS: 1
20. Database management fraud includes altering, updating, and deleting an organization’s data. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
21. While the Sarbanes-Oxley Act prohibits auditors from providing non-accounting services to their audit clients, they are not prohibited from performing such services for non-audit clients or privately held companies. ANS: T
PTS: 1
22. The Sarbanes-Oxley Act requires the audit committee to hire and oversee the external auditors. ANS: T
PTS: 1
23. Section 404 requires that corporate management (including the CEO) certify their organization’s internal controls on a quarterly and annual basis. ANS: F
PTS: 1
24. Section 302 requires the management of public companies to assess and formally report on the effectiveness of their organization’s internal controls. ANS: F
PTS: 1
25. The objective of SAS 99 is to seamlessly blend the auditor’s consideration of fraud into all phases of the audit process. ANS: T
PTS: 1
26. The fraud triangle represents a geographic area in Southeast Asia where international fraud is prevalent. ANS: F
PTS: 1
27. Situational pressure includes personal or job related stresses that could coerce an individual to act dishonestly. ANS: T
PTS: 1
28. Opportunity involves direct access to assets and/or access to information that controls assets. ANS: T 29.
PTS: 1
Cash larceny involves stealing cash from an organization before it is recorded on the organization’s books and records. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
30.
Skimming involves stealing cash from an organization after it is recorded on the organization’s books and records ANS: F
PTS: 1
31. A check digit is a method of detecting data coding errors. ANS: T
PTS: 1
32. Input controls are intended to detect errors in transaction data after processing. ANS: F
PTS: 1
33. A run-to-run control is an example of an output control. ANS: F
PTS: 1
34. Shredding computer printouts is an example of an output control. ANS: T
PTS: 1
35. In a computerized environment, all input controls are implemented after data is input. ANS: F
PTS: 1
36. Spooling is a form of processing control. ANS: F
PTS: 1
37. An input control that tests time card records to verify than no employee has worked more 50 hours in a pay period is an example of a range test. ANS: F
PTS: 1
38. Systems that use sequential master files employ a backup technique called destructive update. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
MULTIPLE CHOICE 1. Which ethical principle states that the benefit from a decision must outweigh the risks, and that there is no alternative decision that provides the same or greater benefit with less risk? a. minimize risk b. justice c. informed consent d. proportionality ANS: D
PTS: 1
2. Individuals who acquire some level of skill and knowledge in the field of computer ethics are involved in which level of computer ethics? a. para computer ethics b. pop computer ethics c. theoretical computer ethics d. practical computer ethics ANS: A
PTS: 1
3. All of the following are factors in the fraud triangle except a. Ethical behavior of an individual b. Pressure exerted on an individual at home and job related c. Materiality of the assets d. Opportunity to gain access to assets ANS: C
PTS: 1
4. Which characteristic is not associated with software as intellectual property? a. uniqueness of the product b. possibility of exact replication c. automated monitoring to detect intruders d. ease of dissemination ANS: C
PTS: 1
5. For an action to be called fraudulent, all of the following conditions are required except a. poor judgment b. false representation c. intent to deceive d. injury or loss ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
6. One characteristic of employee fraud is that the fraud a. is perpetrated at a level to which internal controls do not apply b. involves misstating financial statements c. involves the direct conversion of cash or other assets to the employee’s personal benefit d. involves misappropriating assets in a series of complex transactions involving third parties ANS: C
PTS: 1
7. Forces which may permit fraud to occur do not include a. a gambling addiction b. lack of segregation of duties c. centralized decision making environment d. questionable integrity of employees ANS: C
PTS: 1
8. Which of the following best describes lapping? a. applying cash receipts to a different customer’s account in an attempt to conceal previous thefts of funds b. inflating bank balances by transferring money among different bank accounts c. expensing an asset that has been stolen d. creating a false transaction ANS: A
PTS: 1
9. Skimming involves a. stealing cash from an organization before it is recorded b. Stealing cash from an organization after it has been recorded c. manufacturing false purchase orders, receiving reports, and invoices d. A clerk pays a vendor twice for the same products and cashes the reimbursement check issued by the vendor. ANS: A
PTS: 1
10. Who is responsible for establishing and maintaining the internal control system? a. the internal auditor b. the accountant c. management d. the external auditor ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
11. The concept of reasonable assurance suggests that a. the cost of an internal control should be less than the benefit it provides b. a well-designed system of internal controls will detect all fraudulent activity c. the objectives achieved by an internal control system vary depending on the data processing method d. the effectiveness of internal controls is a function of the industry environment ANS: A
PTS: 1
12. Which of the following is not a limitation of the internal control system? a. errors are made due to employee fatigue b. fraud occurs because of collusion between two employees c. the industry is inherently risky d. management instructs the bookkeeper to make fraudulent journal entries ANS: C
PTS: 1
13. The most cost-effective type of internal control is a. preventive control b. accounting control c. detective control d. corrective control ANS: A
PTS: 1
14. Which of the following is a preventive control? a. credit check before approving a sale on account b. bank reconciliation c. physical inventory count d. comparing the accounts receivable subsidiary ledger to the control account ANS: A
PTS: 1
15. A well-designed purchase order is an example of a a. preventive control b. detective control c. corrective control d. none of the above ANS: A
PTS: 1
16. A physical inventory count is an example of a a. preventive control b. detective control c. corrective control d. feedforward control ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
17. The bank reconciliation uncovered a transposition error in the books. This is an example of a a. preventive control b. detective control c. corrective control d. none of the above ANS: B
PTS: 1
18. In balancing the risks and benefits that are part of every ethical decision, managers receive guidance from each of the following except a. justice b. self interest c. risk minimization d. proportionality ANS: B
PTS: 1
19. Which of the following is not an element of the control environment? a. management philosophy and operating style b. organizational structure of the firm c. well-designed documents and records d. the participation of the board of directors and the audit committee
ANS: C
PTS: 1
20. According to the ACFE study, when it comes to fraud losses a. the median fraud loss caused by males is more than double that caused by females b. most frauds are committed by individuals acting alone c. managers commit more frauds that employees d. all of the above. ANS: A
PTS: 1
21. Giving, receiving, offering or soliciting something of value because of an official act that has been taken is a. bribery b. a conflict of interest c. an illegal gratuity d. economic extortion ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
22. SOX requires: a. public companies to report all off-balance sheet transactions b. management to accept responsibility for maintaining adequate internal controls c. Officers to certify that company accounts fairly present the results of operations d. all of the above. ANS: D
PTS: 1
23. Economic extortion a. involves giving, offering, soliciting, or receiving things of value to influence an official in the performance of his or her lawful duties b. occurs when an employee acts of behalf of a third party during the discharge or his or her duties c. is the use of threat of force by an individual or organization to obtain something of value d. involves stealing cash from an organization before it is recorded in its books and records ANS: C
PTS: 1
24. Cash larceny involves a. stealing cash from an organization before it is recorded b. stealing cash from an organization after it has been recorded c. manufacturing false purchase orders, receiving reports, and invoices d. A clerk pays a vendor twice for the same products and cashes the reimbursement check issued by the vendor. ANS: B
PTS: 1
25. Which of the following is not an internal control procedure? a. authorization b. management’s operating style c. independent verification d. accounting records ANS: B
PTS: 1
26. The decision to extend credit beyond the normal credit limit is an example of a. independent verification b. authorization c. segregation of functions d. supervision ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
27. When duties cannot be segregated, the most important internal control procedure is a. supervision b. independent verification c. access controls d. accounting records ANS: A
PTS: 1
28. An accounting system that maintains an adequate audit trail is implementing which internal control procedure? a. access controls b. segregation of functions c. independent verification d. accounting records ANS: D
PTS: 1
29. Employee fraud involves three steps. Of the following, which is not involved? a. concealing the crime to avoid detection b. stealing something of value c. misstating financial statements d. converting the asset to a usable form ANS: C
PTS: 1
30. Which of the following is not an example of independent verification? a. comparing fixed assets on hand to the accounting records b. performing a bank reconciliation c. comparing the accounts payable subsidiary ledger to the control account d. permitting only authorized users to access the accounting system ANS: D
PTS: 1
31. The importance to the accounting profession of the Sarbanes-Oxley Act is that a. bribery will be eliminated b. management will not override the company’s internal controls c. management are required to certify their internal control system d. firms will not be exposed to lawsuits ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
32. The board of directors consists entirely of personal friends of the chief executive officer. This indicates a weakness in a. the accounting system b. the control environment c. control procedures d. this is not a weakness ANS: B
PTS: 1
33. A shell company fraud involves a. stealing cash from an organization before it is recorded b. stealing cash from an organization after it has been recorded c. manufacturing false purchase orders, receiving reports, and invoices d. s clerk pays a vendor twice for the same products and cashes the reimbursement check issued by the vendor ANS: C
PTS: 1
34. When certain customers made cash payments to reduce their accounts receivable, the bookkeeper embezzled the cash and wrote off the accounts as uncollectible. Which control procedure would most likely prevent this irregularity? a. segregation of duties b. accounting records c. accounting system d. access controls ANS: A
PTS: 1
35. The office manager forgot to record in the accounting records the daily bank deposit. Which control procedure would most likely prevent or detect this error? a. segregation of duties b. independent verification c. accounting records d. supervision ANS: B
PTS: 1
36. Business ethics involves a. how managers decide on what is right in conducting business b. how managers achieve what they decide is right for the business c. both a and b d. none of the above ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
37. All of the following are conditions for fraud except a. false representation b. injury or loss c. intent d. material reliance ANS: D
PTS: 1
38. The four principal types of corruption include all of the following except a. bribery b. skimming c. conflict of interest d. economic extortion ANS: B
PTS: 1
39. The COSO internal control framework includes a. monitoring b. information and communication c. both a. and b. d. none of the above ANS: C
PTS: 1
40. Internal control system have limitations. These include all of the following except a. possibility of honest error b. circumvention c. management override d. stability of systems ANS: D
PTS: 1
41. Management can expect various benefits to follow from implementing a system of strong internal control. Which of the following benefits is least likely to occur? a. Reduced cost of an external audit. b. Preventing employee collusion to commit fraud. c. Availability of reliable data for decision-making purposes. d. Some assurance of compliance with the Foreign Corrupt Practices Act of 1977. e. Some assurance that important documents and records are protected. ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
42. Which of the following situations is not a segregation of duties violation? a. The purchasing department initiates purchases when the purchasing supervisor determines inventory levels are too low. b. The warehouse clerk, who has the custodial responsibility over inventory in the warehouse, keeps the official inventory records. c. The sales manager has the responsibility to approve credit and the authority to write off accounts. d. The accounting clerk who shares the record keeping responsibility for the accounts receivable subsidiary ledger performs the monthly reconciliation of the subsidiary ledger and the control account. e. All of these are segregation of duty violations. ANS: E
PTS: 1
43. Which of the following is not an issue to be addressed in a business code of ethics required by the SEC? a. Conflicts of interest b. Full and Fair Disclosures c. Legal Compliance d. Internal Reporting of Code Violations e. All of the above are issues to be addressed ANS: E
PTS: 1
44. According to common law, to be fraudulent act must a. intend to cause injury or loss regardless of whether or not such loss occurred b. include a false statement or nondisclosure c. both a. and b. d. neither a. nor b. ANS: B
PTS: 1
45. The correct purchase order number,is123456. All of the following are transcription errors except a. 1234567 b. 12345 c. 124356 d. 123454 ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
46. Which of the following is correct? a. check digits should be used for all data codes b. check digits are always placed at the end of a data code c. check digits do not affect processing efficiency d. check digits are designed to detect transcription and transposition errors ANS: D
PTS: 1
47. Which statement is not correct? The goal of batch controls is to ensure that during processing a. transactions are not omitted b. transactions are not added c. transactions are free from clerical errors d. an audit trail is created ANS: C
PTS: 1
48. An example of a hash total is a. total payroll checks–$12,315 b. total number of employees–10 c. sum of the social security numbers–12,555,437,251 d. all of the above ANS: C
PTS: 1
49. Which statement is not true? A batch control record a. contains a transaction code b. records the record count c. contains a hash total d. All of the above are true ANS: D
PTS: 1
50. Which of the following is not an example of a processing control? a. hash total. b. record count. c. batch total. d. check digit ANS: D
PTS: 1
51. Which of the following is an example of an input control test? a. sequence check b. zero value check c. spooling check d. range check ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
52. Which input control check would detect a payment made to a nonexistent vendor? a. missing data check b. numeric/alphabetic check c. range check d. validity check ANS: D
PTS: 1
53. Which input control check would detect a posting to the wrong customer account? a. missing data check b. check digit c. reasonableness check d. validity check ANS: B
PTS: 1
54. The employee entered "40" in the "hours worked per day" field. Which check would detect this unintentional error? a. numeric/alphabetic data check b. sign check c. limit check d. missing data check ANS: C
PTS: 1
55. An inventory record indicates that 12 items of a specific product are on hand. A customer purchased two of the items, but when recording the order, the data entry clerk mistakenly entered 20 items sold. Which check could detect this error? a. numeric/alphabetic data checks b. limit check c. range check d. reasonableness check ANS: B
PTS: 1
56. Which check is not an input control? a. reasonableness check b. validity check. c. spooling check d. missing data check ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
57. A computer operator was in a hurry and accidentally used the wrong master file to process a transaction file. As a result, the accounts receivable master file was erased. Which control would prevent this from happening? a. header label check b. expiration date check c. version check d. validity check ANS: A
PTS: 1
58. Run-to-run control totals can be used for all of the following except a. to ensure that all data input is validated b. to ensure that only transactions of a similar type are being processed c. to ensure the records are in sequence and are not missing d. to ensure that no transaction is omitted ANS: A
PTS: 1
59. Methods used to maintain an audit trail in a computerized environment include all of the following except a. transaction logs b. transaction listings c. data encryption d. log of automatic transactions ANS: C
PTS: 1
60. Risk exposures associated with creating an output file as an intermediate step in the printing process (spooling) include all of the following actions by a computer criminal except a. gaining access to the output file and changing critical data values b. using a remote printer and incurring operating inefficiencies c. making a copy of the output file and using the copy to produce illegal output reports d. printing an extra hardcopy of the output file ANS: B
PTS: 1
61. Which statement is not correct? a. only successful transactions are recorded on a transaction log b. unsuccessful transactions are recorded in an error file c. a transaction log is a temporary file d. a hardcopy transaction listing is provided to users ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
62. Supervision is often called a(n) a. access b. verification c. compensating d. input ANS: C
control.
PTS: 1
63. Which of the following is an example of an input error correction technique? a. immediate correction b. rejection of batch c. creation of error file d. all are examples of input error correction techniques ANS: D
PTS: 1
64. Which of the following is not an input control? a. Range check b. Limit check c. Spooling check d. Validity check e. They are all input controls ANS: C
PTS: 1
65. Which of the following is an input control? a. Reasonableness check b. Run-to-run check c. Spooling check d. Batch check e. None are input controls ANS: A
PTS: 1
66. Systems that use a sequential master files employ a backup technique called a. Batch check b. Destructive update c. Grandfather-father-son d. Master file backup e. None of the above ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
SHORT ANSWER 1. What are the main issues to be addressed in a business code of ethics required by the SEC? ANS: Conflicts of interest, Full and Fair Disclosures, Legal Compliance, Internal Reporting of Code Violations, Accountability PTS: 1 2. List the four broad objectives of the internal control system. ANS: safeguard assets, ensure the accuracy and reliability of accounting records, promote organizational efficiency, comply with management’s policies and procedures PTS: 1 3. Explain the purpose of the PCAOB. ANS: The PCAOB is empowered to set auditing, quality control, and ethics standards; to inspect registered accounting firms; to conduct investigations; and to take disciplinary actions. PTS: 1 4. What are the five internal control components described in the COSO framework? ANS: the control environment, risk assessment, information and communication, monitoring, and control activities PTS: 1 5. What are management responsibilities under Sections 302 and 404 of SOX? ANS: Section 302 requires that corporate management (including the CEO) certify their organization’s internal controls on a quarterly and annual basis. Section 404 requires the management of public companies to assess and formally report on the effectiveness of their organization’s internal controls. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
6. Identify to indicate whether each procedure is a preventive or detective control. a.
authorizing a credit sale
Preventive
Detective
b. c.
preparing a bank reconciliation locking the warehouse
Preventive Preventive
Detective Detective
d. e.
preparing a trial balance counting inventory
Preventive Preventive
Detective Detective
ANS: A. preventive; B. detective; C. preventive; D. detective; E. detective PTS: 1
Use the internal control procedures listed below to complete the statements. segregation of duties general authorization access controls supervision
specific authorization accounting records independent verification
7. A clerk reorders 250 items when the inventory falls below 25 items. This is an example of . ANS: general authorization PTS: 1 8. The internal audit department recalculates payroll for several employees each pay period. This is an example of . ANS: independent verification PTS: 1 9. Locking petty cash in a safe is an example of ANS: access controls PTS: 1
.
Accounting Information Systems, 9e—Test Bank, Chapter 3
10. Approving a price reduction because goods are damaged is an example of . ANS: specific authorization PTS: 1 11. Using cameras to monitor the activities of cashiers is an example of
.
ANS: supervision PTS: 1 12. Not permitting the computer programmer to enter the computer room is an example of . ANS: segregation of duties PTS: 1 13. Sequentially numbering all sales invoices is an example of
.
ANS: accounting records PTS: 1 14. What are the five conditions necessary for an act to be considered fraudulent? ANS: false representation, material fact, intent, justifiable reliance, and injury or loss PTS: 1 15. What is the objective of SAS 99? ANS: The objective of SAS 99 is to seamlessly blend the auditor’s consideration of fraud into all phases of the audit process. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
16. Distinguish between exposure and risk. ANS: Exposure is the absence or weakness of a control which increases the firm’s risk of financial loss or injury. Risk is the probability of incurring such a loss or injury. PTS: 1 17. Explain the characteristics of management fraud. ANS: Management fraud typically occurs at levels above where the internal control system is effective. Financial statements are frequently modified to make the firm appear more healthy than it actually is. If any misappropriation of assets occurs, it is usually well hidden. PTS: 1 18. The text discusses a red-flag checklist of questions regarding personal traits of executives which might help uncover fraudulent activity. List three of these questions. ANS: Executives: with high personal debt, living beyond their means, engaged in habitual gambling, appearing to abuse alcohol or drugs, appearing to lack personal codes of ethics, appearing to be unstable, having close associations with suppliers PTS: 1 19. Give two examples of employee fraud and explain how the theft might occur. ANS: Answers will vary but should involve (1) stealing something of value, (2) converting the asset to cash and ((3) concealing the act. Examples could include” Charges to expense accounts: Cash could be stolen and charged to a miscellaneous expense account. Once the account is closed, detection would be more difficult. Lapping: This involves converting cash receipts to personal use. If a customer’s check is taken, his/her balance will not reflect a payment and will be detected when a statement is sent. In order to conceal this fraud, a later payment is used to cover the stolen check. This is in effect a small scale Ponzi scheme. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
20. What are the six categories of physical control activities discussed in the text? ANS: Transaction authorization, segregation of duties, supervision, access controls, accounting records, independent verification PTS: 1 21. Explain the shell company fraud. ANS: A shell company fraud first requires that the perpetrator establish a false supplier on the books of the victim company. The fraudster then manufactures false purchase orders, receiving reports, and invoices in the name of the vendor and submits them to the accounting system, which creates the allusion of a legitimate transaction. Based on these documents, the system will set up an account payable and ultimately issue a check to the false supplier (the fraudster). PTS: 1 22. Explain the pass through fraud. ANS: The perpetrator creates a false vendor and issues purchases orders to it for inventory or supplies. The false vendor then purchases the needed inventory from a legitimate vendor. The false vendor charges the victim company a much higher than market price for the items, but pays only the market price to the legitimate vendor. The difference is the profit that the perpetrator pockets. PTS: 1 23
Explain the pay-and-return scheme. ANS: A pay-and-return scheme involves a clerk with check-writing authority who pays a vendor twice for the same products (inventory or supplies) received. The vendor, recognizing that its customer made a double payment, issues a reimbursement to the victim company. The clerk intercepts and cashes the reimbursement check. PTS: 1
24. What is check tampering? ANS: Check tampering involves forging or changing in some material way a check that the organization has written to a legitimate payee. One example of this is an employee who steals an outgoing check to a vendor, forges the payee’s signature, and cashes the check. A variation on this is an employee who steals blank checks from the victim company makes them out to himself or an accomplice. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
25. What are the three broad categories of application controls? ANS: input, processing, and output controls PTS: 1 26. How does privacy relate to output control? ANS: If the privacy of certain types of output, e.g., sensitive information about clients or customers, is violated a firm could be legally exposed. PTS: 1 27. What are the three categories of processing control? ANS: Batch controls, run-to-run controls, and audit trail controls. PTS: 1 28. What control issue is related to reentering corrected error records into a batch processing system? What are the two methods for doing this? ANS: Errors detected during processing require careful handling, since these records may already be partially processed. Simply resubmitting the corrected records at the data input stage may result in processing portions of these transactions twice. Two methods are: (1) reverse the effects of the partially processed transactions and resubmit the corrected records to the data input stage. The second method is to reinsert corrected records into the processing stage at which the error was detected. PTS: 1 29. Output controls ensure that output is not lost, misdirected, or corrupted and that privacy is not violated. What are some output exposures or situations where output is at risk? ANS: output spooling, print programs, waste, report distribution PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
30. Name four input controls and describe what they test. ANS: 1. numeric-alphabetic checks look for the correct type of character content in a field, numbers or letters; 2. limit checks verify that values are within preset limits; 3. range checks verify the values fall with in an acceptable range 4. reasonableness check determines if a value in one field, which has already passed a limit check and a range check, is reasonable when considered along with data in other fields of the record. PTS: 1 31. Explain input controls. ANS: Input controls are programmed procedures (routines) that perform tests on transaction data to ensure they are free from errors. PTS: 1 32. Name three types of transcription errors. ANS: 1. Addition errors occur when an extra digit or character is added to the code. For example, inventory item number 83276 is recorded as 832766. 2. Truncation errors occur when a digit or character is removed from the end of a code. In this type of error, the inventory item above would be recorded as 8327. 3. Substitution errors are the replacement of one digit in a code with another. For example, code number 83276 is recorded as 83266. PTS: 1 33. Describe two types of transposition errors. ANS: 1. Single transposition errors occur when two adjacent digits are reversed. For instance, 83276 is recorded as 38276. 2. Multiple transposition errors occur when nonadjacent digits are transposed. For example, 83276 is recorded as 87236. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
34. Describe factors that influence the number of backup files needed for each application. ANS: The systems designer determines the number of backup master files needed for each application. Two factors influence this decision: (1) the financial significance of the system and (2) the degree of file activity. For example, a master file that is updated several times a day may require 30 or 40 generations of backup, whereas a file that is updated only once each month may need only four or five backup versions. This decision is important because certain types of system failures can result in the destruction of large numbers of backup versions within the same family of files. PTS: 1
ESSAY 1. The text describes six internal control activities. List four of them and provide a specific example of each one. ANS: Control Activity Authorization Segregation of functions Supervision
Example general (purchase of inventory when level drops) or specific (credit approval beyond normal limit) separate authorization from processing separate custody of assets from record keeping
Accounting records Access controls
required when separation of duties is not possible, such as opening the mail (cash receipts) maintain an adequate audit trail maintain physical security
Independent verification
bank reconciliation, physical inventory count
PTS: 1 2. Contrast management fraud with employee fraud. ANS: Employee fraud is usually designed to directly convert cash or other assets to the employee’s personal benefit. Management fraud involves less of a direct benefit to the perpetrator. Management fraud may involve an attempt to misstate financial performance in order to gain additional compensation or to earn a promotion. Management fraud may also involve an attempt to misstate financial performance in order to increase the price of the company’s stock or to reduce the cost of debt. Management fraud is more insidious than employee fraud because it often escapes detection until the organization has suffered irreparable damage or loss. Management fraud usually does not involve the direct theft of assets. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
3. Four underlying problems that called pre-SOX federal security law adequacy into question were addressed in the text. Discuss two of these problems. ANS: Lack of auditor independence. Auditing firms that provide other services to audit clients lack independence. They are, in effect, auditing their own work. Lack of director independence. Many boards of directors have members that serve of boards of other directors’ companies, or have a business trading, financial or operational relationship with the company. The majority of directors should be independent outsiders. Questionable executive compensation schemes. There is a strong belief that executives have abused stock-based compensation. The consensus is that fewer stock options should be offered than is typical under current practice. In extreme cases, financial statement misrepresentation has been used to achieve stock prices needed to exercise options. Inappropriate accounting practices. The use of inappropriate accounting techniques is a common characteristic in many financial statement fraud schemes. PTS: 1 4. Why are the computer ethics issues of privacy, security, and property ownership of interest to accountants? ANS: Privacy is a concern because the nature of computer data files makes it possible for unauthorized individuals to obtain information without it being recognized as “missing” from its original location. Security is a concern because its absence makes control from a privacy viewpoint questionable. In addition lack of security may permit unauthorized changes to data, therefore distorting information that is reported. Property ownership raises issues of legitimacy of organizational software, valuation of assets, and questions of lost revenues. PTS: 1 5. According to common law, there are five conditions that must be present for an act to be deemed fraudulent. Name and explain each. ANS: false representation, meaning some misrepresentation or omission must have occurred, material facts, meaning that the facts must influence someone’s actions, intent, meaning there must have been the intention to deceive others, justifiable reliance, meaning it did affect someone’s decision, and injury or loss must have occurred. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
6. Management fraud is regarded as more serious than employee fraud. Three special characteristics have been discussed for management fraud. What are they? Explain. ANS: Management fraud is more insidious than employee fraud because it often escapes detection until the organization has suffered irreparable damage or loss. It usually occurs at levels above the normal internal control system. There is typically an intent to present a better picture of the business than is valid, often to deceive creditors and/or shareholders. If assets are misappropriated, the route is quite devious involving a maze of business transactions. PTS: 1 7. Four principal types of corruption are discussed. Name all four and explain at least two. ANS: Corruption involves an executive, manager, or employee of a business working in collusion with an outsider. The four principal types of corruption are: Bribery involves giving, offering, soliciting, or receiving things of value to influence an official in the performance of his or her lawful duties. An illegal gratuity involves giving. receiving, offering, or soliciting something of value because of an official act that has been taken. A conflict of interest occurs when an employee acts on behalf of a third party during the discharge of his or her duties or has self-interest in the activity being performed. Economic extortion is the use (or threat) of force (including economic sanctions) by an individual or organization to obtain something of value. PTS: 1 8. Misappropriation of assets can involve various schemes: expense reimbursement fraud, lapping, and payroll fraud. Explain each and give an example. ANS: Expense reimbursement fraud involve fictitious or inflated claims for reimbursement of business expenses such as travel that never occurred. Lapping is a technique whereby an early theft is covered up by a later one, i.e., with the moves “lapping” over each other. The simplest example involves taking a customer’s payment. A later payment is then credited to the first customer’s account, not the second. And on it goes. Payroll fraud is the distribution of fraudulent paychecks to existent and/or nonexistent employees. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
9. Distinguish between skimming and cash larceny. Give an example of each ANS: Skimming involves stealing cash from an organization before it is recorded on the organization’s books and records. One example of skimming is an employee who accepts payment from a customer but does not record the sale. Another example is mail room fraud in which an employee opening the mail steals a customer’s check and destroys the associated remittance advice. Cash larceny involves schemes in which cash receipts are stolen from an organization after they have been recorded in the organization’s books and records. An example of this is lapping, in which the cash receipts clerk first steals and cashes a check from Customer A. To conceal the accounting imbalance caused by the loss of the asset, Customer A’s account is not credited. Later (the next billing period), the employee uses a check received from Customer B and applies it to Customer A’s account. Funds received in the next period from Customer C are then applied to the account of Customer B, and so on.
PTS: 1 10. Explain why collusion between employees and management in the commission of a fraud is difficult to both prevent and detect. ANS: Collusion among employees in the commission of a fraud is difficult to both prevent and detect. This is particularly true when the collusion is between managers and their subordinate employees. Management plays a key role in the internal control structure of an organization. They are relied upon to prevent and detect fraud among their subordinates. When they participate in fraud with the employees over whom they are supposed to provide oversight, the organization’s control structure is weakened, or completely circumvented, and the company becomes more vulnerable to losses. PTS: 1 11. Since all fraud involves some form of financial misstatement, how is Fraudulent Statement fraud different? ANS: Fraudulent statements are associated with management fraud. While all fraud involves some form of financial misstatement, to meet the definition under this class of fraud scheme, the statement itself must bring direct or indirect financial benefit to the perpetrator. In other words, the statement is not simply a vehicle for obscuring or covering a fraudulent act. For example, misstating the cash account balance to cover the theft of cash does not fall under this class of fraud scheme. On the other hand, understating liabilities to present a more favorable financial picture of the organization to drive up stock prices does qualify. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
12. SAS 109 requires auditors obtain an understanding of an organization’s control environment. Discuss two techniques that may be used to obtain such understanding. ANS: Auditors should assess the integrity of management and may use investigative agencies to report on the background of key managers. Auditors should be aware of conditions that would predispose management fraud such as lack of sufficient working capital, adverse industry conditions, bad credit ratings, or restrictive bank or indenture agreements. Auditors should understand a client’s business and industry and be aware of conditions peculiar to the industry that may affect the audit. PTS: 1 13. A company’s board of directors should, at a minimum, adopt the provisions of SOX. Discuss three of the six established best practices that a board should also follow. ANS: The roles of CEO and board chairman should be separate to facilitate discussions without management being present. The board should establish a code of ethical standards from which management and staff will take direction. At a minimum it should address outside employment conflicts, gifts that could be considered bribery, falsification of data, conflicts of interest, political contributions, confidentiality, honesty and membership on external boards. Establishment of an independent audit committee that selects the independent auditor. Compensation committees that evaluate management compensation schemes to ensure they create the desired incentives. Nominating committees with a plan to maintain a fully staffed, capable board of directors. The committee must recognize the need for independent directors and have criteria for determining independence. All committees of the board should have access to attorneys and consultants other than the corporation’s normal counsel and consultants. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
14. SAS 109 requires auditors to obtain sufficient knowledge of the organization’s risk assessment procedures to understand how management identifies, prioritizes and manages financial reporting risk. List five circumstances that can cause risks to arise or change. ANS: Changes in the operating environment that impose new or changed competitive pressures on the firm. New personnel who have a different or inadequate understanding of internal control. New or reengineered information systems that affect transaction processing. Significant and rapid growth that strains existing internal controls. The implementation of new technology into the production process or information system that impacts transaction processing. The introduction of new product lines or activities with which the organization has little experience. Organizational restructuring resulting in the reduction and/or reallocation of personnel such that business operations and transaction processing are affected. Entering into foreign markets that may impact operations (risk associated with foreign currency transactions). Adoption of a new accounting principle that impacts financial statement preparation. PTS: 1 15. Explain the problems associated with inappropriate accounting practices. ANS: The use of inappropriate accounting techniques is a characteristic common to many financial statement fraud schemes. Enron made elaborate use of Special Purpose Entities (SPE) to hide liabilities through off balance sheet accounting. WorldCom management transferred transmission line costs from current expense accounts to capital accounts. This allowed them to defer some operating expenses and report higher earnings. Also, they reduced the book value of hard assets of MCI by $3.4 billion and increased goodwill by the same amount. Had the assets been left at book value, they would have been charged against earnings over four years. Goodwill, on the other hand, was amortized over much longer period. PTS: 1
16. Explain the purpose of the PCAOB. ANS: The Sarbanes-Oxley Act creates a Public Company Accounting Oversight Board (PCAOB). The PCAOB is empowered to set auditing, quality control, and ethics standards, to inspect registered accounting firms, to conduct investigations, and to take disciplinary actions. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
17. Auditor independence under SOX includes categories of services that a public accounting firm cannot perform for a client. List five prohibited functions. ANS: Bookkeeping or other services related to the accounting records or financial statements. Financial information systems design and implementation Appraisal or valuation services, fairness opinions, or contribution-in-kind reports Actuarial services Internal audit outsourcing services Management functions or human resources Broker or dealer, investment adviser, or investment banking services Legal services and expert services unrelated to the audit Any other service that the PCAOB determines is impermissible PTS: 1 18. What are the key points of the “Issuer and Management Disclosure” of the Sarbanes-Oxley Act? ANS: 1. Public companies must report all off balance-sheet transactions. 2. Annual reports filed with the SEC must include a statement by management asserting that it is responsible for creating and maintaining adequate internal controls and asserting to the effectiveness of those controls. 3. Officers must certify that the company’s accounts ‘fairly present’ the firm’s financial condition and results of operations. 4. Knowingly filing a false certification is a criminal offence. PTS: 1 19. Define and describe the importance of physical controls. ANS: Virtually all systems, regardless of their sophistication, employ human activities that need to be controlled. This class of controls relates primarily to the human activities employed in accounting systems. These activities may be purely manual, such as the physical custody of assets, or they may involve the use of computers to record transactions or update accounts. Physical controls do not relate to the computer logic that actually performs these accounting tasks. Rather, they relate to the human activities that initiate such computer logic. In other words, physical controls do not suggest an environment in which clerks update paper accounts with pen and ink. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
20. How has the Sarbanes-Oxley Act had a significant impact on corporate governance? ANS: The Sarbanes-Oxley Act requires all audit committee members to be independent and requires the audit committee to hire and oversee the external auditors. This provision is consistent with many investors who consider the board composition to be a critical investment factor. For example, a Thomson Financial survey revealed that most institutional investors want corporate boards to be comprised of at least 75 percent independent directors. Two other significant provisions of the act relating to corporate governance are (1) public companies are prohibited from making loans to executive officers and directors, and (2) the act requires attorneys to report evidence of a material PTS: 1 21. Define and describe a conflict of interest. ANS: A conflict of interest occurs when an employee acts on behalf of a third party during the discharge of his or her duties or has self-interest in the activity being performed. When such a conflict is unknown to the employer and results in financial loss, fraud has occurred. Bribery and illegal gratuities are examples of conflicts of interest. Conflicts can also occur when an employee has an interest in the outcome of an economic event. An example would include an employee who directs a disproportionate number of overpriced purchase orders to a company in which the employee is a part-owner. PTS: 1 22. What are the key points of the section 404 of the Sarbanes-Oxley Act? ANS: Section 404 requires the management of public companies to assess the effectiveness of their organization’s internal controls. This entails providing an annual report addressing the following points: (1) a statement of management’s responsibility for establishing and maintaining adequate internal control; (2) an assessment of the effectiveness of the company’s internal controls over financial reporting; (3) a statement that the organization’s external auditors have issued an attestation report on management’s assessment of the company’s internal controls; (4) an explicit written conclusion as to the effectiveness of internal control over financial reporting, and (5) a statement identifying the framework used in the assessment of internal controls. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
23. Describe the factors that constitute the fraud triangle. Why is it important to auditors? ANS: The fraud triangle consists of three factors that contribute to or are associated with management and employee fraud. These are: (1) situational pressure, which includes personal or job related stresses that could coerce an individual to act dishonestly; (2) opportunity, which involves direct access to assets and/or access to information that controls assets, and; (3) ethics, which pertains to one’s character and degree of moral opposition to acts of dishonesty. An individual with a high level of personal ethics, who is confronted by low pressure and limited opportunity to commit fraud, is more likely to behave honestly than one with weaker personal ethics, who is under high pressure and exposed to greater fraud opportunities. Research by forensic experts and academics has shown that the auditor’s evaluation of fraud is enhanced when the fraud triangle factors are considered.
24. Define each of the following input controls and give an example of how they may be used: a. Missing data check b. Numeric/alphabetic data check c. Limit check d. Range check e. Reasonableness check f. Validity check ANS: Missing data check is useful because some programming languages are restrictive as to the justification (right or left) of data within the field. If data are not properly justified or if a character is missing (has been replaced with a blank), the value in the field will be improperly processed. For example, the presence of blanks in a numeric data field may cause a system failure. When the control routine detects a blank where it expects to see a data value, the error is flagged. A numeric-alphabetic check control identifies when data in a particular field are in the wrong form. For example, a customer’s account balance should not contain alphabetic data and the presence of it will cause a data processing error. Therefore, if alphabetic data are detected, the error record flag is set. Limit checks are used to identify field values that exceed an authorized limit. For example, assume the firm’s policy is that no employee works more than 44 hours per week. The payroll system input control program can test the hours-worked field in the weekly payroll records for values greater than 44. Range checks exit when data have upper and lower limits to their acceptable values. For example, if the range of pay rates for hourly employees in a firm is between 8 and 20 dollars, this control can examine the pay rate field of all payroll records to ensure that they fall within this range.
Accounting Information Systems, 9e—Test Bank, Chapter 3
A reasonableness check determines if a value in one field, which has already passed a limit check and a range check, is reasonable when considered along with data in other fields of the record. For example, assume that an employee’s pay rate of 18 dollars per hour falls within an acceptable range. This rate is excessive, however, when compared to the employee’s job skill code of 693; employees in this skill class should not earn more than 12 dollars per hour. A validity check compares actual field values against known acceptable values. For example, this control may be used to verify such things as valid vendor codes, state abbreviations, or employee job skill codes. If the value in the field does not match one of the acceptable values, the record is flagged as an error. PTS: 1 25. After data is entered into the system, it is processed. Processing control exists to make sure that the correct things happen during processing. Discuss processing controls. ANS: Processing controls take three forms–batch controls, run-to-run controls, and audit trail controls. Batch controls are used to manage the flow of high volumes of transactions through batch processing systems. The objective of batch control is to reconcile output produced by the system with the input originally entered into the system. This provides assurance that: _ All records in the batch are processed. _ No records are processed more than once. _ An audit trail of transactions is created from input through processing to the output stage of the system. Run-to-run controls use batch figures and new balances to monitor the batch as it goes through the system–i.e. from run-to-run. These are to assure that no transactions are lost and that all are processed completely. Audit trail controls are designed to document the movement of transactions through the system. The most common techniques include the use of transaction logs and transaction listings, unique transaction identifiers, logs and listings of automatic transactions, and error listings. PTS: 1 26. If input and processing controls are adequate, why are output controls needed? ANS: Output controls are designed to ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Great risk exists if checks are misdirected, lost, or stolen. Certain types of data must be kept private–trade secrets, patents pending, customer records, etc. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 3
27. Explain the grandfather-father-son backup technique. ANS: GFS backup technique begins when the current master file (the father) is processed against the transaction file to produce a new updated master file (the son). Note that the son is a physically different file from the father. With the next batch of transactions, the son becomes the current master file (the new father), and the original father becomes the backup file (grandfather). This procedure is continued with each new batch of transactions, creating several generations of backup files. When the desired number of backup copies is reached, the oldest backup file is erased (scratched). If the current master file is destroyed or corrupted, it is reconstructed by processing the most current backup file against the corresponding transaction file. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
Chapter 4—The Revenue Cycle TRUE/FALSE 1. The packing slip is also known as the shipping notice. ANS: F
PTS: 1
2. The bill of lading is a legal contract between the buyer and the seller. ANS: F
PTS: 1
3. Another name for the stock release form is the picking ticket. ANS: T
PTS: 1
4. Warehouse stock records are the formal accounting records for inventory. ANS: F
PTS: 1
5. The purpose of the invoice is to bill the customer. ANS: T
PTS: 1
6. In most large organizations, the journal voucher file has replaced the formal general journal. ANS: T
PTS: 1
7. The cash receipts journal is a special journal. ANS: T
PTS: 1
8. In the revenue cycle, the internal control “limit access” applies to physical assets only. ANS: F
PTS: 1
9. In real-time processing systems, routine credit authorizations are automated. ANS: T
PTS: 1
10. In a computerized accounting system, segregation of functions refers to inventory control, accounts receivable, billing, and general ledger tasks. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
11. A written customer purchase order is required to trigger the sales order system. ANS: F
PTS: 1
12. Inventory control has physical custody of inventory. ANS: F
PTS: 1
13. The principal source document in the sales order system is the sales order. ANS: T
PTS: 1
14. Sales orders should be prenumbered documents. ANS: T
PTS: 1
15. Integrated accounting systems automatically transfer data between modules. ANS: T
PTS: 1
16. If a customer submits a written purchase order, there is no need to prepare a sales order. ANS: F
PTS: 1
17. Sales return involves receiving, sales, credit, and billing departments, but not accounts receivable. ANS: F
PTS: 1
18. A remittance advice is a form of turn-around document. ANS: T
PTS: 1
19. A bill of lading is a request for payment for shipping charges. ANS: F
PTS: 1
20. In point of sale systems, authorization takes the form of validation of credit card charges. ANS: T
PTS: 1
21. The warehouse is responsible for updating the inventory subsidiary ledger. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
22. In a manual system, the billing department is responsible for recording the sale in the sales journal. ANS: T
PTS: 1
23. The stock release document is prepared by the shipping department to provide evidence that the goods have been released to the customer. ANS: F
PTS: 1
24. The accounts receivable clerk is responsible for updating the AR Control accounts to reflect each customer sale. ANS: F
PTS: 1
25. When customer payments are received, the mailroom clerk sends the checks to the cash receipts clerk and the remittance advices to the AR clerk. ANS: T
PTS: 1
26. Physical controls are imbedded in computer systems to control access to data. ANS: F
PTS: 1
27. Process controls are controls over the logic of the application. ANS: T
PTS: 1
28. In a basic technology revenue cycle system, a robust password control policy should be implemented. ANS: T
PTS: 1
29. In an integrated cash receipts system, the cash receipts clerk reconciles the checks and the remittance advices and prepares deposit slips. ANS: T
PTS: 1
30. Multilevel security employs programmed techniques that permit simultaneous access to a central system by many users with different access privileges but allows them to obtaining information for which they lack authorization. ANS: F
PTS: 1
31. The POS environment places both cash and inventory at risk. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
MULTIPLE CHOICE 1. The revenue cycle consists of a. one subsystem–order entry b. two subsystems–sales order processing and cash receipts c. two subsystems–order entry and inventory control d. three subsystems–sales order processing, credit authorization, and cash receipts ANS: B
PTS: 1
2. The reconciliation that occurs in the shipping department is intended to ensure that a. credit has been approved b. the customer is billed for the exact quantity shipped c. the goods shipped match the goods ordered d. inventory records are reduced for the goods shipped ANS: C
PTS: 1
3. The adjustment to accounting records to reflect the decrease in inventory due to a sale occurs in the a. warehouse b. shipping department c. billing department d. inventory control department ANS: D
PTS: 1
4. Which document triggers the revenue cycle? a. the sales order b. the customer purchase order c. the sales invoice d. the journal voucher ANS: B
PTS: 1
5. Copies of the sales order can be used for all of the following except a. purchase order b. credit authorization c. shipping notice d. packing slip ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
6. The purpose of the sales invoice is to a. record reduction of inventory b. transfer goods from seller to shipper c. bill the customer d. select items from inventory for shipment ANS: C
PTS: 1
7. The customer open order file is used to a. respond to customer queries b. fill the customer order c. ship the customer order d. authorize customer credit ANS: A
PTS: 1
8. The stock release copy of the sales order is not used to a. locate and pick the items from the warehouse shelves b. record any out-of-stock items c. authorize the warehouse clerk to release custody of the inventory to shipping d. record the reduction of inventory ANS: D
PTS: 1
9. The shipping notice a. is mailed to the customer b. is a formal contract between the seller and the shipping company c. is always prepared by the shipping clerk d. informs the billing department of the quantities shipped ANS: D
PTS: 1
10. The billing department is not responsible for a. updating the inventory subsidiary records b. recording the sale in the sales journal c. notifying accounts receivable of the sale d. sending the invoice to the customer ANS: A
PTS: 1
11. Customers should be billed for back-orders when a. the customer purchase order is received b. the backordered goods are shipped c. the original goods are shipped d. customers are not billed for backorders because a backorder is a lost sale ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
12. Usually specific authorization is required for all of the following except a. sales on account which exceed the credit limit b. sales of goods at the list price c. a cash refund for goods returned without a receipt d. write off of an uncollectible account receivable ANS: B
PTS: 1
13. Which of following functions should be segregated? a. opening the mail and making the journal entry to record cash receipts b. authorizing credit and determining reorder quantities c. maintaining the subsidiary ledgers and handling customer queries d. providing information on inventory levels and reconciling the bank statement ANS: A
PTS: 1
14. Which situation indicates a weak internal control structure? a. the mailroom clerk authorizes credit memos b. the record keeping clerk maintains both accounts receivable and accounts payable subsidiary ledgers c. the warehouse clerk obtains a signature before releasing goods for shipment d. the accounts receivable clerk prepares customer statements every month ANS: A
PTS: 1
15. The most effective internal control procedure to prevent or detect the creation of fictitious credit memoranda for sales returns is to a. supervise the accounts receivable department b. limit access to credit memoranda c. prenumber and sequence check all credit memoranda d. require management approval for all credit memoranda ANS: D
PTS: 1
16. The accounts receivable clerk destroys all invoices for sales made to members of her family and does not record the sale in the accounts receivable subsidiary ledger. Which procedure will not detect this fraud? a. prenumber and sequence check all invoices b. reconcile the accounts receivable control to the accounts receivable subsidiary ledger c. prepare monthly customer statements d. reconcile total sales on account to the debits in the accounts receivable subsidiary ledger ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
17. Which department is least likely to be involved in the revenue cycle? a. credit b. accounts payable c. billing d. shipping ANS: B
PTS: 1
18. Which document is included with a shipment sent to a customer? a. sales invoice b. stock release form c. packing slip d. shipping notice ANS: C
PTS: 1
19. Good internal controls in the revenue cycle should ensure all of the following except a. all sales are profitable b. all sales are recorded c. credit is authorized d. inventory to be shipped is not stolen ANS: A
PTS: 1
20. Which control does not help to ensure that accurate records are kept of customer accounts and inventory? a. reconcile accounts receivable control to accounts receivable subsidiary b. authorize credit c. segregate custody of inventory from record keeping d. segregate record keeping duties of general ledger from accounts receivable ANS: B
PTS: 1
21. Internal controls for handling sales returns and allowances do not include a. computing bad debt expense using the percentage of credit sales b. verifying that the goods have been returned c. authorizing the credit memo by management d. using the original sales invoice to prepare the sales returns slip ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
22. The printer ran out of preprinted sales invoice forms and several sales invoices were not printed. The best internal control to detect this error is a. a batch total of sales invoices to be prepared compared to the actual number of sales invoices prepared b. sequentially numbered sales invoices c. visual verification that all sales invoices were prepared d. none of the above will detect this error ANS: A
PTS: 1
23. Which department prepares the bill of lading? a. sales b. warehouse c. shipping d. credit ANS: C
PTS: 1
24. A remittance advice is a. used to increase (debit) an account receivable by the cash received b. is a turn-around document c. is retained by the customer to show proof of payment d. none of the above ANS: B
PTS: 1
25. A weekly reconciliation of cash receipts would include comparing a. the cash prelist with bank deposit slips b. the cash prelist with remittance advices c. bank deposit slips with remittance advices d. journal vouchers from accounts receivable and general ledger ANS: A
PTS: 1
26. At which point is supervision most critical in the cash receipts system? a. accounts receivable b. general ledger c. mail room d. cash receipts ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
27. EDI trading partner agreements specify all of the following except a. selling price b. quantities to be sold c. payment terms d. person to authorize transactions ANS: D
PTS: 1
28. A cash prelist is a. a document that records sales returns and allowances b. a document returned by customers with their payments c. the source of information used to prepare monthly statements d. none of the above ANS: D
PTS: 1
29. An advantage of real-time processing of sales is a. the cash cycle is lengthened b. current inventory information is available c. hard copy documents provide a permanent record of the transaction d. data entry errors are corrected at the end of each batch ANS: B
PTS: 1
30. Commercial accounting systems have fully integrated modules. The word “integrated” means that a. segregation of duties is not possible b. transfer of information among modules occurs automatically c. batch processing is not an option d. separate entries are made in the general ledger accounts and the subsidiary ledgers ANS: B
PTS: 1
31. The data processing method that can shorten the cash cycle is a. batch, sequential file processing b. batch, direct access file processing c. real-time file processing d. none of the above ANS: C
PTS: 1
32. Which of the following is not a risk exposure in a PC accounting system? a. reliance on paper documentation is increased b. functions that are segregated in a manual environment may be combined in a microcomputer accounting system c. backup procedures require human intervention d. data are easily accessible ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
33. Which journal is not used in the revenue cycle? a. cash receipts journal b. sales journal c. purchases journal d. general journal ANS: C
PTS: 1
34. Periodically, the general ledger department receives all of the following except a. total increases to accounts receivable b. total of all sales backorders c. total of all sales d. total decreases in inventory ANS: B
PTS: 1
35. The credit department a. prepares credit memos when goods are returned b. approves credits to accounts receivable when payments are received c. authorizes the granting of credit to customers d. none of the above ANS: C
PTS: 1
36. Adjustments to accounts receivable for payments received from customers is based upon a. the customer’s check b. the cash prelist c. the remittance advice that accompanies payment d. a memo prepared in the mailroom ANS: C
PTS: 1
37. The revenue cycle utilizes all of the following files except a. credit memo file b. sales history file c. shipping report file d. cost data reference file ANS: D
PTS: 1
38. All of the following are advantages of real-time processing of sales except a. The cash cycle is shortened b. Paper work is reduced c. Incorrect data entry is difficult to detect d. Up-to-date information can provide a competitive advantage in the marketplace ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
39. Which document is NOT prepared by the sales department? a. packing slip b. shipping notice c. bill of lading d. stock release ANS: C
PTS: 1
40. Which type of control is considered a compensating control? a. segregation of duties b. access control c. supervision d. accounting records ANS: C
PTS: 1
41. Which of the following is NOT a common method for achieving multilevel security? a. Access control list b. Application integrity c. Role based access control d. All of the above ANS: B
PTS: 1
42. In an integrated cash receipts system, which of the following is not a task of the mail room clerk? a. Prepare deposit slips b. Open envelopes c. Prepare remittance list d. Make bank deposit ANS: D
PTS: 1
SHORT ANSWER 1. Distinguish between a packing slip, shipping notice, and a bill of lading. ANS: The packing slip travels with the goods to the customer, and it describes the contents on the order. Upon filling the order, the shipping department sends the shipping notice to the billing department to notify them that the order has been filled and shipped. The shipping notice contains additional information that the packing slip may not contain, such as shipment date, carrier and freight charges. The bill of lading is a formal contract between the seller and the transportation carrier; it shows legal ownership and responsibility for assets in transit. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
2. State two specific functions or jobs that should be segregated in the sales processing system. ANS: sales order processing and credit approval; inventory control (record keeping) from warehouse (custody); and general ledger from accounts receivable subsidiary ledger PTS: 1 3. State two specific functions or jobs that should be segregated in the cash receipts system. ANS: cash receipts (custody) from accounts receivable (record keeping); and general ledger from accounts receivable subsidiary ledger; mail room (receiving cash) and accounts receivable subsidiary ledger PTS: 1 4. List two points in the sales processing system when authorization is required. ANS: credit check, sales returns policy, preparation of cash prelist PTS: 1 5. For the revenue cycle, state two specific independent verifications that should be performed. ANS: Shipping verifies that the goods sent from the warehouse are correct in type and quantity. Billing reconciles the shipping notice with the sales order to ensure that customers are billed only for the quantities shipped. General ledger reconciles journal vouchers submitted by the billing department (sales journal), inventory control (inventory subsidiary ledger), and cash receipts (cash receipts journal). Treasurer determines that all cash received got to the bank. PTS: 1 6. What task can the accounts receivable department engage in to verify that all checks sent by customers have been appropriately deposited and recorded? ANS: The company should periodically, perhaps monthly, send an account summary to each customer listing invoices and amounts paid by check number and date. This form allows the customer to verify the accuracy of the records. If any payments are not recorded, they will notify the company of the discrepancy. These reports should not be handled by the accounts receivable clerk or the cashier. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
7. What specific internal control procedure would prevent the sale of goods on account to a fictitious customer? ANS: credit check PTS: 1 8. The clerk who opens the mail routinely steals remittances and checks. Describe a specific internal control procedure that would prevent or detect this fraud. ANS: supervision (two people) when opening the mail; customer complaints when monthly statements mailed PTS: 1 9. A customer payment of $247 was correctly posted in the general ledger but was recorded as $274 in the customer’s account receivable. Describe a specific internal control procedure that would detect this error. ANS: Reconcile the accounts receivable control account to the accounts receivable subsidiary ledger; compare control totals of cash received with total credits to A/R subsidiary ledger. PTS: 1 10. Goods are shipped to a customer, but the shipping department does not notify billing and the customer never receives an invoice. Describe a specific internal control procedure that would detect this error. ANS: Billing department matches the stock release copy of the sales order (from shipping) to the invoice, ledger, and file copies of the sales order (sent directly to billing), and then mails the invoice to the customer. After a certain amount of time has passed, the billing department should investigate any unmatched invoice, ledger, and file copies of the sales order. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
11. A clerk embezzles customer payments on account and covers up the theft by making an adjustment to the accounts receivable ledger. Describe a specific internal control procedure that would prevent this fraud. ANS: Segregation of duties. Do not let one person have custody of payments and the ability to make adjustments to the records. All adjustments to accounts receivable records must be authorized. PTS: 1 12. A credit sale is made to a customer, even though the customer’s account is four months overdue. Describe a specific internal control procedure that would prevent this from happening. ANS: Perform a credit check and require management approval for all sales to accounts that are overdue. PTS: 1 13. What specific internal control procedure would prevent a customer from being billed for all 50 items ordered although only 40 items were shipped? ANS: Billing should reconcile the shipping report with the sales order. PTS: 1 14. What specific internal control procedure would prevent the shipping clerk from taking goods from the storeroom and sending them to someone who had not placed an order? ANS: Shipping clerk should not have access to the storeroom. PTS: 1 15. What specific internal control procedure would prevent an accounts receivable clerk from issuing a fictitious credit memo to a customer (who is also a relative) for goods that were “supposedly” returned from previous sales? ANS: Credit memo should be authorized after verifying the return of goods based on evidence from the person who received the goods. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
16. What specific internal control procedure would prevent an increase in sales returns since salesmen were placed on commission? ANS: Customer credit should be verified by the credit department; reduce commissions for sales returns. PTS: 1 17. What specific internal control procedure would detect the misplacement of a sales invoice after preparation and not mailed to the customer? The invoice was never found. ANS: All documents should be prenumbered. PTS: 1 18. What function does the receiving department serve in the revenue cycle? ANS: The receiving department counts and inspects items which are returned by customers. The receiving department prepares a return slip of which a copy goes to the warehouse for restocking, and a copy goes to the sales order department so that a credit memo can be issued to the customer. PTS: 1 19. What are the three rules that ensure that no single employee or department processes a transaction in its entirety? ANS: The three rules that ensure segregation of functions are: 1. Transaction authorization should be separate from transaction processing. 2. Asset custody should be separate from asset record keeping. 3. The organization structure should be such that the perpetration of a fraud requires collusion between 2 or more individuals. PTS: 1 20. What is automation and why is it used? ANS: Automation involves using technology to improve the efficiency and effectiveness of a task. Automation of the revenue cycle is typically used to reduce overhead costs, make better credit granting decisions, and better collect outstanding accounts receivable. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
21. What are the benefits and risks of making Internet sales? ANS: Internet sales opens an organization’s doors to thousands of potential business partners with whom it has no formal agreement. Connecting to the Internet exposes the organization to threats from computer hackers, viruses, and transaction fraud. PTS: 1 22. What are the key segregation of duties related to computer programs that process accounting transactions? ANS: The tasks of design, maintenance, and operation of computer programs need to be segregated. The programmers who write the original computer programs should not be responsible for making program changes. Both of these functions must also be separate from the daily task of operating the system. PTS: 1 23. How is EDI more than technology? What unique control problems may it pose? ANS: EDI represents a unique business arrangement between the buyer and seller in which they agree, in advance, to the terms of their relationship on such items as selling price, quantities, delivery times, payment terms and methods of handling disputes. The terms of agreement are binding. One problem is ensuring that only valid transactions are processed. Another risk is that a non-trading partner will masquerade as a trading partner and access the firm's processing systems. PTS: 1 24. What makes point-of-sale systems different from revenue cycles of manufacturing firms? ANS: In point-of-sale systems, the customer literally has possession of the items purchased, thus the inventory is in hand. Typically, for manufacturing firms, the order is placed and the good is shipped to the customer at some later time period. Thus, updating inventory at the time of sale is necessary in point-of-sale systems since the inventory is changing hands, while it is not necessary in manufacturing firms until the goods are actually shipped to the customer. Also, POS systems are used extensively in grocery stores, department stores, and other types of retail organizations. Generally, only cash, checks, and bank credit card sales are valid. Unlike manufacturing firms, the organization maintains no customer accounts receivable. Unlike some manufacturing firms, inventory is kept on the store’s shelves, not in a separate warehouse. The customers personally pick the items they wish to buy and carry them to the checkout location, where the transaction begins. Shipping, packing, bills of lading, etc. are not relevant to POS systems. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
25. Give three examples of Access Control in a Point-of-Sale (POS) system. ANS: Lock on the cash drawer Internal cash register tape that can be accessed only by the manager Physical security over the inventory, for example: steel cables to secure expensive leather coats to the clothing rack; locked showcases to display jewelry and costly electronic equipment; magnetic tags attached to merchandise that will sound an alarm when removed from the store. Note to Instructor: Some physical security devices could also be classified as supervision. PTS: 1 26. Describe the key tasks in the sales order process. ANS: Sales order procedures include the tasks involved in receiving and processing a customer order, filling the order and shipping products to the customer, billing the customer at the proper time, and correctly accounting for the transaction. PTS: 1 27. What is the purpose(s) of the stock release document? ANS: The stock release document (also called the picking ticket) is sent to the warehouse to identify the items of inventory that have been sold and must be located and picked from the warehouse shelves. It also provides formal authorization for warehouse personnel to release the specified items. PTS: 1 28. What is the role of the shipping notice? ANS: The shipping notice triggers the billing process. When the goods are shipped the shipping notice is forwarded to the billing function as evidence that the customer’s order was filled and shipped. This document conveys pertinent new facts such as the date of shipment, the items and quantities actually shipped, the name of the carrier, and freight charges. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
29. What is a bill of lading? ANS: The bill of lading is a formal contract between the seller and the shipping company (carrier) to transport the goods to the customer. This document establishes legal ownership and responsibility for assets in transit. PTS: 1 30. What is the purpose of the credit memo? ANS: This document is the authorization for the customer to receive credit for the merchandise returned. A credit memo may be similar in appearance to a sales order. Some systems may actually use a copy of the sales order marked credit memo. PTS: 1 31. Explain the steps needed to process a credit memo in the sales return system. ANS: The objective is to reverse the effects of the original sales transaction. The billing department records an entry into the sales returns and allowance or sales journal and inventory control debits the inventory records to reflect the return of goods. The AR clerk credits the customer account in the AR subsidiary ledger. PTS: 1 32. What is multilevel security? ANS: Multilevel security employs programmed techniques that permit simultaneous access to a central system by many users with different access privileges but prevents them from obtaining information for which they lack authorization. PTS: 1 33. What does EDI technology do? ANS: EDI technology was devised to expedite routine transactions between manufacturers and wholesalers, and between wholesalers and retailers. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
ESSAY 1. When Clipper Mail Order Co. receives telephone and fax orders, the billing department prepares an invoice. The invoice is mailed immediately. A copy of the invoice serves as a shipping notice. The shipping department removes inventory from the warehouse and prepares the shipment. When the order is complete, the goods are shipped. The clerk checks the customer’s credit before recording the sale in the general journal and the account receivable subsidiary ledger. The receptionist opens the mail and lists all payments. The receptionist also handles all customer complaints and prepares sales return forms for defective merchandise. The cashier records all cash receipts in the general journal and makes the appropriate entry in the accounts receivable subsidiary ledger. The cashier prepares the daily bank deposit. Describe at least four internal control weaknesses at Clipper Mail Order Co. ANS: no sales order is prepared; credit should be checked before shipping the items; invoices are mailed before the goods are shipped; shipping has access to the warehouse; record keeping duties are not segregated (general ledger from subsidiary ledger); only one person opens the mail; sales return forms are not authorized by management; custody and record keeping duties are not separated; the cashier has custody of cash, makes journal entries, and maintains A/R ledger; cashier has custody of cash and handles customer complaints (e.g., about unrecorded payments). PTS: 1 2. How may an employee embezzle funds by issuing an unauthorized sales credit memo if the appropriate segregation of functions and authorization controls were not in place? ANS: An employee who has access to incoming payments, either cash or check, as well as the authorization to issue credit memos may pocket the cash or check of a payment for goods received. This employee could then issue a credit memo to this person’s account so that the customer does not show a balance due. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
3. For each of the following documents, describe its purpose, the functional area preparing it, and the key data included: sales order, bill of lading, credit memo. ANS: A sales order is used to collect information needed to initiate the sales process. It can be a copy of the customer’s purchase order prepared by the customer or a document prepared by a member of the sales staff in response to mail, phone or personal contact with the customer. It contains information about the customer, the type and quantity of merchandise being requested, price information, shipping information, etc. The bill of lading is prepared by the shipping clerk. It is a formal contract between the seller and the carrier who will transport the goods to the customer. It contains information about the carrier, the customer, descriptions of the package(s) being shipped, declared value of the goods, and information on freight charges, including how much and who will pay. A credit memo is a document authorizing issuance of credit to a customer for returned goods. It is prepared in the sales department after receipt of a return slip from receiving. It shows the customer’s name, reason for the return, a list of items and prices, and the total amount of credit. Many credit memos require additional authorization. PTS: 1 4. Discuss two IT controls or edits that can be programmed into a system to minimize the risk from data input errors. ANS: 1. Checks for missing data, numeric-alphabetic data, and valid data values, reduce the risk of undetected data entry errors in accounts receivable, inventory control, billing, and cash receipts. 2. Check digit edits provide control over accessing the wrong accounts when posting customer sales and cash receipts transactions. Long customer account numbers are susceptible to transcription and transposition errors during data entry. Check digit controls reduce the risk of such errors. PTS: 1 5. What role does each of the following departments play in the sales order processing subsystem: sales, credit, and shipping? Be complete. ANS: The sales department receives the order information from the customer, either by mail, phone, or in person. Information is captured on a sales order form which includes customer name, account number, name, number and description of items ordered, quantities and unit prices plus taxes, shipping info, discounts, freight terms. This form is usually prepared in multiple copies that are used for credit approval, packing, stock release, shipping, and billing. The credit department provides transaction authorization by approving the customer for a credit sale and returns and allowances.
Accounting Information Systems, 9e—Test Bank, Chapter 4
The shipping department receives information from the sales department in the form of packing slip and shipping notice. When the goods arrive from the warehouse, the documents are reconciled with the stock release papers. The goods are packed and labeled. The packing slip is included. The shipping notice is sent to billing. A bill of lading is prepared to accompany the shipment. PTS: 1 6. With regard to segregation of duties, rule one is that transaction authorization and transaction processing should be separated. What does this require in the revenue cycle? ANS: Within the revenue cycle, the credit department is separate from the rest of the process. Hence, the authorization of the transaction (granting of credit) is independent. If other people, e.g., sales staff, were able to authorize credit sales, there would be the temptation to approve sales to any customer, even those known to not be credit worthy. PTS: 1 7. With regard to segregation of duties, rule two is that asset custody and record keeping should be separated. What does this require in the revenue cycle? ANS: In the revenue cycle, the warehouse has custody of physical assets while accounting (especially general ledger and inventory control) maintains the records. Also, in the cash receipts subsystem, cash receipts has custody of the asset (cash) while general ledger and accounts receivable keep the records. PTS: 1 8. What role does each of the following departments play in the cash receipts subsystem: mail room, cash receipts, accounts receivable, and general ledger? Be complete. ANS: The mail room receives the customer’s payment–usually a check accompanied by a document called a remittance advice (which may be a copy of the invoice sent to the customer). Mail clerks separate the two, prepare a cash prelist or remittance list which lists all the payments received and sends the checks to the cashier and remittance advices to accounts receivable. In cash receipts someone (e.g., cashier) restrictively endorses the checks and records the payments in the cash receipts journal. A deposit slip is prepared which accompanies the checks to the bank. The accounts receivable department posts from the remittance advices to the customer accounts in the AR subsidiary ledger. The general ledger department records cash receipts to the cash and AR control accounts based on the list from the mailroom and the summary report of posting from A/R.
Accounting Information Systems, 9e—Test Bank, Chapter 4
PTS: 1 9. For each of the following documents, describe its purpose, the functional area preparing it, and the key data included: remittance advice, remittance list, deposit slip. ANS: A remittance advice is sent by the customer to accompany payment. However, it is often part of or a copy of the invoice previously sent by the billing department after the goods were shipped. A remittance list is often called a cash prelist and is prepared by the mail room clerk to record all cash received. It accompanies the checks to the cashier. A deposit slip is prepared by the cashier to accompany the checks to the bank. This is usually a preprinted bank form. PTS: 1 10. How is independent verification carried out in a manual revenue system? ANS: Independent verification occurs in several departments as part of the sales order processing system. The shipping department verifies that the goods released by the warehouse for shipment, as shown on the stock release document, match the packing slip. Billing compares the shipping notice with the invoice to be sure customers are billed only for goods shipped. And general ledger reconciles the journal vouchers prepared by billing, inventory control, cash receipts, and accounts receivable. This reconciliation focuses on a match between what was ordered, what was removed from the stockroom, what was shipped, what was billed, cash received, and credit to the customer account. PTS: 1 11. Describe two common methods for achieving multilevel security. ANS: Two common methods for achieving multilevel security are the access control list (ACL) and role based access control (RBAC). The ACL method assigns privileges, such as the right to perform computer program procedures and access data files, directly to the individual. In large organizations with thousands of employees, this can become a considerable administrative burden as access needs constantly change with changes in job responsibilities. RBAC involves creating standard tasks (e.g., cash receipts processing) called roles. Each role is assigned access privileges to specific data and procedures, such as the right to add a record to the cash receipts journal. Once a role is created, individuals are assigned to it. Using this technique, individuals may be easily added or deleted from roles as their job responsibilities change. Individuals assigned to a particular role may not access program procedures and data that are not specified by that role. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 4
12. What unique control problems does EDI pose? ANS: EDI poses unique control problems for organizations. One problem is ensuring that, in the absence of explicit authorization, only valid transactions are processed. Another risk is that a trading partner, or someone masquerading as a trading partner, will access the firm’s accounting records in a way that is unauthorized by the trading partner agreement. PTS: 1 13. Describe a credit check in an advanced technology system. ANS: In an advanced technology system, the system logic, not a human being, makes the decision to grant or deny credit based on the customer’s credit history contained in the credit history file. If credit is denied, the sales clerk should not be able to force the transaction to continue. However, to allow for operational flexibility in unusual circumstances, the system provides a management override option that may only be performed by a supervisor. Any such overrides should be fully documented in the credit history record and in management reports. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5
Chapter 5—The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures TRUE/FALSE 1. In merchandising firms, purchasing decisions are authorized by inventory control. ANS: T
PTS: 1
2. The blind copy of the purchase order that goes to the receiving department contains no item descriptions. ANS: F
PTS: 1
3. Firms that wish to improve control over cash disbursements use a voucher system. ANS: T
PTS: 1
4. In a voucher system, the sum of all unpaid vouchers in the voucher register equals the firm’s total voucher payable balance. ANS: T
PTS: 1
5. The accounts payable department reconciles the accounts payable subsidiary ledger to the control account. ANS: F
PTS: 1
6. The use of inventory reorder points suggests the need to obtain proper authorization. ANS: F
PTS: 1
7. Proper segregation of duties requires that the responsibility approving a payment be separated from posting to the cash disbursements journal. ANS: T
PTS: 1
8. A major risk exposure in the expenditure cycle is that accounts payable may be overstated at the end of the accounting year. ANS: F
PTS: 1
9. When a trading partner agreement is in place, the traditional three way match may be eliminated. ANS: T
PTS: 1
10. Authorization of purchases in a merchandising firm occurs in the inventory control department. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 11. A three way match involves a purchase order, a purchase requisition, and an invoice. ANS: F
PTS: 1
12. Authorization for a cash disbursement occurs in the cash disbursement department upon receipt of the supplier’s invoice. ANS: F
PTS: 1
13. An automated cash disbursements system can yield better cash management since payments are made on time. ANS: T
PTS: 1
14. Permitting warehouse staff to maintain the only inventory records violates separation of duties. ANS: T
PTS: 1
15. A purchasing system that employs electronic data interchange does not use a purchase order. ANS: F
PTS: 1
16. Inventory control should be located in the warehouse. ANS: F
PTS: 1
17. Inspection of shipments in the receiving department would be improved if the documentation showed the value of the inventory. ANS: F
PTS: 1
18. One reason for authorizing purchases is to enable efficient inventory management. ANS: T
PTS: 1
19. If accounts payable receives an invoice directly from the supplier it needs to be reconciled with the purchase order and receiving report. ANS: T
PTS: 1
20. Supervision in receiving is intended to reduce the theft of assets. ANS: T
PTS: 1
21. The general ledger function receives the AP account summary from cash disbursements. ANS: F
PTS: 1
22. The warehouse is responsible for updating the inventory subsidiary ledger. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5
23. The receiving report is prepared by the vendor to provide evidence that the purchase order was received. ANS: F
PTS: 1
24. The accounts payable clerk is responsible for updating the AP Control accounts to reflect each vendor liability. ANS: F
PTS: 1
25. When goods are received, the receiving clerk sends copies of the receiving report to the inventory control clerk and the AP clerk. ANS: T
PTS: 1
26. The check digit control will provide control over accessing the wrong accounts. ANS: T
PTS: 1
27. The level of departmental activity is higher with an integrated purchases processing system than it is with a basic technology system. ANS: F
PTS: 1
MULTIPLE CHOICE 1. The purpose of the purchase requisition is to a. order goods from vendors b. record receipt of goods from vendors c. authorize the purchasing department to order goods d. bill for goods delivered ANS: C
PTS: 1
2. The purpose of the receiving report is to a. order goods from vendors b. record receipt of goods from vendors c. authorize the purchasing department to order goods d. bill for goods delivered ANS: B
PTS: 1
3. All of the following departments have a copy of the purchase order except a. the purchasing department b. the receiving department c. accounts payable d. general ledger ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 4. The purpose of the purchase order is to a. order goods from vendors b. record receipt of goods from vendors c. authorize the purchasing department to order goods d. approve payment for goods received ANS: A
PTS: 1
5. The open purchase order file in the purchasing department is used to determine a. the quality of items a vendor ships b. the best vendor for a specific item c. the orders that have not been received d. the quantity of items received ANS: C
PTS: 1
6. The purchase order a. is the source document to make an entry into the accounting records b. indicates item description, quantity, and price c. is prepared by the inventory control department d. is approved by the end-user department ANS: B
PTS: 1
7. The reason that a blind copy of the purchase order is sent to receiving is to a. inform receiving when a shipment is due b. force a count of the items delivered c. inform receiving of the type, quantity, and price of items to be delivered d. require that the goods delivered are inspected ANS: B
PTS: 1
8. The receiving report is used to a. accompany physical inventories to the storeroom or warehouse b. advise the purchasing department of the dollar value of the goods delivered c. advise general ledger of the accounting entry to be made d. advise the vendor that the goods arrived safely ANS: A
PTS: 1
9. When a copy of the receiving report arrives in the purchasing department, it is used to a. adjust perpetual inventory records b. record the physical transfer of inventory from receiving to the warehouse c. analyze the receiving department’s process d. recognize the purchase order as closed ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 10. The financial value of a purchase is determined by reviewing the a. packing slip b. purchase requisition c. receiving report d. supplier’s invoice ANS: D
PTS: 1
11. Which document is least important in determining the financial value of a purchase? a. purchase requisition b. purchase order c. receiving report d. supplier’s invoice ANS: A
PTS: 1
12. In a merchandising firm, authorization for the payment of inventory is the responsibility of a. inventory control b. purchasing c. accounts payable d. cash disbursements ANS: C
PTS: 1
13. In a merchandising firm, authorization for the purchase of inventory is the responsibility of a. inventory control b. purchasing c. accounts payable d. cash disbursements ANS: A
PTS: 1
14. When purchasing inventory, which document usually triggers the recording of a liability? a. purchase requisition b. purchase order c. receiving report d. supplier’s invoice ANS: D
PTS: 1
15. Because of time delays between receiving inventory and making the journal entry a. liabilities are usually understated b. liabilities are usually overstated c. liabilities are usually correctly stated d. none of the above ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 16. Usually the open voucher payable file is organized by a. vendor b. payment due date c. purchase order number d. transaction date ANS: B
PTS: 1
17. Which of the following statements is NOT correct? a. The voucher system is used to improve control over cash disbursements. b. The sum of the paid vouchers represents the voucher payable liability of the firm. c. The voucher system permits the firm to consolidate payments of several invoices on one voucher. d. Many firms replace accounts payable with a voucher payable system. ANS: B
PTS: 1
18. In the expenditure cycle, general ledger does not a. post the journal voucher from the accounts payable department b. post the account summary from inventory control c. post the journal voucher from the purchasing department d. reconcile the inventory control account with the inventory subsidiary summary ANS: C
PTS: 1
19. The documents in a voucher packet include all of the following except a. a check b. a purchase order c. a receiving report d. a supplier’s invoice ANS: A
PTS: 1
20. To maintain a good credit rating and to optimize cash management, cash disbursements should arrive at the vendor’s place of business a. as soon as possible b. on the due date c. on the discount date d. by the end of the month ANS: C
PTS: 1
21. Which of the following tasks is NOT performed by the cash disbursement clerk? a. Review the supporting documents for completeness and accuracy. b. Prepare checks. c. Sign checks. d. Mark the supporting documents paid. ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 22. When a cash disbursement in payment of an accounts payable is recorded a. the liability account is increased b. the income statement is changed c. the cash account is unchanged d. the liability account is decreased ANS: D
PTS: 1
23. Authorization for payment of an accounts payable liability is the responsibility of a. inventory control b. purchasing c. accounts payable d. cash disbursements ANS: C
PTS: 1
24. Of the following duties, it is most important to separate a. warehouse from stores b. warehouse from inventory control c. accounts payable and accounts receivable d. purchasing and accounts receivable ANS: B
PTS: 1
25. In a firm with proper segregation of duties, adequate supervision is most critical in a. purchasing b. receiving c. accounts payable d. general ledger ANS: B
PTS: 1
26. The receiving department is not responsible to a. inspect shipments received b. count items received from vendors c. order goods from vendors d. safeguard goods until they are transferred to the warehouse ANS: C
PTS: 1
27. The major risk exposures associated with the receiving department include all of the following except a. goods are accepted without a physical count b. there is no inspection for goods damaged in shipment c. inventories are not secured on the receiving dock d. the audit trail is destroyed ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 28. When searching for unrecorded liabilities at the end of an accounting period, the accountant would search all of the files except a. the purchase requisition file b. the cash receipts file c. the purchase order file d. the receiving report file ANS: B
PTS: 1
29. In regards to the accounts payable department, which statement is NOT true? a. The purchase requisition shows that the transaction was authorized. b. The purchase order proves that the purchase was required. c. The receiving report provides evidence of the physical receipt of the goods. d. The supplier’s invoice indicates the financial value of the transaction. ANS: B
PTS: 1
30. Which of the following is NOT a control over the risk of unauthorized inventory purchases? a. Transaction authorization b. Automated purchase approval c. Scanner technology d. All of the above are controls over the risk of unauthorized inventory purchases. ANS: C
PTS: 1
31. Firms can expect that proper use of a valid vendor file will result in all of the following benefits except a. Purchases from unapproved vendors will be prevented. b. Purchases from fictitious vendors will be detected. c. The most competitive price will be obtained. d. The risk of purchasing agents receiving kickbacks and bribes will be reduced. ANS: C 32.
PTS: 1
The greatest risk of theft occurs a. in the receiving department b. in the warehouse c. in the mailroom d. both a. and b. ANS: D
PTS: 1
33. The document which will close the open purchase requisition file is the a. purchase order b. vendor invoice c. receiving report d. payment voucher ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 34. Goods received are inspected and counted to a. determine that the goods are in good condition b. determine the quantity of goods received c. preclude payment for goods not received or received in poor condition d. all of the above ANS: D
PTS: 1
35. If a company uses a standard cost system, inventory records can be updated from the a. vendor invoice b. purchase order c. receiving report d. purchase requisition ANS: C
PTS: 1
36. If a company uses an actual cost system, inventory records can first be updated from the a. vendor invoice b. purchase order c. receiving report d. purchase requisition ANS: A
PTS: 1
37. Copies of a purchase order are sent to all of the following except a. inventory control b. receiving c. general ledger d. accounts payable ANS: C
PTS: 1
38. The receiving report a. is used to update the actual cost inventory ledger b. accompanies the goods to the storeroom c. is sent to general ledger d. is returned to the vendor to acknowledge receipt of the goods ANS: B
PTS: 1
39. A copy of the purchase order (PO) is sent to the a. vendor b. accounts payable function c. receive goods function d. all of the above ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 40. The cash disbursement function is a. part of accounts payable b. an independent accounting function c. a treasury function d. part of the general ledger department ANS: C
PTS: 1
SHORT ANSWER 1. Which internally generated document should be compared to the supplier’s invoice to verify the price of an item? ANS: purchase order PTS: 1 2. Which internally generated document should be compared to the supplier’s invoice to verify the quantity being billed for? ANS: receiving report PTS: 1 3. Discuss three specific physical controls to mitigate the risk of inaccurate record keeping. ANS: transaction authorization – AP authorizes cash disbursements to make payment accounting records – audit trail documents, journals, accounts and files independent verification – inventory control, AP, cash disbursements, and GL PTS: 1 4. List specific jobs that should be segregated to prevent misappropriation of cash and inventory. ANS: cash disbursements, general ledger, AP function, warehouse, inventory records PTS: 1 5. To provide proper authorization control for inventory, what two departments should be segregated? ANS: The inventory control department should be segregated from the purchasing department, which executes the purchase transaction. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 6. Describe an internal control procedure that would prevent payment of an invoice for goods that were never delivered. ANS: Accounts payable clerk should to a three-way match, reconciling the invoice, purchase order, and receiving report before preparing an AP packet. PTS: 1 7. What documents are involved in a three-way match and what role does each play in this control? ANS: 1. The PO, which shows that the purchasing agent ordered needed items from a valid vendor. 2. The receiving report, which is evidence of the physical receipt of goods and their condition. The reconciliation of this document with the PO signifies the obligation to pay. 3. The supplier’s invoice, which provides the financial information needed to record the AP. The AP clerk verifies the prices are reasonable based on the information on the PO. PTS: 1 8. Explain why supervision is so important in the receiving department. ANS: Receiving departments are sometimes hectic and cluttered exposing incoming inventories to theft until they are secured in the warehouse. Inadequate supervision can create an environment conducive to the theft of inventories in transit. PTS: 1 9. Explain the role that the GL plays in reducing the risk of inaccurately recording transactions in journals and ledgers. ANS: The GL function provides an important independent verification in the system by verifying that the total obligations recorded equal the total inventories received and that the total reductions in AP equals the total disbursements of cash. PTS: 1 10. What are some of the risks of placing the decision of what, when and where to buy solely at the discretion of the purchasing agent? ANS: The result can be excessive inventory for some items, which ties up cash reserves, and stock-outs for other items which leads to lost sales and manufacturing delays. Such discretion can also lead to frauds such as kick-backs to purchasing agents from unapproved suppliers who overcharge for their inventory. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 11. What are the major differences between a basic technology purchasing system and an integrated purchases processing system? ANS: The level of departmental activity is significantly lower in an integrated system. Computer programs perform many clerical tasks which is cheaper and less prone to error. Personnel responsibilities are refocused on financial analysis and exception-based problem solving, resulting in smaller and more efficient departments. PTS: 1 12. Why should the copy of a purchase order, which is sent to receiving, be a “blind” copy? ANS: to force workers in receiving to count and inspect the goods received PTS: 1 13. What is(are) the purpose(s) of maintaining a valid vendor file? ANS: Inventories should only be acquired from valid vendors. This control procedure helps to deter the purchasing agent from buying inventories at excessive costs and receiving kickbacks or from buying from an entity in which the purchasing agent has a relationship, such a relative or a friend. PTS: 1 14. An objective of segregation of duties is to structure the organization so that the perpetration of a fraud requires collusion between two or more individuals. What must a company do to achieve this objective? Why? ANS: Certain record-keeping tasks – subsidiary ledgers (AP and inventory), journals (purchases and cash disbursements, and the GL – should be separately maintained. An individual with total record-keeping responsibility, in collusion with someone with asset custody, is in a position to perpetrate a fraud. PTS: 1 15. What function or department typically initiates a purchase in a merchandising business? ANS: The inventory control function provides purchase authorization for merchandising firms. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 16. Where is access control exercised in the purchasing/cash disbursement functions? ANS: A firm must limit access to documents that control physical assets – purchase requisitions, purchase orders and receiving reports – to help prevent fraudulent transactions and payments. PTS: 1 17. Explain why a three way match may not be required for transactions covered by a trading partner agreement. ANS: Under a trading partner agreement the parties contractually agree to terms of trade such as price, quantities to be shipped, discounts, and lead times. With these sources of potential discrepancy eliminated, financial information about purchases is known in advance and the vendor’s invoice provides no critical information that cannot be derived from the receiving report. Thus, a three way match is unnecessary. PTS: 1 18. Name the key tasks associated with purchases procedures. ANS: Purchases procedures include the tasks of identifying inventory needs, placing the order, receiving the inventory, and recognizing the liability. PTS: 1 19. What is the purpose of the purchase requisition? ANS: When inventories drop to a predetermined reorder point, a purchase requisition is prepared and sent to the purchasing function to initiate the purchase process. While procedures will vary from firm to firm, typically a separate purchase requisition will be prepared for each inventory item as the need is recognized. PTS: 1 20. What is the purpose of the purchase order? ANS: The purchasing function receives the purchase requisitions and sorts them by vendor. Next, a purchase order (PO), comprising one or many purchase requisitions, is prepared for each vendor. These documents are then sent to their respective vendors. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 21. What is a blind copy of a purchase order and what is its purpose? ANS: A blind copy of the PO contains no quantity or price information about the products being received. The purpose of the blind copy is to force the receiving clerk to count and inspect inventories prior to completing the receiving report. PTS: 1 22. What is the purpose of a receiving report? How are copies of the report distributed? ANS: Upon completion of the physical count and inspection of the items received, the receiving clerk prepares a receiving report stating the quantity and condition of the inventories. This receiving report is sent to various other functions for reconciliation and updating of records. One copy of the receiving report accompanies the physical inventories to either the raw materials storeroom or finished goods warehouse for safekeeping. Another copy is filed in the open/closed PO file to close out the PO. A third copy of the receiving report is sent to the AP department, where it is filed in the AP pending file. A fourth copy of the receiving report is sent to inventory control for updating the inventory records. Finally, a copy of the receiving report is placed in the receiving report file. PTS: 1 23. What is the purpose of the supplier’s invoice? ANS: The supplier’s invoice triggers the three-way match and the AP recognition process. During the course of the transaction, the AP department has received and temporarily filed copies of the PO and receiving report. The organization has received inventories from the vendor and has realized an obligation to pay for them. The firm has not, however, received the supplier’s invoice which contains financial information needed to record the transaction. The firm will thus defer recording (recognizing) the liability until the invoice arrives. PTS: 1 24. What is the principle objective of the cash disbursement system? ANS: The principal objective of this system is to ensure that timely and accurate payments are made to only valid creditors. If the system makes payments early, the firm forgoes interest income that it could have earned on the funds. If obligations are paid late, however, the firm will lose purchase discounts or may damage its credit standing.
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 25. What are the six classes of physical internal controls? What is the purpose of these controls? ANS: The six classes of physical internal controls are: transaction authorization, segregation of duties, supervision, accounting records, access controls and independent verification. The purpose of physical controls is to control the actions of people. PTS: 1 26. What is an AP packet? ANS: The AP packet consists of the supporting documents (PO, receiving report, and invoice). Once reconciled, the AP packet is the formal authority to record the liability and subsequently make payment. PTS: 1 27. Identify three IT controls in the expenditure cycle. ANS: Error messages, passwords, file backup. PTS: 1 28. What is the objective of automated purchase approval? ANS: The objective is to prevent unauthorized purchases from unapproved vendors. Computer logic, not a human being, decides when, what and from where to make purchases. PTS: 1
ESSAY 1. Differentiate between a purchase requisition and a purchase order. ANS: A purchase requisition is completed by the inventory control department when a need for inventory items is detected. Purchase requisitions for office supplies and other materials may also be completed by staff departments such as marketing, finance, accounting, and personnel. The purchasing department receives the purchase requisitions, and if necessary, determines the appropriate vendor. If various departments have requisitioned the same items, the purchasing department may consolidate all requests into one order so that any quantity discounts and lower freight charges may be taken. In any case, the purchasing department prepares the purchase order, which is sent to the vendor, accounts payable department, and the receiving department (blind copy). PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 2. Assuming the organization uses the perpetual inventory method, what general ledger journal entries are triggered by the purchases system? From which departments do these journal entries arise? ANS: (Accounts Payable) Inventory Control Accounts Payable
Debit Credit
(Cash Disbursements) Accounts Payable Cash
Debit Credit
PTS: 1
3. The Soap Manufacturing Company has three employees who work in the warehouse. All of the warehouse workers are authorized to order inventory when it falls below the reorder level. The workers complete a purchase order and mail it to the supplier of their choice. The inventory is delivered directly to the warehouse. The workers send a memo to accounts payable reporting the receipt of inventory. Accounts payable compares the warehouse memo to the supplier’s invoice. Accounts payable prepares a check which the treasurer signs. Discuss potential internal control risks inherent in this system. ANS: Placing this much authority in the hands of the warehouse workers can result in inappropriate inventory levels – either too much which ties or cash reserves or too little resulting in manufacturing delays or lost sales. This can also lead to frauds such as kick-backs from unapproved suppliers or fraudulent transactions as the workers both perform record-keeping and have physical custody of the assets. Warehouse workers should prepare a purchase requisition and send it to purchasing to prepare the PO. Inventory should be delivered to the receiving department where a receiving report is prepared using a blind copy of the original PO. Accounts payable should receive a copy of the purchase requisition, PO, and receiving report and compare them to the supplier invoice. Cash disbursements, not AP, should prepare the check. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 4. Explain how a voucher payable system works. How is the balance of AP determined? ANS: In place of a standard accounts payable system, many firms use a voucher payable system. The AP department prepares cash disbursement vouchers which are recorded in a voucher register. After a clerk performs the three-way match, a cash disbursement voucher is prepared to approve payment. Vouchers provide improved control over cash disbursements and allow firms to consolidate several payments to the same supplier on a single invoice, reducing the number of checks written. The sum of all unpaid vouchers is the AP balance. PTS: 1
5. Discuss the steps taken in the purchasing department in a basic technology expenditure cycle. ANS: The purchasing department receives purchase requisitions, sorts them by vendor, and adds a record to the digital open purchase order file. The clerk prints a multipart PO for each vendor. Copies are sent to the vendor, inventory control, and AP. A blind copy is sent to the receiving department. The clerk files the last copy along with the purchase requisition in the department. PTS: 1
6. What are the steps taken in the basis technology cash disbursement system? ANS: Each day the AP clerk reviews the AP packets in the open AP file for items due and sends the supporting documents to the cash disbursements department. Cash disbursements reviews the documents for completeness and accuracy and prepares a three-part check, recording the check number, dollar amount and other pertinent data in the check register. The check and supporting documents goes to the cash disbursements manager or treasurer for signature. Negotiable portion of the check is mailed to the supplier. The clerk returns the AP packet and check copy to AP and files the other copy of the check. Entries made to the check register are summarized and sent to the GL department as a journal voucher. AP clerk removes the liability by debiting the vendor’s digital AP subsidiary record, files the AP packet and sends an AP summary to GL. Based on documents received from cash disbursements and AP, the GL clerk posts to the control account and files the documents. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 7. What are steps taken in the receiving department under a basic technology expenditure cycle? ANS: The receiving department clerk receives the goods and packing slip from the vendor and reconciles the goods with the blind copy of the PO. Upon completion, the clerk adds a digital record to the receiving report file and prints a multi-part hard copy report stating the quantity and condition of the inventories. One copy of the receiving report accompanies the goods to the storeroom. The blind copy and packing slip are filed in the receiving department. The other copies of the receiving report are sent to the purchasing department, inventory control, and the AP department. PTS: 1 8. Discuss the edits that are programmed into a system to minimize the risk for data input errors. ANS: Controls, including checks for missing data, numeric-alphabetic data, and invalid data values will reduce the risk of undetected data entry errors by AP, inventory control, receiving and cash disbursement clerks. Check digit control will provide control over accessing the wrong accounts. PTS: 1 9. Why do companies devote resources to a purchasing department? Could not individual departments make their own purchases more efficiently? ANS: The purchasing function is extremely important to a business. The members of the department work closely with suppliers to assure that the goods ordered are appropriately selected, priced, and delivered. One of the tasks of purchasing is to monitor the performance of vendors and maintain an approved vendor list. After a requesting department submits a purchase requisition, purchasing prepares a purchase order. Hence the authorization occurs outside of purchasing separate from the processing of the purchase. Significant separation of duties is built into this system: the same party cannot authorize and initiate the transaction. Purchasing employees cannot initiate a purchase. This could be a problem if vendors try to influence the purchasing staff for favorable treatment. PTS: 1 10. What are the key authorization issues in purchasing and cash disbursements? ANS: Inventory control monitors inventory and authorizes restocking with a purchase requisition. Purchasing acts on the purchase requisition, it does not initiate the process. Accounts payable authorizes the cash disbursement. The cash disbursement function cannot produce checks on its own without authorization from accounts payable. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 11. Identify six classes of physical controls employed in the expenditure cycle and give one example of each. ANS: 1. Transaction Authorization a. When inventory levels drop to their predetermined reorder points, inventory control formally authorizes replenishment with a purchase requisition. b. The AP function authorizes cash disbursements via the AP packet. To provide effective control over the flow of cash from the firm, the cash disbursement function should not write checks without this explicit authorization. 2. Segregation of Duties a. Segregation of inventory control from the warehouse. Inventory control keeps the detailed records of the asset, while the warehouse (stores) has asset custody. b. Segregation of accounts payable from cash disbursements. An individual with responsibilities for establishing accounts payable and writing checks in payment of accounts payable could perpetrate a fraud. 3. Supervision a. Critical in the receiving department to ensure that receiving reports are completed correctly and that goods are physically counted and inspected. b. Supervision is also important to prevent theft from the time goods are received until they are secured in the warehouse. 4. Accounting Records a. The control objective of accounting records is to maintain an audit trail adequate for tracing a transaction from its source document to the financial statements. The expenditure cycle employs the following accounting records: AP subsidiary ledger, check register, and general ledger. 5. Access Controls a. A firm must limit access to documents that control its physical assets. 6. Independent Verification a. The receiving department verify that goods received are correct in type and quantity and inspect them for condition. A blind PO forces clerks to physically count and inspect the goods. b. The general ledger function provides an important independent verification in the system. It receives journal vouchers and summary reports from inventory control, AP, and cash disbursements. From these sources, the general ledger function verifies that the total obligations recorded equal the total inventories received and that the total reductions in AP equal the total disbursements of cash. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 12. Describe two areas where segregation of duties is important in the expenditure cycle. ANS: 1. SEGREGATION OF INVENTORY CONTROL FROM THE WAREHOUSE. Inventory control keeps the detailed records of the asset, while the warehouse (stores) has asset custody. At any point, an auditor should be able to reconcile inventory records to the physical inventory. 2. SEGREGATION OF ACCOUNTS PAYABLE FROM CASH DISBURSEMENTS. An individual with responsibilities for establishing accounts payable and writing checks in payment of accounts payable could perpetrate a fraud. PTS: 1 13. Describe how the IT controls of automated purchase approval and automated postings to subsidiary and general ledger accounts help reduce risk. What is necessary to ensure these controls function properly? ANS: The objective of automated purchase approval is to prevent unauthorized purchases from unapproved vendors. Computer logic, not humans, make the purchase decisions based on purchase requisitions and the valid vendor file. Proper functioning of this control depends on adequate procedures for identifying vendors and placing them on the valid vendor list. Automated postings eliminate the human element, reducing the possibility of errors and fraud. A computer application, which is not subject to situational pressures or ethical standards, decides which accounts to update and by how much. Since these are labor intensive activities, automation greatly improves efficiency. These benefits depend upon the proper functioning of the computer application performing the tasks. The system development and program change process is critical to ensuring proper operation of the system.
PTS: 1
14. Describe four tasks the purchases computer application performs automatically in the integrated purchases processing system. ANS: 1. The system reads the purchases requisition file for items that need to be replenished. The requisitions are then sorted by the vendor and matched against the valid vendor file for vendor address and contact information. 2. Hard-copy purchase orders are prepared and sent to the vendor. 3. A record is added to the open PO file. 4. A digital transaction listing of POs is created, which is downloaded by the purchasing agent, reviewed, and filed in the department. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 5 15. Describe four tasks the receiving computer application performs automatically in the integrated purchases processing system. ANS: 1. A record is added to the receiving report file. 2. Quantities of items received are matched against the open PO record, and the PO is closed by placing the receiving report number in the PO closed flag. 3. The inventory subsidiary records are updated to reflect the receipt of the inventory items. 4. The general ledger inventory control account is updated. PTS: 1 16. Describe four tasks the accounts payable department computer application performs automatically in the integrated purchases processing system. ANS: 1. Using the PO number as a common attribute, the system links the vendor invoice to the associated purchase order and receiving report records. 2. The system reconciles the supporting documents and creates a virtual AP packet to authorize payment. 3. The system displays the virtual AP packet on the AP clerk’s computer screen for review. 4. Assuming no discrepancies that demand the AP clerk’s intervention, the system automatically approves payment and sets a payment due date. PTS: 1 17. Describe the five procedures that are performed on items that are due in the integrated cash disbursements system. ANS: 1. Checks are automatically printed, signed, and distributed to the mail room for mailing to vendors. Checks above a preset materiality threshold will receive additional signatures prior to being mailed. 2. The payments are automatically recorded in the check register file. 3. Vendor invoices are closed by placing the check number in the closed flag field. 4. The general ledger AP control and cash accounts are updated. 5. Reports detailing these transactions are transmitted via a terminal to the AP and cash disbursements departments for management review and filing. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6
Chapter 6—The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures TRUE/FALSE 1. Time cards are used by cost accounting to allocate direct labor charges to work in process. ANS: F
PTS: 1
2. The personnel department authorizes changes in employee pay rates. ANS: T
PTS: 1
3. Most small organizations integrate payroll processing with the human resource management (HRM) system. ANS: F
PTS: 1
4. To improve internal control, paychecks should be distributed by the employee's supervisor. ANS: F
PTS: 1
5. Employee paychecks should be drawn against a special checking account. ANS: T
PTS: 1
6. Because a time clock is used, no supervision is required when employees enter and leave the work place. ANS: F
PTS: 1
7. Inventory control performs the formal record keeping function for fixed assets. ANS: F
PTS: 1
8. The depreciation schedule shows when assets are fully depreciated. ANS: T
PTS: 1
9. Authorization to dispose of fixed assets should be issued by the user of the asset. ANS: F
PTS: 1
10. Work-in-process records are updated by payroll personnel. ANS: F
PTS: 1
11. Ideally, payroll checks are written on a special bank account used only for payroll. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 12. The supervisor is the best person to determine the existence of a “phantom employee” and should distribute paychecks. ANS: F
PTS: 1
13. Payroll processing can be automated easily because accounting for payroll is very simple. ANS: F
PTS: 1
14. Timekeeping is part of the personnel function. ANS: F
PTS: 1
15. Fixed asset accounting systems include cost allocation and matching procedures that are not part of routine expenditure systems. ANS: T
PTS: 1
16. Asset maintenance involves only the recording of depreciation charges. Physical improvements are always expensed. ANS: F
PTS: 1
17. Fixed Asset Systems must keep track of the physical location of each asset to promote accountability. ANS: T
PTS: 1
18. Time cards capture the total time an individual worker spends on each production job. ANS: F
PTS: 1
19. Accounting conventions and IRS rules sometime specify the depreciation parameters to be used. ANS: T
PTS: 1
20. The fixed asset disposal report authorizes the user department to dispose of a fixed asset. ANS: F
PTS: 1
21. Work centers provide the personnel action form, which triggers the payroll process. ANS: F
PTS: 1
22. The payroll department is responsible for both updating the employee records and writing paychecks. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 23. The paymaster distributes paychecks to work center supervisors. ANS: F
PTS: 1
24. Inventory control authorizes fixed asset purchases with a purchase requisition. ANS: F
PTS: 1
25. When fixed assets are received, the receiving clerk sends copies of the receiving report to the inventory control clerk and the AP clerk. ANS: F
PTS: 1
MULTIPLE CHOICE 1. The document that captures the total amount of time that individual workers spend on each production job is called a a. time card b. job ticket c. personnel action form d. labor distribution form ANS: B
PTS: 1
2. An important reconciliation in the payroll system is a. general ledger compares the labor distribution summary from cost accounting to the disbursement voucher from accounts payable b. personnel compares the number of employees authorized to receive a paycheck to the number of paychecks prepared c. production compares the number of hours reported on job tickets to the number of hours reported on time cards d. payroll compares the labor distribution summary to the hours reported on time cards ANS: A
PTS: 1
3. Which internal control is not an important part of the payroll system? a. Supervisors verify the accuracy of employee time cards. b. Paychecks are distributed by an independent paymaster. c. Accounts payable verifies the accuracy of the payroll register before transferring payroll funds to the general checking accounting. d. General ledger reconciles the labor distribution summary and the payroll disbursement voucher. ANS: C
PTS: 1
4. Which transaction is not processed in the Fixed Asset System? a. purchase of building b. improvement of equipment c. purchase of raw materials d. sale of company van ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 5. Depreciation a. is calculated by the department that uses the fixed asset b. allocates the cost of the asset over its useful life c. is recorded weekly d. results in book value approximating fair market value ANS: B
PTS: 1
6. Depreciation records include all of the following information about fixed assets except a. the economic benefit of purchasing the asset b. the cost of the asset c. the depreciation method being used d. the location of the asset ANS: A
PTS: 1
7. Which control is not a part of the Fixed Asset System? a. formal analysis of the purchase request b. review of the assumptions used in the capital budgeting model c. development of an economic order quantity model d. estimates of anticipated cost savings ANS: C
PTS: 1
8. Objectives of the Fixed Asset System do not include a. authorizing the acquisition of fixed assets b. recording depreciation expense c. computing gain and/or loss on disposal of fixed assets d. maintaining a record of the fair market value of all fixed assets ANS: D 9.
PTS: 1
Which of the following is not a characteristic of the Fixed Asset System? a. Acquisitions are routine transactions requiring general authorization. b. Retirements are reported on an authorized disposal report form. c. Acquisition cost is allocated over the expected life of the asset. d. Transfer of fixed assets among departments is recorded in the fixed asset subsidiary ledger. ANS: A
PTS: 1
10. In the payroll subsystem, which function should distribute paychecks? a. personnel b. timekeeping c. paymaster d. payroll ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 11. Where does the responsibility lie for reconciling the labor distribution summary and the payroll disbursement voucher? a. cash disbursements b. cost accounting c. personnel d. general ledger ANS: D
PTS: 1
12. Which of the following statements is not true? a. Routine payroll processing begins with the submission of time cards. b. Payroll clerks must verify the hours reported on the time cards. c. Payroll reconciles personnel action forms with time cards and prepares paychecks. d. Cash disbursements signs paychecks and forwards them to the paymaster for distribution. ANS: B
PTS: 1
13. In a manufacturing firm, employees use time cards and job tickets. Which of the following statements is not correct? a. Job tickets are prepared by employees for each job worked on, so an employee may have more that one job ticket on a given day. b. An individual employee will have only one time card. c. The time reported on job tickets should reconcile with the time reported on time cards. d. Paychecks should be prepared from the job tickets. ANS: D
PTS: 1
14. Which department is responsible for approving changes in pay rates for employees? a. payroll b. treasurer c. personnel d. cash disbursements ANS: C
PTS: 1
15. Which of the following situations represents an internal control weakness? a. Timekeeping is independent of the payroll department. b. Paychecks are distributed by the employees’ immediate supervisor. c. Time cards are reconciled with job tickets. d. Personnel is responsible for updating employee records, including creation of records for new hires. ANS: B
PTS: 1
16. Why would an organization require the paymaster to deliver all unclaimed paychecks to the internal audit department? a. to detect a “phantom employee” for whom a check was produced b. to prevent an absent employee’s check from being lost c. to avoid paying absent employees for payday d. to prevent the paymaster from cashing unclaimed checks ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 17. Which of the following is not a reasonable control for fixed assets? a. Proper authorization is required for acquisition and disposal of fixed assets. b. Fixed asset records show the location of each asset. c. Fully depreciated assets are immediately disposed of. d. Depreciation policies are in writing. ANS: C
PTS: 1
18. Cost accounting updates work-in-process accounts from a. time cards b. the labor distribution summary c. job tickets d. personnel action forms ANS: C
PTS: 1
19. Payroll uses time card data to do all of the following except a. prepare the payroll register b. update employee payroll records c. prepare the labor distribution summary d. prepare paychecks ANS: C
PTS: 1
20. Payroll checks are typically drawn on a. the regular checking account b. a payroll imprest account c. a wages payable account d. petty cash ANS: B
PTS: 1
21. The personnel action form provides authorization control by a. preventing paychecks for terminated employees b. verifying pay rates for employees c. informing payroll of new hires d. all of the above ANS: D
PTS: 1
22. Accounting records that provide the audit trail for payroll include all of the following except a. time cards b. job tickets c. payroll register d. accounts payable register ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 23. Personnel action forms are used to do all of the following except a. activate new employees b. terminate employees c. record hours worked d. change pay rates ANS: C
PTS: 1
24. The payroll department performs all of the following except a. prepares the payroll register b. distributes paychecks c. updates employee payroll records d. prepares paychecks ANS: B
PTS: 1
25. The document that records the total amount of time spent on a production job is the a. time card b. job ticket c. labor distribution summary d. personnel action form ANS: C
PTS: 1
26. A control technique that can reduce the risk of a terminated employee being paid is a. a security camera viewing the time clock b. the supervisor taking role during the shift c. paychecks being distributed by an independent paymaster d. reconciliation of time cards and job tickets ANS: C
PTS: 1
27. Accounts payable a. signs paychecks b. prepares the payroll voucher c. reconciles time cards and employee records d. distributes paychecks to employees ANS: B
PTS: 1
28. All of the following are processed by the Fixed Asset System except a. sale of unneeded equipment b. purchase of raw materials c. repair of production equipment d. purchase of a new plant ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 29. The Fixed Asset System performs all of the following except a. determines the need for new assets b. maintains depreciation records c. records retirement and disposal of assets d. tracks the physical location of fixed assets ANS: A
PTS: 1
30. The payroll department performs all of the following except a. prepares paychecks b. transfers adequate funds to the payroll imprest account c. updates employee payroll records d. prepares the payroll register ANS: B
PTS: 1
31. Depreciation a. assures that assets are reported at fair market value b. is discretionary for many firms c. allocates the cost of an asset over its useful life d. is the responsibility of the department using the asset ANS: C
PTS: 1
32. The Fixed Asset System is similar to the expenditure cycle except a. fixed asset transactions are non-routine and require special authorization and controls b. fixed assets are capitalized, not expensed c. both a and b d. none of the above ANS: C
PTS: 1
33. Asset maintenance involves a. the recording of periodic depreciation b. adjusting the asset records to reflect the cost of physical improvements c. keeping track of the physical location of the assets d. all of the above ANS: D
PTS: 1
34. The Fixed Asset Systems does all of the following except a. records acquisition of assets b. records improvements to assets c. estimates the fair market value of assets in service d. records the disposal of assets ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 35. Asset disposal a. occurs as soon as an asset is fully depreciated b. requires no special authorization c. automatically initiates the purchase of a replacement asset d. must follow formal authorization procedures ANS: D
PTS: 1
36. Which of the following uses fingerprint or hand-vein scan technology to produce the time and attendance file? a. Biometric time clocks b. Magnetic swipe ID cards c. Mobile remote devices d. Proximity cards ANS: A 37.
Which of the following works like a credit card with the time clock? a. Biometric time clocks b. Magnetic swipe ID cards c. Mobile remote devices d. Proximity cards ANS: B
38.
PTS: 1
Which of the following is popular among businesses with employees in the field who travel between clients and companies with foreign-based employees? a. Biometric time clocks b. Magnetic swipe ID cards c. Mobile remote devices d. Proximity cards ANS: C
40.
PTS: 1
Which of the following works through wallets, purses and card holders? a. Biometric time clocks b. Magnetic swipe ID cards c. Mobile remote devices d. Proximity cards ANS: D
39.
PTS: 1
PTS: 1
Which of the following is NOT an input control to reduce the risks of data entry errors and payroll fraud for a company with a mobile or distributed work force? a. Limit tests that detect excessive hours b. Check digits that detect transcription errors in employee identification c. Biometric scanners, swipe cards, and PINS d. Multilevel security that achieves segregation of duties ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 SHORT ANSWER 1. Describe an internal control procedure that would prevent an employee from punching the time clock for another, absent employee. ANS: supervision of the time clock at the start of the shift PTS: 1 2. Why should the employee’s supervisor not distribute paychecks? ANS: A form of payroll fraud involves a supervisor submitting fraudulent time cards for nonexistent employees. The resulting paychecks, when returned to the supervisor are then cashed by the supervisor. PTS: 1 3. Describe an internal control procedure that would prevent a supervisor from stealing the unclaimed paychecks of employees who have been terminated. ANS: This type of fraud can be reduced or eliminated by using a paymaster to distribute paychecks to employees in person. Any uncollected paychecks are then returned to payroll. Also, mail final paychecks to terminated employees. PTS: 1 4. Why should employee paychecks be drawn against a special checking account? ANS: A separate imprest account is established for the exact amount of the payroll based on the payroll summary. When the paychecks are cashed, this account should clear leaving a zero balance. Any errors in checks (additional checks or abnormal amounts) would result in a non-zero balance in the imprest account and/or some paycheck would not clear. This will alert management to the problem so corrective action can be taken. PTS: 1 5. Why should employees clocking on and off the job be supervised? ANS: A form of payroll fraud involves employees clocking the time cards of absent employees. By supervising the clocking in and out process, this fraud can be reduced or eliminated. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 6. What is a personnel action form? ANS: The personnel action form provides the payroll department with a list of currently active employees, so that any submission of time cards by supervisors for fictitious or ex-employees will not be processed. PTS: 1 7. In a manufacturing firm, employees typically fill out two different documents regarding their time worked. What are they? Why are there two? ANS: The two documents are the time card and the job ticket. Two are required because the time card records all the time worked by an employee during the period while the job ticket details the time by project. PTS: 1 8. List two types of authorization required in the Fixed Asset System. ANS: authorization to purchase the asset and to dispose of the asset PTS: 1 9. List four types of data that appear on a depreciation schedule. ANS: item description, depreciation method, useful life, date acquired, cost, salvage value, accumulated depreciation, depreciation expense per period, book value PTS: 1 10. Which documents prompt the fixed asset department to create a fixed asset record? ANS: the receiving report and the disbursement voucher PTS: 1 11. Describe an internal control that would prevent an employee from stealing a computer and then reporting it as scrapped. ANS: Supervisors must authorize the disposal of the computer. Unless so authorized, the record will continue to show that the employee is responsible for the computer. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 12. Describe an internal control that would prevent the payment of insurance premiums on an automobile that is no longer owned by the company. ANS: Perform an annual physical inventory of fixed assets and adjust the records to reflect assets no longer on hand. Prepare reports about the disposal of assets. PTS: 1 13. Describe an internal control that would prevent the charging of depreciation expense to the maintenance department for a sweeper that is now located in and used by the engineering department. ANS: Prepare reports about the transfer of fixed assets. Perform an annual physical inventory and note the location of assets. Budget and then hold each department accountable for depreciation expense for assets located in each department. PTS: 1 14. Describe an internal control that would prevent the acquisition of office equipment which is not needed by the firm. ANS: A higher organizational level or other appropriate person authorizes fixed asset acquisitions; part of the authorization is showing that a need for the asset exists. PTS: 1 15. What negative consequences can result from miscalculated depreciation? ANS: Miscalculated depreciation can result in the material misstatement of operating expenses, reported earnings, asset values, and may result in premature disposal of otherwise serviceable assets. PTS: 1 16. Explain the purpose of each of the following documents used in the payroll system: the personnel action form, the job ticket, the time card. ANS: The personnel action form is a document which identifies employees who should receive a paycheck; reflects changes in pay rates, payroll deductions, and job classifications. The job ticket collects information on the time individual workers spend on each production job. The time card captures the total time that an employee is at work. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 17. How do Fixed Asset Systems differ from the expenditure cycle? ANS: The fixed asset system processes nonroutine transactions for a wider group of users in the organization than the expenditure cycle. Further, the expenditure cycle processes routine acquisitions of raw materials inventories for the production function and finished goods inventories for the sales function. The expenditure cycle transactions are oftentimes automatically approved by the system, while fixed asset transaction approvals typically demand individual attention due to the uniqueness of the transactions. PTS: 1 18. What is recorded by the asset maintenance part of the Fixed Asset System? ANS: periodic depreciation following an approved depreciation schedule and physical improvements to the asset to increase the subsidiary account and to adjust the depreciation schedule PTS: 1 19. How are the following carried out in the Fixed Asset System: authorization, supervision, independent verification? ANS: Independent authorization is required to acquire an asset and to formalize the depreciation schedule. Supervision must be exercised over the physical assets. Independent verification must confirm the location, existence, and condition of the assets. PTS: 1 20. Which department authorizes changes to employee pay rates? ANS: The personnel department via the personnel action form PTS: 1 21. Erroneous data in the payroll system can corrupt WIP, employee records and the payroll register. What edit controls will minimize this risk? ANS: 1. Controls including checks for missing data, numeric-alphabetic data, and invalid data values will reduce the risk of undetected data entry errors by clerks in the cost accounting, personnel, payroll, accounts payable, and cash disbursements departments. 2. Check digit control will provide control over accessing the wrong employee records by payroll and personnel clerks. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 22. Describe three process controls that pertain to payroll application logic. ANS: 1. ERROR MESSAGES. Any mismatch when posting time card or personnel action data to employee records should produce an error message to the computer operator. 2. PASSWORDS. Password control should be implemented on department computers to reduce the risk of unauthorized access to payroll files. The system logic should require, and prompt, users to change passwords periodically. Only strong passwords consisting of six to eight alphabetic and numeric characters should be accepted. 3. FILE BACKUP. Backup procedures need to be in place to reduce the risk of data loss due to file destruction and/or corruption. PTS: 1 ESSAY 1. The Golf Club Company makes custom golf clubs. The manufacturing supervisor interviews people who have specialized manufacturing skills, and he informs payroll when an employee is hired. The employees use a time clock to record the hours they work. The employees are also required to keep a record of the time they spend working on each order. The supervisor approves all time cards. The accountant analyzes the job tickets and prepares a labor distribution summary. Payroll prepares the payroll register and paychecks. The supervisor distributes the paychecks to the employees. Payroll informs cash disbursement of the funds required to cover the entire payroll amount. The cash disbursements clerk ensures that there are adequate funds in the company's regular checking account to cover the payroll. Describe at least three internal control weaknesses; for each weakness suggest an improvement to internal control. ANS: WEAKNESS: The supervisor could be creating fictitious employees. The supervisor has too many incompatible duties; he hires workers, approves the time cards, and distributes the paychecks. IMPROVEMENT: Segregate duties. Personnel should hire employees and a paymaster should distribute paychecks. WEAKNESS: Employees could be paid for time they do not work; a co-worker could record an absent worker as present (punch the time clock). IMPROVEMENT: Supervise the time clock. Reconcile time cards and job time tickets. WEAKNESS: Payroll has authorization and transaction processing responsibilities. Payroll is authorizing the disbursement to fund the entire payroll. Accounts payable is not part of the system. IMPROVEMENT: Segregate duties; accounts payable should verify the accuracy of the payroll register and create a disbursement voucher. WEAKNESS: Payroll is funded through the general checking account. IMPROVEMENT: Paychecks should be written on a separate payroll account. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 2. Explain the integration of payroll with the human resource management (HRM) system that often happens in moderate and large sized organizations. ANS: The HRM system captures and processes a wide range of personnel-related data, including employee benefits, labor resource planning, employee relations, employee skills, internal training, personnel actions (pay rates, deductions and so on), and payroll processing. HRM systems provide real-time access to personnel files for purposes of direct inquiries and making changes in employee status as they occur. Human resource checks enter data into the employee record file in real time from terminals. PTS: 1 3. Three major tasks are handled by the Fixed Asset System. What is the purpose of each? What special control issues affect each? ANS: Asset acquisition handles the steps leading to the acquisition of new fixed assets: recognition of need, authorization and approval, possible capital investment analysis, and selection of supplier. Because of the value of fixed assets, special approvals are needed. Asset maintenance involves adjusting the subsidiary account balances for depreciation, and improvements and tracking location. Control involves accountability by keeping track of the physical location of each asset. Asset disposal handles the removal of assets from the subsidiary ledger when the asset is taken out of service. This requires special approval and preparation of a disposal report. PTS: 1 4. The Baccus Corp. manufactures medical equipment. This is a capital intensive industry and investments in fixed assets exceed $5 million a year. The minimum cost for production equipment is $75,000. When supervisors want new production machinery, they contact the plant manager. The plant manager approves or denies the request based on discussions with the production supervisor, the repair and maintenance supervisor, and the quality control supervisor. A purchase order is prepared by the purchasing department and sent to one of the three major suppliers of production machinery for medical equipment. The equipment is delivered immediately to the production floor and put into service. At the end of the month, the production supervisor informs the general ledger clerk about the receipt of the machinery. The general ledger clerk establishes an asset record for the machine. At the end of the year, the general ledger clerk computes straight-line depreciation based on a 10-year life with a 10 percent salvage value. Depreciation expense is recorded as a direct reduction of the asset cost. The repair department performs routine maintenance on all of the production equipment. Occasionally the repair department rebuilds a machine to extend its useful life. All of the costs associated with the repair department are charged to manufacturing overhead. When a machine becomes obsolete, production employees move it to a corner of the factory floor and break it down so that parts can be used in other machines. Production employees routinely remove parts for personal use. Some smaller machines have disappeared completely from the factory floor.
Accounting Information Systems, 9e—Test Bank, Chapter 6 The general ledger clerk takes a physical inventory every three years. About 75 percent of the fixed assets can be located and identified. Other assets have serial numbers that are inaccessible, so the item cannot be matched to a fixed asset record. Some fixed asset records cannot be traced to an actual item. Several machines that have been scrapped and are being used for spare parts were matched to fixed asset records. At the last inventory, the general ledger clerk did not make any adjustments to the fixed asset records explaining that 75 percent accuracy in the fixed asset physical inventory was excellent. Describe five internal control weaknesses and explain how to correct them. ANS: WEAKNESS: There is no written documentation of the approval for purchase. IMPROVEMENT: Fixed asset acquisitions should be formal and explicitly authorized. Each transaction should be initiated by a written request from the user or department. For high-value items, the authorization process should include a formal cost-benefit analysis and the solicitation of bids from suppliers. WEAKNESS: Fixed assets are delivered directly to the factory floor. IMPROVEMENT: All purchases should go through the receiving department before delivery. WEAKNESS: The production supervisor notifies the general ledger clerk about the receipt of fixed assets. IMPROVEMENT: The receiving department should send a copy of the receiving report to the fixed asset department. WEAKNESS: The general ledger clerk is maintaining fixed asset records. IMPROVEMENT: The fixed asset department should maintain fixed asset records. WEAKNESS: Depreciation is computed using a standard method, asset life, and salvage value. IMPROVEMENT: The method of depreciation used should reflect, as closely as possible, the asset’s actual decline in utility. The internal auditor should also review and verify the depreciation periodically. WEAKNESS: Depreciation is recorded as a direct reduction of the asset cost. IMPROVEMENT: Depreciation should be recorded in an Accumulated Depreciation account for each asset. WEAKNESS: Costs to rebuild a machine is charged to manufacturing overhead. IMPROVEMENT: Physical improvements that increase an asset’s value or extend its useful life should be treated as new asset acquisitions (an adjustment to the asset account). WEAKNESS: There is no authorization to scrap an obsolete machine. IMPROVEMENT: Obtain written authorization from management before a machine is scrapped. WEAKNESS: Employees remove equipment and equipment parts from the premises without authorization. IMPROVEMENT: Employees should receive explicit approval from a supervisor before removing parts or equipment from the factory.
Accounting Information Systems, 9e—Test Bank, Chapter 6 WEAKNESS: The general ledger clerk is conducting the physical inventory and maintaining the record keeping. IMPROVEMENT: The internal auditor, not the general ledger clerk should be taking the physical inventory count. Also, the physical count should occur more frequently. WEAKNESS: Fixed assets cannot be matched with records. IMPROVEMENT: Apply easily accessible labels to identify fixed assets. WEAKNESS: Fixed assets cannot be located and are not removed from the books. IMPROVEMENT: Fixed assets that cannot be located must be removed from the fixed asset records. WEAKNESS: Fixed assets that are scrapped remain on the books. IMPROVEMENT: Assets that are scrapped should be removed from the fixed asset records. WEAKNESS: The clerk regards 75% accuracy as excellent. IMPROVEMENT: Acceptance of 75% accuracy is poor. Any variation should be investigated and records updated. This should be done by the internal auditor. PTS: 1 5. Discuss outsourcing the payroll function. What are the advantages and risks? ANS: Many organizations outsource their payroll function by transferring all payroll processing tasks to a third-party provider. The service provide performs all the payroll functions and may receive data either from the firm or directly from the workers. The service provider must have access to sensitive internal information such as social security numbers and bank account information. The primary advantage of outsourcing is cost savings. The client organization avoids the salaries and benefit cost of an in-house payroll department, as well as continuing education required to keep up with ever-changing payroll laws. The risks are significant. An outside organization will have access to confidential employee data and the client firm’s financial resources. The service provider may have poor internal controls or act incompetently which could result in material errors or fraud. Outsourcing payroll does not relieve the client organization of its responsibility for implementing adequate internal controls. PTS: 1 6. Discuss the fundamental risk and control issues associated with fixed assets that are different from raw materials and finished goods. ANS: AUTHORIZATION CONTROLS. Because fixed assets are requested and employed by end-users asset acquisitions should be formal and explicitly authorized. Each transaction should be initiated by a written request from the user or department. In the case of high-value items, there should be an independent approval process that evaluates the merits of the request.
Accounting Information Systems, 9e—Test Bank, Chapter 6 SUPERVISION CONTROLS. Because capital assets are widely distributed around the organization, they are more susceptible to theft and misappropriation than inventories that are secured in a warehouse. Therefore, management supervision is an important element in the physical security of fixed assets. Supervisors must ensure that fixed assets are being used in accordance with the organization’s policies and business practices. Assets should not be removed from company premises without explicit approval. INDEPENDENT VERIFICATION CONTROLS. 1. Periodically, the internal auditor should review the asset acquisition and approval procedures to determine the reasonableness of factors including: the useful life of the asset, the original financial cost, proposed cost savings as a result of acquiring the asset, the discount rate used, and the capital budgeting method used in the analysis. 2. The internal auditor should verify the location, condition, and fair value of the organization’s fixed assets against the fixed asset records in the subsidiary ledger. 3. The depreciation charges calculated by the fixed asset system should be reviewed and verified for accuracy and completeness. Miscalculated depreciation can result in the material misstatement of operating expenses, reported earnings, and asset values, and may result in the premature disposal of otherwise serviceable assets. PTS: 1 7. Outline the key steps taken in a basic technology payroll system when preparing the weekly payroll for a manufacturing firm. ANS: Personnel action and time and attendance information from the personnel and production departments respectively, initiate the payroll process. The payroll department reconciles this information, calculates the payroll, and sends the paychecks to the paymaster for distribution to employees Cost accounting receives information regarding the time spent on each job from production. This is used for posting to accounts in the WIP subsidiary ledger. AP receives payroll summary information (payroll register) from the payroll department and authorizes the cash disbursements department to deposit a single check, in the amount of the total payroll, in a bank imprest account on which the payroll is drawn. The general ledger department reconciles summary information from cost accounting and AP. GL accounts are updated to reflect these transactions. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 6 8. Describe several technologies developed for producing the time and attendance fil in a modern business with telecommuting employees working from multiple locations. ANS: Biometric time clocks verify employees’ identities by using fingerprint or hand-vein scan technology. To protect employee privacy, these devices use a mathematical algorithm for verification rather than storing actual fingerprints in a database. Magnetic swipe ID cards work like a credit card. Each employee is issued an ID card that has a magnetic strip containing employee information. The employee swipes the card through the time clock to record start and end time on the job. For additional verification, the employee may be asked to enter a password or PIN. Proximity cards are similar to swipe cards but don’t require the user to slide the card through a reader. Instead, the employee places the card in front of the reader to record attendance time. The advantage is that these cards can be read through wallets, purses, and card holders. Mobile remote devices allow employees to clock in using handheld devices (PDA or cell phone) or web browsers from laptop computers. This option is popular among businesses with employees in the field who travel between clients and with companies engaged in global business with foreign-based employees. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
Chapter 7—The Conversion Cycle TRUE/FALSE
1. The philosophy of customer satisfaction permeates the world-class firm. ANS: T
PTS: 1
2. Reports generated by the cost accounting system include performance reports and budget reports. ANS: T
PTS: 1
3. The cost accounting system authorizes the release of raw materials into production. ANS: F
PTS: 1
4. Batch processing creates a homogeneous product through a continuous series of standard procedures. ANS: F
PTS: 1
5. The bill of materials specifies the types and quantities of the raw materials and subassemblies used in producing a single unit of finished product. ANS: T
PTS: 1
6. A purchase requisition authorizes the storekeeper to release materials to individuals or work centers in the production process. ANS: F
PTS: 1
7. Cement and petrochemicals are produced by the batch manufacturing method. ANS: F
PTS: 1
8. The objective of the Economic Order Quantity model is to reduce total inventory costs by minimizing carrying costs and ordering costs. ANS: T
PTS: 1
9. The work-in-process file is the subsidiary ledger for the work-in-process control account. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
10. Move tickets authorize the storekeeper to release materials to work centers. ANS: F
PTS: 1
11. Typically the only allocated cost in the value stream is a charge per square foot for the value stream production facility. ANS: T
PTS: 1
12. Computer Integrated Manufacturing focuses on reducing the complexity of the physical manufacturing layout of the shop floor. ANS: F
PTS: 1
13. The only objective of the Just-In-Time philosophy is to reduce inventory levels. ANS: F
PTS: 1
14. Accounting in a world-class manufacturing environment emphasizes standard cost and variance analysis. ANS: F
PTS: 1
15. ABC assigns cost to cost objects based on their use of activities. ANS: T
PTS: 1
16. The complexities of ABC have caused many firms to abandon this method in favor of a simpler accounting model called value stream accounting. ANS: T
PTS: 1
17. A company’s value stream includes all steps in a process, both essential and non-essential, for which the customer is willing to pay. ANS: F
PTS: 1
18. Lean manufacturing evolved from the Toyota Production System (TPS), which is based on the just-in-time (JIT) production model. ANS: T
PTS: 1
19. The two subsystems of a traditional conversion cycle are the production system and the delivery system. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
20. Manufacturing resources planning (MRP II) has evolved into enterprise resource planning (ERP). ANS: T
PTS: 1
21. Pull processing involves pulling products from the consumer end (demand), rather than pushing them from the production end (supply). ANS: T
PTS: 1
22. The inventory control function updates and maintains both raw materials and finished goods inventory subsidiary ledgers. ANS: T
PTS: 1
23. An excess materials requisition is a control that signals that a greater than standard quantity of materials is being ordered from the vendor. ANS: F PTS: 1
24. Cost accounting initiates a WIP account upon receiving the first move ticket of a batch. ANS: F
PTS: 1
25. A company’s value stream map depicts only the value added activities needed to complete a process or product. ANS: T
PTS: 1
MULTIPLE CHOICE 1. Which statement is true? a. World-class companies must maintain strategic agility and be able to turn on a dime. b. World-class companies motivate and treat employees like appreciating assets. c. Manufacturing firms that achieve world-class status do so by following a philosophy of lean manufacturing d. All the above are true
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
2. Which function is not a part of the batch production process? a. Plan and control production b. Prepare purchase orders c. Maintain inventory control d. Perform cost accounting
ANS: B 3.
PTS: 1
Lead time times daily demand is a. the economic order quantity b. safety stock c. the reorder point d. total inventory
ANS: C
PTS: 1
4. Which process creates a homogeneous product through a continuous series of standard procedures? a. batch process b. make-to-order process c. continuous process d. none of the above
ANS: C
PTS: 1
5. An example of a continuous process is the production of a. wedding invitations b. milk products c. jet aircraft d. all of the above
ANS: B
PTS: 1
6. All of the following are characteristics of batch processing except a. each item in the batch is similar b. batches are produced in accordance with detailed customer specifications c. batches are produced to replenish depleted inventory levels d. setting up and retooling is required for different batches
ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
7. When one of the following statements is true? a. ERP evolved directly from MRP. b. ERP evolved into MRP and MRP evolved into MRP II c. MRP II evolved from MRP and MRP II evolved into ERP d. None of the above is true.
ANS: C
PTS: 1
8. The production schedule is a. the expected demand for the firm’s finished goods for a given year b. the formal plan and authority to begin production c. a description of the type and quantity of raw materials and subassemblies used to produce a single unit of finished product d. the sequence of operations during manufacturing
ANS: B
PTS: 1
9. A move ticket a. is the formal plan and authority to begin production b. specifies the materials and production required for each batch c. records the work done in each work center d. authorizes the storekeeper to release materials to work centers
ANS: C
PTS: 1
10. The internal control significance of the excess materials requisition is that it a. indicates the amount of material released to work centers b. identifies materials used in production that exceed the standard amount allowed c. indicates the standard quantities required for production d. documents the return to raw materials inventory of unused production materials
ANS: B
PTS: 1
11. Inventory control performs all of the following tasks except it a. provides production planning and control with the inventory status report of finished goods b. updates the raw material inventory records c. prepares a materials requisition for each production batch d. records the completed production as an increase to finished goods inventory
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
12. The storekeeper releases raw materials based on the a. production schedule b. materials requisition c. work order d. bill of materials
ANS: B
PTS: 1
13. Which of the following is not an assumption of the Economic Order Quantity model? a. demand for the product is known with certainty b. total cost per year of placing orders is fixed c. lead time is known and is constant d. there are no quantity discounts
ANS: B
PTS: 1
14. Firms hold safety stock to compensate for a. mathematical weaknesses of the Economic Order Quantity model b. variations in lead time or daily demand c. fluctuations in carrying costs d. uncertainty in the estimation of ordering costs
ANS: B
PTS: 1
15. What is the economic order quantity if the annual demand is 10,000 units, set up cost of placing each order is $3 and the holding cost per unit per year is $2? a. 174 b. 123 c. 245 d. 116
ANS: A
PTS: 1
16. If the daily demand is 40 units and the lead time is 12 days, the reorder point is a. 40 units b. 48 units c. 480 units d. none of the above
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
17. Which statement is not correct? a. General ledger creates a new cost record upon receipt of a work order from production planning and control. b. Cost accounting updates the cost record with data gathered from the materials requisition. c. General ledger posts summary information about the manufacturing process based on a journal voucher prepared by cost accounting. d. Cost accounting computes variances and applies overhead to individual cost records.
ANS: A
PTS: 1
18. Which of the following is not a problem associated with standard cost accounting? a. Standard costing motivates management to produce large batches of products and build inventory. b. Applying standard costing leads to product cost distortions in a lean environment. c. Standard cost data are associated with excessive time lags that reduce its usefulness. d. The financial orientation of standard costing may promote bad decisions. e. All of the above are problems with standard costing.
ANS: E
PTS: 1
19. Computer integrated manufacturing includes all of the following technologies except a. robotics b. materials requirements planning c. automated storage and retrieval systems d. computer aided design
ANS: B
PTS: 1
20. Which of the following would not be included as a value stream cost? a. Labor costs of employees who simply transport the product from cell to cell. b. Labor costs of employees who design the product. c. A charge per square foot for the value stream production facility including cost of rent and building maintenance. d. All of the above are value stream costs
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
21. Which situation violates the segregation of functions control procedure? a. production planning and control is located apart from the work centers b. inventory control maintains custody of inventory items c. cost accounting has custody of and makes entries on cost records d. work centers record direct labor on job tickets
ANS: B
PTS: 1
22. All of the following are internal control procedures that should be in place in the conversion cycle except a. calculation and analysis of direct material and direct labor variances b. retention of excess materials by work centers c. physical count of inventory items on hand d. limited access to raw material and finished goods inventories
ANS: B
PTS: 1
23. Which of the following is not true regarding ABC? a. ABC is too time-consuming and complicated for practical applications over a sustained period. b. ABC identifies the most and least profitable products and customers. c. ABC promotes the lean manufacturing philosophies of process simplification and waste elimination. d. All of the statements are true.
ANS: C
PTS: 1
24. A manufacturing process that is organized into group technology cells utilizing no human labor is called a. islands of technology b. process simplification c. computer integrated manufacturing d. traditional manufacturing ANS: C
PTS: 1
25. An example of automation of manufacturing design is a. Computer Aided Engineering b. Automated Storage and Retrieval Systems c. Computer Numerical Control d. Robotics ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
26. An example of automation of manufacturing planning is a. Computer Aided Engineering b. Automated Storage and Retrieval Systems c. Materials Requirements Planning d. Computer Numerical Control
ANS: C
PTS: 1
27. Which of the following is not true? a. The complexities of ABC have caused many firms to pursue value stream accounting. b. Value stream accounting captures costs related to value added activities within a specified department or activity. c. An essential aspect in implementing value stream accounting is defining the product family. d. Value stream accounting makes no distinction between direct costs and indirect costs.
ANS: B
PTS: 1
28. Characteristics of lean manufacturing include all of the following except a. push manufacturing b. zero defects c. reduced setup time and small lot sizes d. reliable vendors
ANS: A
PTS: 1
29. The cost of poor quality includes all of the following except a. cost of rework b. warranty claims c. scheduling delays d. proceeds from the sale of scrap
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
30. A flexible manufacturing system a. creates bottlenecks in the process b. leads to an “us” versus “them” attitude among workers c. shortens the physical distance between activities d. is organized along functional lines
ANS: C
PTS: 1
31. Deficiencies of the traditional cost accounting information system include all of the following except a. an emphasis on financial performance b. inaccurate cost allocations c. an emphasis on standard costs d. immediate feedback about deviations from the norm
ANS: D
PTS: 1
32. Which statement is not correct? a. cost objects are the reasons for performing activities b. cost object describes the work performed in a firm c. activities cause costs d. cost objects create a demand for activities
ANS: B
PTS: 1
33. Firms are abandoning Activity Based Costing (ABC) because a. it does not facilitates the analysis of variances b. it is complex and time consuming c. it does not recognize the importance of direct labor as a component of total manufacturing cost d. the financial nature of the reports does not permit comparisons to be made among different types of products
ANS: B
PTS: 1
34. Which of the following is not an example of waste? a. Overproduction of products. b. Safety hazards that cause injury. c. Stand-alone processes that are not linked to upstream or downstream processes. d. All of the above are examples of waste. ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
35. Which of the following statements about the EOQ inventory model assumptions is incorrect? a. Demand for the product is constant and known with certainty. b. The lead time is a variable. c. All inventories in the order arrive at the same time. d. Total ordering cost is a variable ANS: B
PTS: 1
36. Which statement is not correct? a. Inventories provide a competitive advantage. b. Inventories can invite overproduction. c. Inventories are expensive to maintain. d. Inventories may conceal problems. ANS: A
PTS: 1
37. All of the following are documents in batch process production systems except a. production schedule b. route sheet c. materials requisition d. bill of manufacturing ANS: D
PTS: 1
38. Transaction authorization occurs in a traditional manufacturing environment in all of the following ways except a. production planning and control initiates production with a work order b. movement of the work through the production process follows the move ticket c. the sales department modifies work orders to match changes in demand d. the materials requisition authorizes the storekeeper to release materials to the work centers ANS: C
39.
PTS: 1
Which of the following is not a principle of lean manufacturing? a. Products are pushed from the production end to the customer b. All activities that do not add value and maximize the use of scarce resources must be eliminated c. Achieve high inventory turnover rate. d. A lean manufacturing firm must have established and cooperative relationships with vendors e. All of the above are lean manufacturing principles.
ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
40. All of the following are problems with traditional accounting information except: a. Managers in a lean setting require immediate information. b. The measurement principle tends to ignore standards other than money. c. Standard costing motivates nonlean behavior in operations. d. The overhead component in a manufacturing company is usually very large. e. All of the above are problems associated with traditional accounting information.
ANS: E
PTS: 1
SHORT ANSWER 1. Which type of manufacturing creates a homogeneous product through a continuous series of standard procedures? ANS: continuous process manufacturing PTS: 1 2. What information is contained in the bill of materials (BOM)? ANS: The BOM specifies the types and quantities of raw materials and subassemblies used in producing a single unit of finished product. PTS: 1 3. What is the difference between a materials requisition and a purchase requisition? ANS: A materials requisition authorizes the storekeeper to release materials and subassemblies to the production process. A purchase requisition authorizes the purchasing department to place an order with an external vendor to acquire goods or services. PTS: 1 4. List one authorization control in the traditional manufacturing environment. ANS: work orders prepared by production planning and control; move tickets signed by the foreman; materials requisitions and excess materials requisitions PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
5. Explain the conversion cycle. ANS: A company’s conversion cycle transforms (converts) input resources, such as raw materials, labor, and overhead, into finished products or services for sale. PTS: 1 6. What is one benefit of the flexible production system? ANS: A flexible production system shortens the physical distance between activities, reducing setup time, processing time, handling costs, and inventories. PTS: 1 7. List two disadvantages of using a traditional cost accounting system. ANS: Cost allocations may be inaccurate; there is a time lag in reporting; information is reported in financial terms; there is an emphasis on standard cost. PTS: 1 8. In Activity Based Costing, what is the term used to refer to the work performed by a firm? ANS: an activity PTS: 1
9. Discuss inventory control objectives. ANS: Inventory control minimizes total inventory cost while ensuring that adequate inventories exist to meet current demand. Various inventory models used to help answer two fundamental questions: 1. When should inventory be purchased? 2. How much inventory should be purchased? PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
10. Describe the primary goal of lean manufacturing? ANS: The goal of lean manufacturing is improved efficiency and effectiveness in every area, including product design, supplier interaction, factory operations, employee management, and customer relations. PTS: 1 11. What is meant by the term "islands of technology"? ANS: Islands of technology describes an environment where modern automation exists in the form of islands that stand alone within the traditional setting. PTS: 1 12. In a traditional manufacturing environment, cost accounting provides independent verification of what information? What are the benefits? ANS: Cost accounting reconciles materials and labor usage, from the materials requisitions and job tickets, with prescribed standards and identifies significant departures. Such variance analysis is important for control of the manufacturing process. PTS: 1 13. How are cost structures fundamentally different between the traditional and CIM environments? ANS: In the traditional manufacturing environment, direct labor is a much larger component of total manufacturing costs than in the CIM environment. Overhead, on the other hand, is a far more significant element of cost in advanced technology manufacturing. PTS: 1 14. What are the key segregation of duties issues in the conversion cycle? ANS: Production planning and control department is organizationally segregated from the work centers. Inventory control must be separated from materials storeroom and FG warehouse. Cost accounting must be separate from the work centers. GL must be separate from departments keeping subsidiary accounts. GL is organizationally segregated from inventory control and cost accounting. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
15. Traditional accounting assumes that products cause costs. ABC assumes that cause costs. ANS: activities PTS: 1 16. Differentiate between essential and non-essential activities. ANS: Essential activities add value to the organization either through adding value to the customer or to the organization. Non-essential activities do not add value. PTS: 1 17. What is a company’s value stream? ANS: A company’s value stream includes all the steps in the process that are essential to producing a product. These are the steps for which the customer is willing to pay. PTS: 1 18. What document signals the completion of the production process? ANS: The receipt by cost accounting of the last move ticket for a batch from the work center signals the completion of the production process. PTS: 1 19. What document triggers the beginning of the cost accounting process for a given production run? ANS: The work order from the production planning and control department triggers the cost accounting process. PTS: 1 20. Name five documents associated with batch production systems. ANS: Sales forecast, production schedule, bill of materials, route sheet, work order, move ticket, and materials requisition. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
ESSAY 1. Itemize the disadvantages of ABC that have caused some firms to abandon this technique. ANS: 1. ABC has been criticized for being too time consuming and complicated for practical applications over a sustained period. 2. Critics charge that rather than promoting continuous improvement, ABC creates complex bureaucracies within organizations that are in conflict with the lean manufacturing philosophies of process simplification and waste elimination. 3. The task of identifying activity costs and cost drivers can be a significant and ongoing undertaking. As products and processes change so do the associated activity costs and drivers. 4. Unless significant resources are committed to maintaining the accuracy of activity costs and the appropriateness of drivers, cost assignments become inaccurate. PTS: 1
2. Discuss the documents used in a batch processing system. ANS: The production schedule is the formal plan and authorization to begin production. It describes the specific products to be made, quantities per batch and manufacturing time table. The bill of materials (BOM) specifies the types and quantities of the RM and subassemblies used to produce one unit of finished product. A route sheet shows the production path that a particular batch of product follows during manufacturing (sequence of operations and standard time of each task). The work order draws from BOMs and route sheets to specify the materials and production for each batch. These, together with move tickets, initiate the manufacturing process. A move ticket records work done in each work center and authorizes the movement of the job or batch from one work center to the next. A materials requisition authorizes the storekeeper to release materials to individuals or work centers in the production process, usually at standard quantities. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
3. Discuss the assumptions of the economic order quantity (EOQ) model and its objective. ANS: 1. 2. 3. 4.
Demand for the product is constant and known with certainty. The lead time is known and constant. All inventories in the order arrive at the same time. The total cost per year of placing orders is a variable that decreases as quantities ordered increases. 5. The total cost per year of holding inventories (carrying costs) is a variable that increases as the quantities ordered increase. 6. There are no quantity discounts.
The objective of the EOQ model is to reduce total inventory costs. PTS: 1 4. Outline the characteristic of a world-class company. ANS: 1. World-class companies must maintain strategic agility and be able to turn on a dime. Top management must be intimately aware of customer needs and not become rigid and resistant paradigm change. 2. World-class companies motivate and treat employees like appreciating assets. To activate the talents of everyone, decisions are pushed to the lowest level in the organization. The result is a flat and responsive organizational structure. 3. A world-class company profitably meets the needs of its customers. Its goal is not simply to satisfy customers, but to positively delight them. This is not something that can be done once and then forgotten. With competitors aggressively seeking new ways to increase market share, a world class firm must continue to delight its customers. 4. The philosophy of customer satisfaction permeates the world-class firm. All of its activities, from the acquisition of raw materials to selling the finished product, form a “chain of customers.” Each activity is dedicated to serving its customer, which is the next activity in the process. The final paying customer is the last in the chain. 5. Finally, manufacturing firms that achieve world-class status, do so by following a philosophy of lean manufacturing. This involves doing more with less, eliminating waste, and reducing production cycle time. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
5. How does automation assist with the lean manufacturing philosophy? ANS: Automation is at the heart of the lean manufacturing philosophy. By replacing labor with automation, a firm can reduce waste, improve efficiency, increase quality, and improve flexibility. PTS: 1 6. How does MRP II (manufacturing resource planning) expand on MRP (materials requirements planning)? ANS: MRP is an automated production planning and control system used to support inventory management. It is a calculation method geared towards determining how much of which raw materials are required and when they should be ordered. MRP II is an extension of MRP that has evolved beyond inventory management. It is both a system and a philosophy for coordinating a wide range of manufacturing activities. MRP II integrates product manufacturing, product engineering, sales order processing, customer billing, human resources, and related accounting functions. PTS: 1 7. Discuss the importance of the move ticket to the cost-accounting department. ANS: The various work centers send cost accounting completed move tickets. The move ticket, along with job tickets and standards provided by the standard cost file, enable cost accounting to update the affected WIP accounts with the standard charges for manufacturing overhead (MOH). The receipt of the last move ticket for a particular batch signals the completion of the production process and the transfer of products from WIP to the finished goods inventory. At that point cost accounting closes the WIP account. PTS: 1 8. Discuss the purpose and key features of a value stream map (VSM). ANS: The value stream map (VSM) graphically represents a business process to identify aspects of it that are wasteful and should be removed. A VSM identifies all of the actions required to complete processing on a product, along with key information about each action item. Specific information may include total hours worked, overtime hours, cycle time to complete a task, and error rates.
Accounting Information Systems, 9e—Test Bank, Chapter 7
The VSM shows the total time required for each processing step, the time required between steps, and identifies the types of time spent between steps such as the outbound batching time, transit time, and inbound queue time. PTS: 1 9. Discuss the principles underlying the lean manufacturing approach. ANS: Pull Processing. Products are pulled from the consumer end (demand), not pushed from the production end (supply). Perfect Quality. Success of the pull processing model requires zero defects in raw material, work in process, and finished goods inventory. Waste Minimization. All activities that do not add value and maximize the use of scarce resources must be eliminated. Waste involves financial, human, inventory, and fixed assets. Inventory Reduction. The hallmark of lean manufacturing firms is their success in inventory reduction. Such firms often experience annual inventory turnovers of 100 times per year. Production Flexibility. Long machine setup procedures cause delays in production and encourage overproduction. Lean companies strive to reduce setup time to a minimum, which allows them to produce a greater diversity of products quickly, without sacrificing efficiency at lower volumes of production. Established Supplier Relations. A lean manufacturing firm must have established and cooperative relationships with vendors. Late deliveries, defective raw materials, or incorrect orders will shut down production immediately since this production model allows no inventory reserves to draw upon. Team Attitude. Lean manufacturing relies heavily on the team attitude of all employees involved in the process. Each employee must be vigilant of problems that threaten the continuous flow operation of the production line. PTS: 1 10. Discuss three common problems associated with inventories. ANS: 1. Inventories cost money. They are an investment in materials, labor, and overhead that cannot be realized until sold. Inventories also contain hidden costs. They must be transported throughout the factory. They must be handled, stored, and counted. In addition, inventories lose value through obsolescence. 2. Inventories camouflage production problems. Bottlenecks and capacity imbalances in the manufacturing process cause WIP inventory to build up at the choke points. Inventories also build up when customer orders and production are out of sync.
Accounting Information Systems, 9e—Test Bank, Chapter 7
3. Willingness to maintain inventories can precipitate overproduction. Because of setup cost constraints, firms tend to overproduce inventories in large batches to absorb the allocated costs and create the image of improved efficiency. The true cost of this dysfunctional activity is hidden in the excess inventories. PTS: 1 11. Automation is at the heart of the lean manufacturing philosophy. Discuss its stages and its distinguishing features. ANS: Automation of the manufacturing process can be viewed as a gradual progression. The stages are: Traditional manufacturing which consists of many different types of machines that require a lot of setup time, each controlled by a single operator. The WIP follows a circuitous route through the different operations. Islands of technology in which stand-alone islands employ computer numerical controlled (CNC) machines that can perform multiple operations with less human involvement–less set up time. Computer integrated manufacturing (CIM)–a completely automated environment which employs automated storage and retrieval systems (AS/RS) and robotics. PTS: 1 12. How can a firm control against excessive quantities of raw materials being used in the manufacturing process. ANS: The use of standard quantities provides a type of access control. If the materials requisition document specifies standard quantities, excess materials require separate requisitions that may be identified explicitly as excess materials requisitions. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
13. Explain the relationship between MRP, MRPII and ERP. ANS: Manufacturing resources planning (MRP II) is an extension of a simpler concept still in use called materials requirements planning (MRP). MRP is an automated version of a traditional production planning and control process. On the other hand, MRP II is a reengineering technique that integrates several business processes. MRP II is not confined to the management of inventory. It is both a system and a philosophy for coordinating the activities of the entire firm. As such, MRP II has evolved into the large suites of software called enterprise resource planning (ERP) systems. These huge commercial packages support the information needs of the entire organization, not just the manufacturing functions. Similarities in functionality between ERP and MRP II systems are quite apparent. Some argue that very little real functional difference exists between the two concepts. Indeed, the similarities are most noticeable when comparing top-end MRP II systems with low-end ERP packages. PTS: 1 14. Explain how CAD can contribute to a firm’s move toward world-class status. ANS: Engineers use computer-aided design (CAD) to design better products faster. CAD systems increase productivity, improve accuracy and allow firms to be more responsive to market demands. Product design has been revolutionized through CAD technology. Advanced CAD systems can design both product and process simultaneously. Thus, aided by CAD, management can evaluate the technical feasibility of the product and determine its “manufacturability.” CAD technology greatly shortens the time frame between initial and final design. This allows firms to adjust their production quickly to changes in market demand. It also allows them to respond to customer requests for unique products. The CAD system’s external communication link permits the world-class manufacturer to share its product design specifications with its vendors and customers. This communications link also allows the world-class manufacturer to receive product design specifications electronically from its customers and suppliers for its review. PTS: 1 15. Explain how CAM can contribute to a firm’s move toward world-class status. ANS: Computer-aided manufacturing (CAM) is the use of computers to assist the manufacturing process. CAM focuses on the shop floor and the control of the physical manufacturing process. The output of the CAD system is fed to the CAM system. Thus, the CAD design is converted by CAM into a sequence of processes. CAM systems monitor and control the production process and routing of products through cells. Benefits from deploying a CAM system include improved process productivity, improved cost and time estimates, improved process monitoring, improved process quality, decreased setup times, and reduced labor costs. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 7
16. Explain why traditional cost allocation methods do not work well in a CIM environment. ANS: Traditional accounting systems do not accurately trace costs to products and processes. An assumption of standard costing is that all overhead needs to be allocated to products and that overhead directly relates to the amount of labor required to make the product. In the traditional environment, direct labor is a much larger component of total manufacturing costs than in the CIM environment. With automated manufacturing, overhead is a far more significant cost component. Applying standard costing leads to product cost distortions and poor decisions regarding pricing, valuation and profitability. PTS: 1 17. What is meant by the term “product family” and what is its relationship to value stream accounting. ANS: Most organizations produce more than one product, which fall into natural lines or families. Product families share common processes from the point of placing the order to shipping the finished goods to the customer. Value stream accounting cuts across functional and departmental lines to include costs related to the product family such as marketing, selling expenses, product design, engineering, materials purchasing, distribution, and more, but makes no distinction between direct costs and indirect costs.
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
Chapter 8—Financial Reporting, and Management Reporting Systems TRUE/FALSE 1. The most common means of making entries in the general ledger is via the journal voucher. ANS: T
PTS: 1
2. Individuals with access authority to general ledger accounts should not prepare journal vouchers. ANS: T
PTS: 1
3. The journal voucher is the document that authorizes entries to be made to the general ledger. ANS: T
PTS: 1
4. Each account in the chart of accounts has a separate record in the general ledger master file. ANS: T
PTS: 1
5. The responsibility center file is primarily used by the Financial Reporting System. ANS: F
PTS: 1
6. Management reporting is often called discretionary reporting because it is not mandated as is financial reporting. ANS: T
PTS: 1
7. Primary recipients of financial statement information are internal management. ANS: F
PTS: 1
8. The Management Reporting System is a nondiscretionary system. ANS: F
PTS: 1
9. When evaluating decision alternatives, one option is to take no action. ANS: T
PTS: 1
10. In most cases intangible decision criteria can be quantified. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
11. Strategic decision are subordinate to tactical planning decisions. ANS: F
PTS: 1
12. Responsibility refers to an individual’s obligation to achieve desired results. ANS: T
PTS: 1
13. A firm with a wide span of control tends to have relatively more layers of management. ANS: F
PTS: 1
14. The control function entails evaluating a process against a standard and, if necessary, taking corrective action. ANS: T
PTS: 1
15. Standards are the basis for evaluating actual performance. ANS: T
PTS: 1
16. A report is said to have information content if it eliminates uncertainty associated with a problem facing the decision maker. ANS: F
PTS: 1
17. An inventory out-of-stock report is an example of a programmed, on-demand report. ANS: T
PTS: 1
18. A principle of responsibility accounting is that managers are responsible for controllable and uncontrollable costs. ANS: F
PTS: 1
19. The manager of a cost center is responsible for cost control and revenue generation. ANS: F
PTS: 1
20. Designing an effective management reporting system does not require an understanding of the information managers need to deal with the problems they face. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
21. The formalization of tasks principle suggests that management should structure the firm around the unique skills sets of key individuals. ANS: F
PTS: 1
22. If a manager delegates responsibility to a subordinate, he or she must also grant the subordinate authority to make decisions. ANS: T 23.
Operational control involves motivating managers at all levels to use resources, including materials, personnel, and financial assets, as productively as possible. ANS: F
24.
PTS: 1
XBRL taxonomies are classification schemes that are compliant with the XBRL specifications to accomplish a specific information exchange. ANS: T
25.
PTS: 1
PTS: 1
An income statement is an example of an XBRL instance document. ANS: T
PTS: 1
MULTIPLE CHOICE 1. Which statement is not true? a. The journal voucher is the only source of input into the general ledger. b. A journal voucher can be used to represent summaries of similar transactions or a single unique transaction. c. Journal vouchers are not used to make adjusting entries and closing entries in the general ledger. d. Journal vouchers offer a degree of control against unauthorized general ledger entries. ANS: C
PTS: 1
2. Entries into the General Ledger System (GLS) can be made using information from a. the general journal b. a journal voucher which represents a summary of similar transactions c. a journal voucher which represents a single, unusual transaction d. all of the above
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
3. Which statement is not correct? The general ledger master file a. is based on the firm’s chart of account b. contains a record for control accounts c. is an output of the Financial Reporting System (FRS) d. supplies information for management decision making
ANS: C
PTS: 1
4. What type of data is found in the general ledger master file? a. a chronological record of all transactions b. the balance of each account in the chart of accounts c. budget records for each account in the chart of accounts d. subsidiary details supporting a control account
ANS: B
PTS: 1
5. Which report is not an output of the Financial Reporting System (FRS)? a. variance analysis report b. statement of cash flows c. tax return d. comparative balance sheet
ANS: A
PTS: 1
6. Which steps in the Financial Accounting Process are in the correct sequence? a. record the transaction, post to the ledger, prepare the adjusted trial balance, enter adjusting entries, prepare financial statements b. record the transaction, prepare the unadjusted trial balance, record adjusting journal entries, record closing entries, prepare financial statements c. record the transaction, post to the ledger, record adjusting entries, prepare the unadjusted trial balance, prepare financial statements d. record the transaction, post to the ledger, prepare the adjusted trial balance, prepare financial statements, record closing entries
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
7. Which statement is not correct? a. the post-closing trial balance reports the ending balance of each account in the general ledger b. one purpose of preparing the unadjusted trial balance is to ensure that debits equal credits c. financial statements are prepared based on the unadjusted trial balance d. the unadjusted trial balance reports control account balances but omits subsidiary ledger detail ANS: C
PTS: 1
8. What account appears on the post-closing trial balance? a. income summary b. Machinery c. rent expense d. interest income ANS: B
PTS: 1
9. Financial statements are prepared from the a. trial balance b. adjusted trial balance c. general ledger d. general journal ANS: B
PTS: 1
10. Risk exposures in the General Ledger and Financial Reporting Systems include all of the following except a. defective audit trail b. unauthorized access to the general ledger c. loss of physical assets d. general ledger account out of balance with the subsidiary account ANS: C
PTS: 1
11. Which situation indicates an internal control risk in the General Ledger/Financial Reporting Systems (GL/FRS)? a. the employee who maintains the cash journal computes depreciation expense b. the cash receipts journal voucher is approved by the Treasurer c. the cash receipts journal vouchers are prenumbered and stored in a locked safe d. the employee who maintains the cash receipts journal records transactions in the accounts receivable subsidiary ledger
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
12. With a limited work force and a desire to maintain strong internal control, which combination of duties performed by a single individual presents the least risk exposure? a. maintaining the inventory ledger and recording the inventory journal voucher in the general ledger b. recording the inventory journal voucher in the general ledger and maintaining custody of inventory c. maintaining the cash disbursements journal and recording direct labor costs applied to specific jobs d. preparing the accounts payable journal voucher and recording it in the general ledger
ANS: C
PTS: 1
13. Operational control decisions a. set the goals and objectives for the firm b. involve motivating managers to use resources as productively as possible. c. are more focused than tactical decisions d. have a fairly high degree of uncertainty
ANS: C
PTS: 1
14. Which of the following is not a report attribute needed to make a report effective? a. relevance b. accuracy c. detailed d. exception orientation
ANS: C 15.
PTS: 1
XBRL a. is the basic protocol that permits communication between Internet sites. b. controls Web browsers that access the Web. c. is the document format used to produce Web pages. d. was designed to provide the financial community with a standardized method for preparing e. is a low-level encryption scheme used to secure transmissions in higher-level (HTTP) format.
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
16.
An XBRL taxonomy: a. is the document format used to produce web pages. b. is the final product (report). c. is a classification scheme. d. is a tag stored in each database record. e. none of the above is true.
ANS: C
PTS: 1
17. A characteristic of the Management Reporting System (MRS) is a. the MRS operates in conformity with generally accepted accounting principles b. it is a legal requirement that the MRS be installed and functioning properly c. the MRS is developed by implementing SEC requirements d. the MRS focuses on internal decision-making information
ANS: D
PTS: 1
18. Which statement is not true? a. authority refers to an individual’s obligation to achieve desired results b. if an employee is given the responsibility for a task, that employee should be given authority to make decisions within the limits of that task c. the level of detail provided to an employee is a function of the employee’s position with the firm d. all of the above are true
ANS: A
PTS: 1
19. Which statement is not true? The manager’s span of control a. is narrow for routine and repetitive tasks b. is related to the number of layers of management c. affects the amount of detail provided to a manager d. can affect employee morale and motivation
ANS: A
PTS: 1
20. Short-range planning involves a. setting goals and objectives of the firm b. planning the production schedule for the next quarter c. planning the growth of the firm d. deciding on the degree of diversification among the firm’s products
ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
21. Long-range planning involves a. planning the marketing and promotion for a product b. presenting department heads with budgetary goals for the next year c. preparing a work force utilization budget for the next quarter d. deciding the optimum size of the firm
ANS: D
PTS: 1
22. The level of management that makes tactical planning decisions is a. top management b. middle management c. operations management d. front-line management
ANS: B
PTS: 1
23. The decision to enter a new market is an example of a. strategic planning b. tactical planning c. management control d. operational control
ANS: A
PTS: 1
24. All of the following are elements of operational control decisions except a. determining the scope of the activity b. setting operating standards c. evaluating performance d. taking corrective action when necessary
ANS: A
PTS: 1
25. In contrast to tactical planning decisions, management control decisions, and operational control decisions, strategic planning decisions usually a. are more focused b. have a shorter time frame c. are unstructured d. have a high degree of certainty
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
26. Which of the following management principles affects the management reporting system? a. formalization of tasks b. authorization c. span of control d. all of the above
ANS: D
PTS: 1
27. All of the following are elements of problem structure except a. certainty b. data c. procedures d. objectives
ANS: A
PTS: 1
28. All of the following are examples of programmed reports except a. cash flow reports for Division B b. year-to-date local income tax payments made by all employees living in City X and working in City Y c. inventory exception reports for Division G d. equipment utilization reports for Plant M
ANS: B
PTS: 1
29. A fundamental principle of responsibility accounting is that a. managers are accountable only for items they control b. a manager’s span of control should not exceed eight people c. structured reports should be prepared weekly d. the information flow is in one direction, top-down
ANS: A
PTS: 1
30. Which statement is not true? Responsibility accounting a. involves both a top-down and bottom-up flow of information b. acknowledges that some economic events cannot be traced to any manager c. creates a budget d. compares actual performance with budget
ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
31. What mechanism is used to convey to managers the standards by which their performance will be measured? a. the responsibility report b. the scheduled report c. the budget d. all of the above
ANS: C
PTS: 1
32. All of the following concepts encourage goal congruence except a. detailed information reporting b. authority c. formalization of tasks d. responsibility
ANS: A
PTS: 1
33. Which of the following statements is NOT true? a. XML stands for eXperimental Markup Language. b. XML is a is a meta-language for describing markup languages. c. Unlike HTML, XML is capable of storing data in relational form. d. Any markup language can be created using XML
ANS: A
PTS: 1
34. Which file has as its primary purpose to present comparative financial reports on a historic basis? a. journal voucher history file b. budget master file c. responsibility file d. general ledger history file
ANS: D
PTS: 1
35. All of the following are characteristics of the strategic planning process except the a. emphasis on both the short and long run. b. review of the attributes and behavior of the organization’s competition. c. analysis of external economic factors. d. analysis of consumer demand.
ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
36. Which of the following performance measures cannot result in dysfunctional behavior? a. price variance b. quotas c. ROI d. net income e. all of the above can result in dysfunctional behavior
ANS: E
PTS: 1
37. Which of the following best describes a profit center: a. authority to make decisions affecting the major determinants of profit, including the power to choose its markets and sources of supply. b. authority to make decisions affecting the major determinants of profit, including the power to choose its markets and sources of supply, and significant control over the amount of invested capital. c. authority to make decisions over the most significant costs of operations, including the power to choose the sources of supply. d. authority to provide specialized support to other units within the organization. e. responsibility for combining the raw materials, direct labor, and other factors of production into a final product.
ANS: A
PTS: 1
38. XRLB reporting: a. must be used by banks to file required quarterly “Call Reports” b. is used substantially both in the US and internationally. c. facilitates the fulfillment of legal requirements stipulated in SOX. d. All of the above. e. None of the above.
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
SHORT ANSWER 1. List, in order, the steps in the Financial Reporting Process. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
ANS: 1. Capture the transaction. 2. Record in special journals. 3. Post to subsidiary ledger. 4. Post to general ledger (using journal vouchers). 5. Prepare unadjusted trial balance. 6. Make adjusting entries. 7. Journalize and post adjusting entries. 8. Prepare adjusted trial balance. 9. Prepare financial statements. 10. Journalize and post the closing entries. 11. Prepare the post-closing trial balance. PTS: 1 2. List two duties that individuals with access authority of GL accounts should not have. ANS: record-keeping responsibility for special journals or subsidiary ledgers; preparation of journal vouchers; custody of physical assets PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
3. Explain the purpose and contents of the general ledger master file. ANS: The general ledger master file is the main file on the general ledger database. It is based on the firm’s chart of accounts. Each record is either a general ledger account (e.g., sales) or a control account (e.g., the accounts payable control) for one of the subsidiary ledgers. The general ledger master file contains the following for each account: the account number, description, account class (e.g., asset), the normal balance (debit or credit), beginning balance, total debits for period, total credits for period, and current balance. PTS: 1 4. What is XML? ANS: XML (eXtensible Markup Language) is a meta-language for describing markup languages. The term extensible means that any markup language can be created using XML. This includes the creation of markup languages capable of storing data in relational form, where tags (formatting commands) are mapped to data values. PTS: 1 5. Define and discuss the journal voucher. ANS: The source of input to the general ledger is the journal voucher. A voucher which can be used to represent summaries of similar transactions or a single unique transaction, identifies the financial amounts and affected GL accounts. Routine transactions, adjusting entries, and closing entries are all entered into the GL via journal vouchers. Because a responsible manager must approve journal vouchers, the manager offers a degree of control against unauthorized GL entries. PTS: 1 6. What are the major exposures in the general ledger/financial reporting system? ANS: The primary exposures are: a defective or lost audit trail, unauthorized access, GL accounts out of balance with subsidiary ledger accounts, and incorrect account balances due to unauthorized or incorrect entries. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
7. Why is the audit trail necessary? ANS: The audit trail is needed for several reasons: to provide the ability to answer inquiries from customers and suppliers, to reconstruct files if lost, to provide historical data to auditors, to satisfy government regulations, and for error control. PTS: 1 8. The principle suggests that management should structure the firm around the work it performs rather than around individuals with unique skills. ANS: formalization of tasks PTS: 1 9. Employees who are responsible for a task must have the make decisions within the limits of the responsibility delegated. ANS: authority PTS: 1 10.
refers to the number of subordinates directly under a manager’s control. ANS: Span of control PTS: 1
11. The difference between the actual performance and the standard is called the . ANS: variance PTS: 1
to
Accounting Information Systems, 9e—Test Bank, Chapter 8
12. How does the management by Exception principle affect the Management Reporting System? ANS: Reports should focus on differences between actual and expected numbers in key factors that are symptomatic of potential problems. Reports that provide unnecessary details about routine, in control items should be avoided. PTS: 1 13. For reports to be useful they must have information content. Describe a reporting objective which gives reports information content. ANS: Reports must reduce the level of uncertainty associated with a problem facing the decision maker, and must influence the behavior of the decision maker in a positive way. PTS: 1 14. What is information overload? How does it affect decision-making? ANS: Information overload refers to a situation in which a manager receives more information than can be assimilated. A natural response to this is to ignore information or select only some. In addition, intuition can displace logic. PTS: 1 15. Explain the phrase “span of control.” What are the implications for the management reporting system of this principle? ANS: A manager’s span of control is the number of subordinates he/she supervises directly. The broader a manager’s span of control, the more autonomy his/her subordinates enjoy–the less involved the manager is in their specific tasks. This impacts the MRS in terms of the level of detail a manager requires. If the span is wide, less detail; if narrow, more. PTS: 1 16. Explain the three types of responsibility centers. ANS: Cost centers are organizational units with responsibility for cost management. Profit centers have responsibility for both cost management and revenue generation. Investment centers have responsibility for cost management, revenue generation, and also the investment and use of assets. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
17. Describe at least three characteristics of strategic planning decisions and their information requirements. ANS: have long time frames–create a need for information that supports forecasting, require summarized information–not encumbered by detail, tend to be nonrecurring–thus having little historical data in support involve a lot of uncertainty–i.e., are unstructured decisions are broad in scope–thus requiring broad based information often require significant external information–generated beyond the information system itself. PTS: 1 18. What three elements must be present for a problem to be “structured?” ANS: data, procedures, objectives PTS: 1 19. How does management by exception help to alleviate information overload by a manager? ANS: The principle of management by exception is that managers should limit their attention to potential problem areas rather than being involved with every activity or decision. Thus, only situations which are not proceeding as scheduled are highlighted by the reports and analyzed by the manager. Thus, the manager does not have to weed through multiple reports to find the situations which need attention. PTS: 1 20. What is a data warehouse? ANS: A data warehouse is a relational database management system that has been designed specifically to meet the needs of data mining. The warehouse is a central location that contains operational data about current events (within the past 24 hours) as well as events that have transpired over many years. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
21. What is XBRL? ANS: XBRL (Extensible Business Reporting Language) is an XML-based language that was designed to provide the financial community with a standardized method for preparing, publishing and automatically exchanging financial information, including financial statements of publicly held companies. PTS: 1 22. What is the XBRL Taxonomy? ANS: XBRL taxonomies are classification schemes that are compliant with the XBRL specifications, to accomplish a specific information exchange or reporting objectives. PTS: 1
ESSAY 1. List and explain the six basic files in the general ledger database. ANS: The general ledger master file is the main file on the general ledger database. It is based on the firm’s chart of accounts. Each record is either a separate general ledger account (e.g., sales) or a control account (e.g., the accounts payable control) for one of the subsidiary ledgers. The general ledger history file contains the same information for prior periods. The journal voucher file contains all of the journal vouchers processed in the current period. The journal voucher history file contains journal vouchers for past periods. The responsibility center file contains the revenues, expenses, and other data for individual responsibility centers. The budget master file contains budgeted amounts for responsibility centers. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
2. Describe the three elements of problem structure. Contrast a structured problem to an unstructured problem. Describe which levels of management typically deal with structured problems and with unstructured problems. ANS: Problem structure has three elements: (1) Data–the values used to represent factors that are relevant to the problem; (2) Procedures–the sequence of steps or decision rules used in solving the problem; and (3) Objectives–the results the decision maker desires to attain by solving the problem. When all three elements of problem structure are known with certainty, the problem is structured. In unstructured problems the data requirements are uncertain, and/or the procedures are not specified, and/or the solution objectives have not been fully developed. In general, structured problems are handled at the operations level and partially structured problems are handled by operations, tactical, and strategic management. Usually, strategic management handles unstructured problems. PTS: 1 3. Many financial reports produced by organizations are nondiscretionary–publicly traded firms have no choice but to prepare income statements, tax returns, etc. Management reporting is often called discretionary reporting because it is not mandated, as is financial reporting. Is this a valid statement? Why or why not? ANS: It can be argued that an effective MRS is mandated by SOX legislation which requires that all public companies monitor and report on the effectiveness of internal controls over financial reporting. Management reporting has long been recognized as a critical element of an organization’s internal control structure. An MRS that directs management’s attention to problems on a timely basis promotes effective management and thus supports the organization’s business objectives. PTS: 1 4. There are two basic types of management reports–programmed and ad hoc. Describe each and give examples. ANS: Programmed reports provide information to solve anticipated problems and make normal decisions. They include scheduled reports such as daily sales reports and on-demand reports generated by need such as inventory below reorder point (the report is generated when the inventory level fall to reorder–the report is demanded by the system based on the previously set inventory level). Ad hoc reports are the result of immediate need for information and may take the form of database queries on sales of a particular item mentioned in a news report. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
5. Describe at least three attributes of an effective report. ANS: Effective reports tend to share several attributes: Relevance – Relevant data supports the manager’s decision needs. Summarization – Data should be at the appropriate level of summarization for the manager receiving it. Exception Orientation – This highlights what is not going as planned. Accuracy – Information in reports must be free from material errors. Completeness –No essential piece of information should be missing, Timeliness – Information that is reasonable complete and accurate in a reasonable time frame is more valuable than perfect information received too late. Conciseness – Information should be presented as concisely as possible. PTS: 1 6. What is the implication for the Management Reporting System of an organization that implements the formalization of tasks principle? ANS: Information requirements are defined by a position, not by the person filling that position. When there is a personnel change, there should be no major changes in the information needed by the new employee; it will be essentially the same as that needed by the former employee. Internal control is strengthened because information is provided based on the requirements of the position (a need to know basis). PTS: 1 7. Discuss three control implications of XBRL ANS: Control implications include: Taxonomy Creation. Taxonomy may be generated incorrectly, resulting in an incorrect mapping between data and taxonomy elements that could result in material misrepresentation of financial data. Controls must be designed and in place to ensure the correct generation of XBRL taxonomies. Taxonomy Mapping Error. The process of mapping the internal database accounts to the taxonomy tags needs to be controlled. Correctly generated XBRL tags may be incorrectly assigned to internal database accounts, resulting in material misrepresentations of financial data.
Accounting Information Systems, 9e—Test Bank, Chapter 8
Validation of Instance Documents. As noted, once the mapping is complete and tags have been stored in the internal database, XBRL instance documents (reports) can be generated. Independent verification procedures need to be established to validate the instance documents to ensure that appropriate taxonomy and tags have been applied before posting to web server. PTS: 1 8. Discuss the primary advantage of XBRL over traditional HTML as a means of online reporting of financial information to users. Online reporting of financial data has become a competitive necessity for publicly traded organizations. Currently, most organizations accomplish this by placing their financial statements and other financial reports on their respective Web sites as HTML (Hyper Text Markup Language) documents. These documents can then be downloaded by users such as the SEC, financial analysts, and other interested parties. The HTML reports, however, cannot be conveniently processed through IT automation. Performing any analysis on the data contained in the reports requires them to be manually entered into the user’s information system. The solution to this problem is eXtensible BusinessReporting Language (XBRL), which is the Internet standard specifically designed for business reporting and information exchange. The objective of XBRL is to facilitate the publication, exchange, and processing of financial and business information. XBRL documents can thus be downloaded, interpreted, and analyzed using computer software with no additional manual data input necessary. PTS: 1 9. Contrast the four decision types, strategic planning, tactical planning, management control and operational control, by the five decision characteristics, time frame, scope, level of details, recurrence, and certainty. ANS: Strategic planning decisions are 1) typically long-term in nature, 2) have a high impact on the firm, 3) require highly summarized information, 4) typically non-recurring problems/opportunities, and 5) uncertain in nature. Tactical planning decisions are 1) typically medium-term in nature, 2) have a medium impact on the firm, 3) require detailed information, 4) typically are periodically recurring problems/opportunities, and 5) highly certain in nature. Management control decisions are 1) typically medium-term in nature, 2) have a low impact on the firm, 3) require moderately summarized information, 4) typically are periodically recurring problems/opportunities, and 5) uncertain in nature. Operational control decisions are 1) typically short-term in nature, 2) have a low impact on the firm, 3) require highly detailed information, 4) typically are periodically recurring problems/opportunities, and 5) highly certain in nature. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 8
10. Discuss inappropriate performance measures and how to avoid them. ANS: When inappropriate performance measures are used, managers may take actions that are dysfunctional to the organization. The actions may succeed in the short run. By the time the problem surfaces, the manager who took the action may be promoted or gone, leaving the problem to his or her successor. The use of any single-criterion performance measure can impose personal goals on managers that conflict with organizational goals and result in dysfunctional behavior. Performance measures should consider all relevant aspects of a manager’s responsibility. In addition to measures of general performance, such as ROI, management should measure trends in key variables such as sales, cost of goods sold, operating expenses and asset levels. Nonfinancial measures such as product leadership, personnel development, employee attitudes, and public responsibility may also be relevant in assessing management performance. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9
Chapter 9—Database Management Systems TRUE/FALSE 1. The database approach to data management is sometimes called the flat file approach. ANS: F
PTS: 1
2. The database management system provides a controlled environment for accessing the database. ANS: T
PTS: 1
3. To the user, data processing procedures for routine transactions, such as entering sales orders, appear to be identical in the database environment and in the traditional environment. ANS: T
PTS: 1
4. An important feature associated with the traditional approach to data management is the ability to produce ad hoc reports. ANS: F
PTS: 1
5. The data definition language is used to insert special database commands into application programs. ANS: F
PTS: 1
6. There is more than one conceptual view of the database. ANS: F
PTS: 1
7. In the database method of data management, access authority is maintained by systems programming. ANS: F
PTS: 1
8. The physical database is an abstract representation of the database. ANS: F
PTS: 1
9. A customer name and an unpaid balance is an example of a one-to-many relationship. ANS: F
PTS: 1
10. In the relational model, a data element is called a relation. ANS: F
PTS: 1
11. The normalization process involves identifying and removing structural dependencies from the tables being modeled. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 12. Under the database approach, data is viewed as proprietary or owned by users. ANS: F
PTS: 1
13. The data dictionary describes all of the data elements in the database. ANS: T
PTS: 1
14. A join builds a new table by creating links. ANS: F
PTS: 1
15. The deletion anomaly is the least important of the problems affecting unnormalized databases. ANS: F
PTS: 1
16. A deadlock is a phenomenon that prevents the processing of transactions. ANS: T
PTS: 1
17. Timestamping is a control that is used to ensure database partitioning. ANS: F
PTS: 1
18. A lockout is a software control that prevents multiple users from simultaneous access to data. ANS: T
PTS: 1
19. Task-data dependency is directly related to data redundancy. ANS: F
PTS: 1
20. An entity is any physical thing about which the organization wishes to capture data. ANS: F
PTS: 1
21. An ER diagram is a graphical representation of a data model. ANS: T
PTS: 1
22. The term occurrence is used to describe the number of attributes or fields pertaining to a specific entity. ANS: F
PTS: 1
23. Cardinality describes the number of possible occurrences in one table that are associated with a single occurrence in a related table. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 24. Foreign keys physically connect logically related tables to achieve the associates described in the data model. ANS: T
PTS: 1
25. Improperly normalized databases are associated with three types of anomalies: the update anomaly, the insertion anomaly, and the deletion anomaly. ANS: T
PTS: 1
MULTIPLE CHOICE 1. Task-data dependency is a. failure to update the files of all users affected by a change b. another term for data redundancy c. user’s inability to obtain additional information as needs change d. none of the above ANS: C
PTS: 1
2. The task of searching the database to locate a stored record for processing is called a. data deletion b. data storage c. data attribution d. data retrieval ANS: D
PTS: 1
3. Which of the following is not a problem usually associated with the flat-file approach to data management? a. data redundancy b. restricting access to data to the primary user c. data storage d. currency of information ANS: B
PTS: 1
4. Which characteristic is associated with the database approach to data management? a. data sharing b. multiple storage procedures c. data redundancy d. excessive storage costs ANS: A
PTS: 1
5. Which characteristic is not associated with the database approach to data management? a. the ability to process data without the help of a programmer b. the ability to control access to the data c. constant production of backups d. the inability to determine what data is available ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 6. The textbook refers to four interrelated components of the database concept. Which of the following is not one of the components? a. the database management system b. the database administrator c. the physical database d. the conceptual database ANS: D
PTS: 1
7. The formal name for a row in the physical database table is a. attribute b. schema c. tuple d. link ANS: C
PTS: 1
8. A description of the physical arrangement of records in the database is a. the internal view b. the conceptual view c. the subschema d. the external view ANS: A
PTS: 1
9. Which of the following may provide many distinct views of the database? a. the schema b. the internal view c. the user view d. the conceptual view ANS: C
PTS: 1
10. Users access the database a. by direct query b. by developing operating software c. by constantly interacting with systems programmers d. all of the above ANS: A
PTS: 1
11. The data definition language a. identifies, for the database management system, the names and relationships of all data elements, records, and files that comprise the database b. inserts database commands into application programs to enable standard programs to interact with and manipulate the database c. permits users to process data in the database without the need for conventional programs d. describes every data element in the database ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 12. The data manipulation language a. defines the database to the database management system b. transfers data to the buffer area for manipulation c. enables application programs to interact with and manipulate the database d. describes every data element in the database ANS: C
PTS: 1
13. Which statement is not correct? A query language like SQL a. is written in a fourth-generation language b. requires user familiarity with COBOL c. allows users to retrieve and modify data d. reduces reliance on programmers ANS: B
PTS: 1
14. Which duty is not the responsibility of the database administrator? a. to develop and maintain the data dictionary b. to implement security controls c. to design application programs d. to design the subschema ANS: C
PTS: 1
15. In a hierarchical model a. links between related records are implicit b. the way to access data is by following a predefined data path c. an owner (parent) record may own just one member (child) record d. a member (child) record may have more than one owner (parent) ANS: B
PTS: 1
16. Which term is not associated with the relational database model? a. tuple b. attribute c. collision d. relation ANS: C
PTS: 1
17. In the relational database model a. relationships are explicit b. the user perceives that files are linked using pointers c. data is represented on two-dimensional tables d. data is represented as a tree structure ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 18. In the relational database model all of the following are true except a. data is presented to users as tables b. data can be extracted from specified rows from specified tables c. a new table can be built by joining two tables d. only one-to-many relationships can be supported ANS: D
PTS: 1
19. Properly designed physical database tables must a. have a unique name for each column that may not be repeated in other tables b. confirm to the rules of normalization c. Both a. and b. d. Neither a. nor b. ANS: B
PTS: 1
20. The update anomaly in unnormalized databases a. occurs because of data redundancy b. complicates adding records to the database c. may result in the loss of important data d. often results in excessive record insertions ANS: A
PTS: 1
21. The most serious problem with unnormalized databases is the a. update anomaly b. insertion anomaly c. deletion anomaly d. none of the above ANS: C
PTS: 1
22. The deletion anomaly in unnormalized databases a. is easily detected by users b. may result in the loss of important data c. complicates adding records to the database d. requires the user to perform excessive updates ANS: B
PTS: 1
23. Which statement is correct? a. in a normalized database, data about vendors occur in several locations b. the accountant is responsible for database normalization c. in a normalized database, deletion of a key record could result in the destruction of the audit trail d. connections between M:M tables are provided by a link table ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 24. Which of the following is not a common form of conceptual database model? a. hierarchical b. network c. sequential d. relational ANS: C
PTS: 1
25. Which of the following is a relational algebra function? a. restrict b. project c. join d. all are relational algebra functions ANS: D
PTS: 1
26. Which statement is false? a. The DBMS is special software that is programmed to know which data elements each user is authorized to access. b. User programs send requests for data to the DBMS. c. During processing, the DBMS periodically makes backup copies of the physical database. d. The DBMS does not control access to the database. ANS: D
PTS: 1
27. All of the following are elements of the DBMS which facilitate user access to the database except a. query language b. data access language c. data manipulation language d. data definition language ANS: B
PTS: 1
28. Which of the following is a level of the database that is defined by the data definition language? a. user view b. schema c. internal view d. all are levels or views of the database ANS: D
PTS: 1
29. An example of a distributed database is a. partitioned database b. centralized database c. networked database d. all are examples of distributed databases ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 30. Data currency is preserved in a centralized database by a. partitioning the database b. using a lockout procedure c. replicating the database d. implementing concurrency controls ANS: B
PTS: 1
31. Which procedure will prevent two end users from accessing the same data element at the same time? a. data redundancy b. data replication c. data lockout d. none of the above ANS: C
PTS: 1
32. The advantages of a partitioned database include all of the following except a. user control is enhanced b. data transmission volume is increased c. response time is improved d. risk of destruction of entire database is reduced ANS: B
PTS: 1
33. A replicated database is appropriate when a. there is minimal data sharing among information processing units b. there exists a high degree of data sharing and no primary user c. there is no risk of the deadlock phenomenon d. most data sharing consists of read-write transactions ANS: B
PTS: 1
34. What control maintains complete, current, and consistent data at all information processing units? a. deadlock control b. replication control c. concurrency control d. gateway control ANS: C
PTS: 1
35. Data concurrency a. is a security issue in partitioned databases b. is implemented using timestamping c. may result in data lockout d. occurs when a deadlock is triggered ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 36. Entities are a. nouns that are depicted by rectangles on an entity relationship diagram b. data that describe the characteristics of properties of resources c. associations among elements d. sets of data needed to make a decision ANS: A
PTS: 1
37. A user view a. presents the physical arrangement of records in a database for a particular user b. is the logical abstract structure of the database c. specifies the relationship of data elements in the database d. defines how a particular user sees the database ANS: D
PTS: 1
38. All of the following are advantages of a partitioned database except a. increased user control by having the data stored locally b. deadlocks are eliminated c. transaction processing response time is improved d. partitioning can reduce losses in case of disaster ANS: B
PTS: 1
39. Each of the following is a relational algebra function except a. join b. project c. link d. restrict ANS: C
PTS: 1
40. A table is in first normal form when it is a. free of repeating group data b. free of transitive dependencies c. free of partial dependencies d. free of update anomalies e. none of the above ANS: A
PTS: 1
41. A table is in second normal form when it is a. free of repeating group data b. free of transitive dependencies c. free of partial dependencies d. free of insert anomalies e. none of the above ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 42. A table is in third normal form when it is a. free of repeating group data b. free of transitive dependencies c. free of partial dependencies d. free of deletion anomalies e. none of the above ANS: B
PTS: 1
SHORT ANSWER Use the following words to complete the sentences. database administrator data redundancy query language sequential structure 1.
data dictionary index sequential access method schema subschema occurs when a specific file is reproduced for each user who needs
access to the file. ANS: data redundancy PTS: 1 2. The conceptual view of the database is often called
.
ANS: schema PTS: 1 3. The
allows users to retrieve and modify data easily.
ANS: query language PTS: 1 4. The ANS: database administrator PTS: 1
authorizes access to the database.
Accounting Information Systems, 9e—Test Bank, Chapter 9 5. The
describes every data element in the database.
ANS: data dictionary PTS: 1 6. What are the three data management problems caused by data redundancy? ANS: data storage, date updating and currency of information PTS: 1 7. What is the relationship between a database table and a user view? ANS: User views are derived database tables. A single table may contribute data to several different views On the other hand, simple views may be constructed from a single table. PTS: 1 8. How does the database approach solve the problem of data redundancy? ANS: Data redundancy is not a problem with the database approach because individual data elements need to be stored only once yet be available to multiple users. PTS: 1 9. Explain how linkages between relational tables are accomplished. ANS: Logically related tables need to be physically connected to achieve the associations described in the data model. This is accomplished by using foreign keys. The degree of cardinality between the related tables determines the method used for assigning foreign keys. Where a 1:M (or 1:0,M) association exists, the primary key of the 1 side is embedded in the table of the M side. To represent the M:M association between tables, a link table needs to be created that has a combined (composite) key consisting of the primary keys of two related tables. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 10. Explain the basic results that come from the restrict, project, and join functions. ANS: A restrict extracts selected rows from a table–records that satisfy prescribed conditions–to create a new table. A project extracts selected attributes (columns) from a table to create a new table. A join builds a new table, from two existing tables, by matching rows on a value of a common attribute. PTS: 1 11. Explain the purpose of an ER diagram in database design. ANS: The entity relationship (ER) diagram is the graphical representation technique used to depict a data model. Each entity in a ER diagram is named in the singular noun form such as Customer rather than Customers. The labeled line connecting two entities describes the nature of the association between them. This association is represented with a verb such as shipped, requests, or receives. The ER diagram also represents cardinality (the degree of association between two entities). Four basic forms of cardinality are possible: zero or one (0,1), one and only one (1,1), zero or many (0,M), and one or many (1,M). These are combined to represent logical associations between entities such as 1:1, 1:0,M, and M:M. PTS: 1 12. What are two types of distributed databases? ANS: Partitioned and replicated databases. PTS: 1 13. Describe an environment in which a firm should use a partitioned database. ANS: A partitioned database approach works best in organizations that require minimal data sharing among its information processing units and when a primary user of the data can be identified. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 14. Explain how to link tables in (1:1) association. Why may this be different in a (1:0,1) association? ANS: Where a true 1:1 association exists between tables, either (or both) primary keys may be embedded as foreign keys in the related table. On the other hand, when the lower cardinality value is zero (1:0,1) a more efficient table structure can be achieved by placing the one-side (1:) table’s primary key in the zero-or-one (:0,1) table as a foreign key. Assume that a company has 1000 employees but only 100 of them are sales staff. Assume also that each sales person is assigned a company car. Therefore, every occurrence in the Employee entity is associated with either zero or one occurrence in the Company Car entity. If we assigned the Company Car (:0,1) side primary to the Employee (:1) table as a foreign key then most of the foreign will have null (blank) values. While this approach would work, it could cause some technical problems during table searches. Correctly applying the key-assignment rule solves this problem because all Company Car records will have an employee assigned and no null values will occur. PTS: 1 15. Why are the hierarchical and network models called navigational databases? ANS: These are called navigational models because traversing or searching them requires following a predefined path which is established through explicit linkages between related records. PTS: 1 16. What is view integration? ANS: A modern company uses hundreds or thousands of views and associated tables. Combining the data needs of all users into a single schema or enterprise-wide view is called view integration PTS: 1 17. What is a database lockout? ANS: To achieve data currency, simultaneous access to individual data elements by multiple sites needs to be prevented. The solution to this problem is to use a database lockout, which is a software control that prevents multiple simultaneous accesses to data. PTS: 1 18. What is the partitioned database approach and what are its advantages? ANS: The partitioned database approach splits the central database into segments or partitions that are distributed to their primary users. The advantages of this approach are: Storing data at local sites increases users’ control. Permitting local access to data and reducing the volume of data that must be transmitted between sites improves transaction processing response time.
Accounting Information Systems, 9e—Test Bank, Chapter 9 Partitioned databases can reduce the potential for disaster. By having data located at several sites, the loss of a single site cannot terminate all data processing by the organization. PTS: 1 19. What is a replicated database and what are the advantages of this approach? ANS: The entire database is replicated at each distributed site. Replicated databases are effective in companies where there exists a high degree of data sharing but no primary user. Since common data are replicated at each site, the data traffic between sites is reduced considerably. PTS: 1 20. What is repeating group data? ANS: Repeating group data is the existence of multiple values for a particular attribute in a specific record. PTS: 1 21. What is a partial dependency? ANS: A partial dependency occurs when one or more nonkey attributes are dependent on (defined by) only part of the primary key, rather than the whole key. This can occur only in tables that have composite (two or more attribute) primary keys. PTS: 1 22. What is a transitive dependency? ANS: A transitive dependency occurs in a table where nonkey attributes are dependent on another nonkey attribute and independent of the table’s primary key. PTS: 1 23. What is the update anomaly? ANS: The update anomaly results from data redundancy in an unnormalized table. The data attributes pertaining to particular entity (for example Vendor Name, Address, and Tele Num) are repeated in every record in every record pertaining to the vendor. Any change in the supplier’s name, address, or telephone number must then be made to each of these records. This causes an update problem that results in excessive overhead costs. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 24. What is the insertion anomaly? ANS: When a table is unnormalized, certain types of new records cannot be added to it. PTS: 1 25. When is a table in third normal form (3NF)? ANS: A table is in third normal form when it meets the two conditions below: 1. All nonkey (data) attributes in the table are dependent on (defined by) the primary key. 2. All nonkey attributes are independent of the other nonkey attributes. PTS: 1 ESSAY 1. What is the normal cardinality between a Customer entity and a Sales order entity? What does it signify? Why is it the only logical cardinality? ANS: The normal cardinality is 1:M which signifies that one customer may play many orders during a sales period. The cardinality would never be 1:1. That would mean that each customer was restricted to a signal sale. PTS: 1 2. Explain the three types of anomalies associated with database tables that have not been normalized. ANS: The update anomaly is the result of data redundancy. If a data element is stored in more than one place, it must be updated in all places. If this does not happen, the data are inconsistent. The insertion anomaly occurs when too data is stored together, such as when vendor information is only stored with specific inventory items. Until items are purchased from a given vendor, the vendor cannot be added to the database. The deletion anomaly involves the unintentional deletion of data from a table. If a vendor supplies only one item, and the firm discontinues that item, all information on the vendor is lost when vendor information is only stored with specific inventory items. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 3. What are the four elements of the database approach? Explain the role of each. ANS: Users are the individuals in the organization who access the data in the database. This may happen via user programs or by direct query. The database management system is a set of programs that control access to the database and that manage the data resource through program development, backup and recovery functions, usage reporting, and access authorization. The database administrator is a function (which may involve part of one individual’s duties or an entire department) which manages the database resources through database planning, design, implementation, operation and maintenance, and growth and change. The physical database is the lowest level of the database and consists of magnetic spots on magnetic media. The other levels of the database are abstract representations of the physical level. At the physical level, the database is a collection of records and files. PTS: 1 4. Explain the three views of a database. ANS: The unique internal view of the database is the physical arrangement of records which describes the structure of data records, the linkages between files, and the physical arrangement and sequence of records in the file. The unique conceptual view (or schema) represents the database logically and abstractly. This view allows users’ programs to call for data without knowing or needing to specify how the data are arranged or where the data reside in the physical database. The many user views (or subschema) define the portion of a database that an individual user is authorized to access. To the user, the user view is the database. PTS: 1 5. Explain a database lockout and the deadlock phenomenon. Contrast that to concurrency control and the timestamping technique. Describe the importance of these items in relation to database integrity. ANS: In a centralized database, a database lockout is used to ensure data currency. It is a software control that prevents multiple simultaneous access to data. Upon receiving a data access request, the central site DBMS places a lock on the requested data to prevent additional access until the lock is removed. In a distributed environment it is possible that multiple sites will lock each other out, preventing each from processing its transactions. This results in a deadlock because there is mutual exclusion to data and the transactions are in a wait state until the locks are removed. A deadlock is a permanent condition that must be resolved by special software that analyzes each deadlock to determine the best solution.
Accounting Information Systems, 9e—Test Bank, Chapter 9 In a replicated database, a large volume of data flows between sites, and temporary inconsistencies in the database may occur. Database concurrency is the presence of complete and accurate data at all remote sites. A commonly used method for concurrency control is to serialize and timestamp transactions that are in conflict. Both database lockouts and concurrency controls are designed to ensure that the transactions are completely processed and that all transactions are accurately reflected in the firm’s databases. Failure to implement these controls can result in transactions being lost, being partially processed, or with inconsistent databases. PTS: 1 6. How is a database deadlock usually resolved? What are factors that influence the decision made regarding the transactions? ANS: Resolving a deadlock usually involves sacrificing one or more transactions which must be terminated to complete the processing of other transactions in the deadlock. Preempted transactions must be reinitiated. Some of the factors to consider in the transaction decision are: (1) the resources currently invested in the transaction, (2) the transaction’s stage of completion, and (3) the number of deadlocks associated with the transaction. PTS: 1 7. In a distributed data processing system, a database can be centralized or distributed. Explain each. ANS: When the database is centralized, the entire database is stored at a central site which processes requests from users at remote locations. The central site performs the functions of a file manager that services the data needs of the remote users. Distributed databases can be partitioned replicated. The partitioned approach splits the central database into segments or partitions that are distributed to their primary users. When the database is partitioned, users have more control over data stored at local sites, transaction processing time is improved, and the potential of data loss is reduced. When the database is replicated, the entire database is stored at multiple locations. Replicated databases are effective where there is a high degree of data sharing but no primary user. Data traffic between sites is reduced considerably. The primary justification for a replicated database is to support read-only queries. PTS: 1 8. What are the four characteristics of a properly designed database table? ANS: 1. The value of at least one attribute in each tuple (row) must be unique. This is the primary key. 2. All attribute values in any column must be of the same class. 3. Each column in a given table must be uniquely named. Different tables may contain columns with the same name. 4. Tables must conform to the rules of normalization – free from structural dependencies, partial dependencies and transitive dependencies. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 9. What are the problems with the flat-file approach? How does the database approach solve them? ANS: Data redundancy causes significant data management problems in three areas: data storage, data updating, and currency of information. Data storage is a problem because if multiple users need the data, it must be collected and stored multiple times at multiple costs. When multiple users hold the same information, changes must be updated in all locations or data inconsistency results. Failure to update all occurrence of a data item can affect the currency of the information. If update messages are not properly disseminated, some users may not record the change and will perform their duties and make decisions based on outdated data. Another problem is task-data dependency which is the user’s inability to obtain additional information as needs change. With a database system, these problems are solved. There is no data redundancy since a data item is stored only once. Hence changes require only a single update, thus leading to current value. A common database is shared by all users, eliminating the problem of task-data dependency. PTS: 1 10. What typical features are provided by a database management system (DBMS)? ANS: 1. Program development which permits both programmers and end users to create applications to access the database. 2. Backup and recovery is built in, reducing the likelihood of total data destruction. 3. Database usage reporting captures statistics on what data is being used, when and by whom. The database administrator uses this information to assign user authorization and maintain the database. 4. Database access to authorized users is the most important feature of a DBMS. 5.
PTS: 1 11. Define repeating groups, partial dependencies and transitive dependencies and discuss how they are dealt with in the process of normalizing tables. ANS: Repeating group data occurs when multiple values for a particular attribute exist in a specific tuple (row). To avoid data redundancy, repeating group data needs to be removed from the table and placed in a separate table. A partial dependency occurs when one or more nonkey attributes are dependent on (defined by) only part of the primary key rather than the whole key. This can only occur in tables that have composite (two or more attributes) primary keys. This is resolved by splitting the table in two. A transitive dependency occurs in a table where nonkey attributes are dependent on another nonkey attribute and independent of the table’s primary key. This is resolved by splitting out the independent data and placing it in a new table. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 9 12. List the steps involved in creating a relational database using a top-down approach. ANS: 1. Identify the views to be modeled. 2. Normalize the data model and add primary keys. 3. Determine cardinalities and add foreign keys. 4. Construct the physical database. 5. Prepare the physical user views. PTS: 1 13. Discuss the accountant’s role in data modeling and potential problems caused by anomalies. ANS: Most accountants will not be directly responsible for normalizing an organization’s databases, but they should have an understanding of the process and be able to determine whether financial data are properly normalized to avoid anomalies. The conduct of many financial audit procedures involves accessing data stored in normalized tables. An organization’s financial database may consist of thousands of normalized tables and navigating the network requires an understanding of data structures. The update anomaly can generate conflicting and/or obsolete database values in accounts, the insertion anomaly can result in unrecorded transactions and incomplete audit trails, and the deletion anomaly can cause the loss of accounting records and destruction of audit trails. PTS: 1
APPENDIX QUESTION 14. Discuss the hierarchical database model. What limitation(s) of the hierarchical database model are solved by the network database model? ANS: The earliest DBMS were based on the hierarchical data model. This was a popular approach to data representation because it reflected many aspects of an organization that are hierarchical in relationship. It was an efficient data processing tool for highly structured problems. The hierarchical model is constructed of sets of files. Each set contains a parent and a child. Files at the same level with the same parent are called siblings. The hierarchical data model is a navigational database because traversing it requires following a predefined path, established through pointers. A parent record may have one or more child records, but no child record can have more than one parent which is restrictive and limits the usefulness of the model. Many firms need a view that permits multiple parents. That limitation is solved by the network database model which allows a child record to have multiple parents. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 Chapter 10—The REA Approach to Business Process Modeling TRUE/FALSE 1. According to the REA philosophy, information systems should support only the needs of accounting professionals. ANS: F
PTS: 1
2. Many believe that the accounting profession should shift away from financial statement reporting toward providing information that assists decision-making. ANS: T
PTS: 1
3. Modern managers need both financial and nonfinancial information that traditional GAAP-based accounting systems are incapable of providing. ANS: T
PTS: 1
4. The REA model is an alternative accounting framework for modeling an organization’s critical resources, events, and accounts. ANS: F
PTS: 1
5. In REA, resources are assets that include accounts receivable. ANS: F 6.
PTS: 1
REA modeling embraces two classes of events: economic events and support events. ANS: T
PTS: 1
7. At least two REA agents participate in each an economic event. ANS: T
PTS: 1
8. The events depicted on an REA diagram are transformed into computer processes while the resources and agents become relational database tables. ANS: F
PTS: 1
9. Under the REA approach support events may directly affect a change in resources. ANS: F
PTS: 1
10. An example of an economic event is checking customer credit prior to processing a sale. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 11. The duality association in an REA diagrams signifies that each economic transaction involves two agents. ANS: F
PTS: 1
12. A difference between ER and REA diagrams is that ER diagrams present a static picture of the underlying business phenomena. ANS: T
PTS: 1
13. ER diagrams always label entity names in the singular noun form. ANS: T
PTS: 1
14. When modeling M:M associations, it is conventional to include link tables in the REA diagram so that the model reflects closely the actual database. ANS: F
PTS: 1
15. Where a 1:M association exists between tables, the primary key of the 1 side is embedded in the table of the M side. ANS: T
PTS: 1
16. The REA approach generates an information system based on a single holistic user view. ANS: F
PTS: 1
17. Four basic forms of cardinality are possible: zero or one (0,1), one and only one (1,1), one or many (1,M), and many and only many (M,M). ANS: F
PTS: 1
18. When one side of a 1:1 association has a minimum cardinality of zero, the primary key of the table with the 0,1 cardinality should be embedded as a foreign key in the table with the 1,1 cardinality ANS: F
PTS: 1
19. Most companies implementing an REA model also maintain a traditional general ledger system for financial reporting. ANS: T
PTS: 1
20. Modeling economic transactions under the REA approach always includes depicting both internal and external agents. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 21. The letters ‘R,’ ‘E,’ and ‘A’ in the term “REA model” stand for resources, events, and actions. ANS: F
PTS: 1
22. A semantic data model captures the operational meaning of the user's data and provides a concise description of it. ANS: T
PTS: 1
23. Support events include control, planning, and management activities that directly affect a change in resources. ANS: F
PTS: 1
24. REA resources are those things of economic value under the control of the enterprise including physical assets and employees. ANS: F
PTS: 1
25. Value chain analysis distinguishes between primary activities and support activities. ANS: T
PTS: 1
MULTIPLE CHOICE 1. Which statement is NOT true? REA resources are: a. assets b. affected by support events c. scarce d. under the control of agents
ANS: B
PTS: 1
2. The concept of duality means that a REA diagram must consist of: a. two events, one of them economic the other support b. two agents, one of them internal and the other external c. two resources, one increased and the other decreased by the same event d. none of the above
ANS: D
PTS: 1
3. In a REA diagram each economic event is always a. linked to at least two resource entities b. linked to two external agents c. linked to another economic event d. linked to two internal agents ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 4. Which of the following are characteristics of internal agents? a. They participate in economic events, but do not assume control of the resources b. They are employees of the company whose system is being modeled c. They participate in economic events, but not in support events d. All of the above ANS: B
PTS: 1
5. Which of the following is true? a. REA diagram entities are arranged in constellations by entity class. b. ER diagrams present a static picture of the underlying business phenomena c. Events entity names in REA diagrams are in the verb form d. All of the above are true statements ANS: D
PTS: 1
6. The ‘R’ in REA stands for a. ratios b. relationships c. resources d. reserves ANS: C
PTS: 1
7. The ‘E’ in REA stands for a. events b. estimates c. economics d. entities ANS: A
PTS: 1
8. The ‘A’ in REA stands for a. assets b. apportionment c. allocation d. agents ANS: D
PTS: 1
9. Which of the following events would be least likely to be modeled in a REA diagram? a. customer inquires b. posting accounts payable c. receiving cash d. sales to a customer ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 10. All of the following are examples of economic events except a. receiving raw materials from a supplier b. checking a customer’s credit prior to processing a sales order c. disbursing cash for inventories received d. shipping product to a customer
ANS: B
PTS: 1
11. Which types of entities are included in REA diagrams? a. support events b. economic events c. internal agents d. all of the above
ANS: D
PTS: 1
12. Which of the following associations would most likely describe the relationship between an internal agent and an economic event? a. 1:M b. 1:1 c. 0:M d. none of the above
ANS: A
PTS: 1
13. Which of the following statement is correct? a. The REA model requires that phenomena be characterized in a manner consistent with the development of a single user view. b. The REA model requires that phenomena be characterized in a manner consistent with the development of a selected user view. c. The REA model requires that phenomena be characterized in a manner consistent with the development of a unique user view. d. The REA model requires that phenomena be characterized in a manner consistent with the development of a multiple user view.
ANS: D
PTS: 1
14. Which of the following associations requires a separate link table? a. 1:1 b. 1:M c. M:M d. none of the above
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 15. Which of the following tables would most likely have a composite key? a. Take Order. b. Cash c. Ship Product d. Inventory Ship Link
ANS: D
PTS: 1
16. When developing an REA model: a. Accounting artifacts are represented as support events b. The same resource is both increased and decreased by the duality association c. Link tables are explicitly depicted d. events are organized in sequence of occurrence
ANS: D
PTS: 1
17. In an REA model, events are described from the perspective of a. the organization b. the designer c. the user d. the customer
ANS: A
PTS: 1
18. Which of the following is NOT an example of an economic event? a. Ship goods b. Receive goods c. Get employee time d. Prepare cash disbursements voucher
ANS: D
PTS: 1
19. When assigning foreign keys in a 1:M association a. The primary key of each table should be embedded as a foreign key in the related table b. The primary key on the (0,M) side of the relation should be embedded as the foreign key on the (1,1) side. c. The primary key on the (1,1) side of the relation should be embedded as the foreign key on the (0,M) side. d. None of the above is true
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 20.
When assigning foreign keys in a 1:1 association: a. The primary key of each table should be embedded as a foreign key in the related table b. The primary key on the (0,1) side of the relation should be embedded as the foreign key on the (1,1) side. c. The primary key on the (1,1) side of the relation should be embedded as the foreign key on the (0,1) side. d. None of the above is true
ANS: C
PTS: 1
SHORT ANSWER 1. What is a user view? ANS: A user view is the set of data that a particular user needs to achieve his or her assigned tasks. For example, a production manager’s view may include finished goods inventory, free manufacturing capacity, and vendor performance. PTS: 1 2. What do the letters ‘R,’ ‘E,’ and ‘A’ stand for in the term “REA model”? ANS: resources, events, and agents PTS: 1 3. What is a semantic data model? ANS: It is a framework for designing accounting information systems that captures the operational meaning of the user's data and provides a concise description of it. PTS: 1 4. What are support events? ANS: Support events include control, planning, and management activities that are related to economic events, but do not directly affect a change in resources. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 5. Define resources, economic events, and agents. ANS: Resources are those things of economic value that are both scarce and under the control of the enterprise. Economic events are phenomena that affect changes (increase or decrease) in resources. Agents are individuals and departments that participate in an economic event. PTS: 1 6. Explain the rule for assigning foreign keys in a (1:M) association? ANS: The primary key of the 1 side table is embedded as a foreign key in the table of the M side. PTS: 1 7. How does the REA model categorize events? ANS: Economic events and support events PTS: 1 8. Define the value chain ANS: These are the activities that add value or usefulness to an organization’s products and services. PTS: 1 9. Define duality. ANS: Each economic event in an exchange is mirrored by an associated economic event in the opposite direction. PTS: 1 10. Describe the rule for assigning foreign keys in a (1:1) association ANS: Typically one of the tables in a 1:1 association has a minimum cardinality of zero. When this is the case, the primary key of the table with the (1, 1) cardinality should be embedded as a foreign key in the table with the (0, 1) cardinality. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 11. Explain the relationship between cardinality and association. ANS: The upper cardinalities for each of the two related entities define the overall association between them. For example, if the cardinality at one end of the association line is (0, 1) and at the other end it is (1, M) then the association between them is one-to-many (1:M). PTS: 1 12. Explain how events, resources and agents are linked in a REA diagram. ANS: Each event must be linked to at least one resource and a least two agents: One of the agents is internal to the organization and the other is usually external. In some types of transactions, however, the second agent may also be internal. PTS: 1 13. What are the minimum number and type of event entities that an REA diagram must include? ANS: An REA model must, as a minimum, include the two economic events that constitute the give and receive activities that reduce and increase economic resources in the exchange. In addition it may include support events, which do not change resources directly. PTS: 1 14. Why would a company adopt the REA approach to database design? ANS: The REA approach leads to the development of a database which collects data needed to support the information needs of all users, not just the financial information traditionally collected by accounting systems. PTS: 1 15. Define view integration? ANS: It is the process of combining multiple individual REA diagram into an integrated global or enterprise model. PTS: 1 16. Define cardinality. ANS: Cardinality describes the number of possible occurrences in one entity that are associated with a single occurrence in a related entity. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 17. Define association. ANS: Association is the nature of the relationship between two entities and is represented by the labeled line connecting them. PTS: 1 18. Why are journals and ledgers not modeled in an REA diagram? ANS: Accounting activities such as recording a sale in the journal and setting up an account receivable are not value chain activities and need not be modeled. Capturing transaction data in sufficient detail adequately serves traditional accounting requirements PTS: 1 19. What are the four basic forms of cardinality? ANS: The four basic forms of cardinality are: zero or one (0,1), one and only one (1,1), zero or many (0,M), and one or many (1,M). PTS: 1 20. How are tables in a (M:M) association physically linked? ANS: Tables in an M:M association cannot accept an embedded foreign key from the related table. Instead, a separate link table must be created to contain the foreign keys. PTS: 1
ESSAY 1. List and explain the steps involved in preparing an REA model of a business process. ANS: The preparation of an REA model of a business process can be described in four steps: 1. Identify the events that are to be included in the model. These are the economic events and support events that add value and achieve the strategic objectives of the organization. Organize the events in order of occurrence. Events entities are described in verb form. 2. Identify the resources affected in each event. 3. Identify the agents involved in each event. 4. Assign the cardinalities to the resources/events/agents entity relationships. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 2. What is the REA model? What does it mean for accountants? ANS: The REA model is an alternative accounting framework for modeling an organization’s critical resources, events, and agents, and the relationships between them. Both accounting and nonaccounting data can be identified, captured and stored in a centralized database which can provide information to all users in the organization. PTS: 1 3. How does the REA approach improve efficiency? ANS: The REA approach can help improve operating efficiency in several ways. It can help managers identify nonvalue-added activities for elimination, reduce the need for multiple data collection, storage, and maintenance by combining both financial and nonfinancial data in a common database. Structuring data in this way permits a wider support of management decision-making. PTS: 1 4. How do the entity relationship (ER) and the REA diagrams differ? ANS: ER and REA diagrams differ visually in a significant way. Entities in ER diagrams are of one class and their proximity to other entities is determined by their cardinality and by what is visually pleasing to keep the diagrams readable. Entities on REA diagram, however, are divided into three classes (Resources, Events, and Agents) and organized into constellations by class on the diagram. A second difference between ER and REA diagrams involves the sequencing of events. ER diagrams present a static picture of the underlying business phenomena. REA diagrams, however, are typically organized from top to bottom within the constellations to focus on the sequence of events. The third difference between ER and REA diagrams pertains to naming conventions for entities. In ER diagrams, entity names are always represented in the singular noun form. REA modeling applies this rule when assigning names to resource and agent entities. Event entities, however, are given verb (action) names such as Sell Inventory, Take Order, or Receive Cash. PTS: 1 5. Since REA databases do not employ journals and ledgers, how can they support financial statement reporting? ANS: Journals, ledgers, and double-entry bookkeeping are the traditional mechanisms for formatting and transmitting accounting data, but they are not essential elements of an accounting database. REA systems capture the essence of what accountants account for by modeling the underlying economic phenomena directly from the transaction data. Organizations employing REA can thus produce financial statements, journals, and ledgers. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 6. Explain how Take Order can be either an economic or a support event. ANS: Taking an order typically involves only a commitment for the seller to sell goods to the customer. It may involve adjusting inventory available for sale to prevent it from being sold to another customer. The commitment is not an economic exchange because the customer may cancel the order before shipment. However, if Take Order results in resources being obtained or manufacturing to occur, then an economic event will have occurred. PTS: 1 7. Describe the two economic events that occur for payroll procedures. ANS: The Get Time event captures the daily time-giving instances of employees through a time-keeping mechanism, such as an electronic time clock. For salaried employees the time-capturing process may simply involve the passage of time. The Disburse Cash event is the give half of the economic exchange and involves distributing cash to an employee (the external agent) for services rendered. The payroll clerk (internal agent) participates in this event, which reduces the cash resource. PTS: 1 8. Explain the difference between producing financial statements in a traditional system and in a REA model. ANS: In a traditional system, financial statements are generally prepared from general ledger accounts, whose values are derived from journal voucher postings. With REA, traditional accounting mechanisms are reproduced from the event tables. Accounting figures extracted from REA tables can be used to prepare income statements, balance sheets and even journal entries. PTS: 1 9. Discuss why adherence by the accounting profession to a single, GAAP-based view is inappropriate. ANS: Modern managers need both financial and non-financial information in formats and at levels of aggregation that the traditional GAAP-based accounting systems architecture is generally incapable of providing. Information customers have shown quite clearly that they are willing to obtain the information they require elsewhere. The result has been a growing perception that accounting information is not as useful as it once was. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 10 10. Discuss how adopting a value chain perspective reveals advantages of adopting an REA approach to information system development. ANS: Decision-makers need to look at far more than the internal operations and functions of the organization. Value chain analysis distinguishes between primary activities–those that create value– and support activities–those that assist achievement of the primary activities. Through applying the analysis, an organization is able to look beyond itself and maximize its ability to create value by, for example, incorporating the needs of its customers within its products, or the flexibility of its suppliers in scheduling its production. It would be impossible to incorporate much of the value chain activities within a traditional information system. Those organizations that have applied value chain analysis have generally done so outside the accounting information system, providing such information separately to the decisionmakers. Frequently, this would involve the establishment of other distinct information systems, such as marketing information systems, with all the resulting problems inherent in operating multiple information systems, including data duplication, data redundancy, and data inconsistency. It is fairly obvious that the adoption of a single information system framework that encompassed all this information, such as one based upon the REA approach, would be preferable. PTS: 1 11. Discuss the concept of duality as it relates modeling an economic transaction. ANS: The rationale behind an economic transaction is that two agents each give the other a resource in exchange for another resource. In actuality, the exchange is a pair of economic events, which is expressed via the duality association in an REA diagram. Each economic event is mirrored by an associated economic event in the opposite direction. These dual events are the give event and receive event. From the perspective of the organization function being modeled, the give half of the exchange decreases the economic resource, as represented by the outflow association. The receive half of the exchange increases the economic resources represented by an inflow association. Note that an economic exchange does not require duality events to occur simultaneously. For example, inventory is reduced immediately by the sale to a customer, but cash may not be increased by the customer's remittance for several weeks. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11
Chapter 11—Enterprise Resource Planning Systems TRUE/FALSE 1. The primary goal of installing an ERP system is reducing system maintenance costs. ANS: F
PTS: 1
2. The recommended data architecture for an ERP includes separate operational and data warehouse databases. ANS: T
PTS: 1
3. A closed database architecture shares data easily. ANS: F
PTS: 1
4. ERP systems support a smooth and seamless flow of information across organizations. ANS: T
PTS: 1
5. OLAP stands for on-line application processing. ANS: F
PTS: 1
6. The primary goal of installing an ERP system is achieving business process reengineering to improve customer service, reduce production time, increase productivity, and improve decision-making. ANS: T
PTS: 1
7. Day-to-day transactions are stored in the operational database. ANS: T
PTS: 1
8. Data mining typically focuses on the operational databases. ANS: F
PTS: 1
9. Companies are more likely to modify an ERP to accommodate the company than to modify company processes to accommodate the ERP. ANS: F
PTS: 1
10. If a chosen ERP cannot handle a specific company process bolt-on software may be available. ANS: T
PTS: 1
11. Core applications are also called OLAP. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 12. The client/server model is a form of network topology in which user computers, called clients, access ERP programs and data via a host computer called a server. ANS: T
PTS: 1
13. A data warehouse is a relational or multi-dimensional database that may require hundreds of gigabytes of storage. ANS: T
PTS: 1
14. Drill-down capability is an OLAP feature of data mining tools. ANS: T
PTS: 1
15. Supply-chain management software is a type of program that supports efforts relative to moving goods from the raw material stage to the customer. ANS: T
PTS: 1
16. In two-tier architecture, the database and application functions are separated. ANS: F
PTS: 1
17. Slicing and dicing permits the disaggregation of data to reveal underlying details. ANS: F
PTS: 1
18. Data entered into the data warehouse must be normalized. ANS: F
PTS: 1
19. OLAP includes decision support, modeling, information retrieval, and what-if analysis. ANS: T
PTS: 1
20. Efficient supply-chain management provides firms with a competitive advantage. ANS: T
PTS: 1
21. The big-bang approach involves converting from old legacy systems to the new ERP in one implementation step. ANS: T
PTS: 1
22. A two-tier architecture approach is used primarily for wide area network (WAN) applications. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 23. Data cleansing is a step performed by external auditors to identify and repairing invalid data prior to the audit. ANS: F
PTS: 1
24. Organizations using ERP systems employ an internal control tool called a role. ANS: T
PTS: 1
25. In spite of the high technology employed in ERP systems, critical business controls such as a three way match are always performed manually. ANS: F
PTS: 1
26. The role model assigns specific access privileges directly to individuals. ANS: F
PTS: 1
27. An access control list specifies the user-ID, the resources available to the user, and the level of permission granted. ANS: T
PTS: 1
28. RBAC assigns access permissions to the role an individual plays in the organization rather than directly to the individual. ANS: T
PTS: 1
29. A problem with RBAC is that managers tend to create unnecessary roles ANS: T
PTS: 1
30. The implementation of an ERP creates an environment with a single point of failure, which places the organization at risk. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11
MULTIPLE CHOICE 1. Goals of ERP include all of the following except a. improved customer service b. improvements of legacy systems c. reduced production time d. increased production
ANS: B
PTS: 1
2. Core applications are a. sales and distribution b. business planning c. shop floor control and logistics d. all of the above
ANS: D
PTS: 1
3. Data warehousing processes do not include a. modeling data b. condensing data c. extracting data d. transforming data
ANS: B
PTS: 1
4. Which of the following is usually not part of an ERP’s core applications? a. OLTP applications b. sales and distribution applications c. business planning applications d. OLAP applications
ANS: D
PTS: 1
5. Which of the following is usually not part of an ERP’s OLAP applications? a. Logistics b. decision support systems c. ad hoc analysis d. what-if analysis
ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 6. Which of the following statements is least likely to be true about a data warehouse? a. It is constructed for quick searching and ad hoc queries. b. It was an original part of all ERP systems. c. It contains data that are normally extracted periodically from the operating databases. d. It may be deployed by organizations that have not implemented an ERP.
ANS: B
PTS: 1
7. Which of the following statements is not true? a. In a typical two-tier client server system, the server handles both application and database duties. b. Client computers are responsible for presenting data to the user and passing user input back to the server. c. In three-tier client server architecture, one tier is for user presentations, one is for database and applications, and the third is for Internet access. d. The database and application functions are separate in the three-tier model.
ANS: C
PTS: 1
8. Which statements about data warehousing is not correct? a. The data warehouse should be separate from the operational system. b. Data cleansing is a process of transforming data into standard form. c. Drill-down is a data-mining tool available to users of OLAP. d. Normalization is a requirement of databases included in a data warehouse.
ANS: D
PTS: 1
9. Which statement about ERP installation is least accurate? a. For the ERP to be successful, process reengineering must occur. b. ERP fails because some important business process is not supported. c. When a business is diversified, little is gained from ERP installation. d. The phased-in approach is more suited to diversified businesses.
ANS: C
PTS: 1
10. Which statement is true? a. ERPs are infinitely scalable. b. Performance problems usually stem from technical problems, not business process reengineering. c. The better ERP can handle any problems an organization can have. d. ERP systems can be modified using bolt-on software.
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 11. The big bang method a. is more ambitious than the phased-in method. b. has been associated with many failures. c. both a. and b. d. neither a. nor b.
ANS: C
PTS: 1
12. Legacy systems are a. old manual systems that are still in place. b. flat file mainframe systems developed before client-server computing became standard. c. stable database systems after debugging. d. advanced systems without a data warehouse.
ANS: B
PTS: 1
13. A data mart is a. another name for a data warehouse. b. a database that provides data to an organization’s customers. c. an enterprise resource planning system. d. a data warehouse created for a single function or department.
ANS: D
PTS: 1
14. Most ERPs are based on which network model? a. peer to peer b. client-server c. ring topology d. bus topology
ANS: B
PTS: 1
15. On-line transaction processing programs a. are bolt-on programs used with commercially available ERPs. b. are available in two models–two-tier and three-tier. c. handle large numbers of relatively simple transactions. d. allow users to analyze complex data relationships.
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 16. Supply chain management software a. is typically under the control of external partners in the chain. b. links all of the partners in the chain, including vendors, carriers, third-party firms, and information systems providers. c. cannot be integrated into an overall ERP. d. none of the above
ANS: B
PTS: 1
17. The setup of a data warehouse includes a. modeling the data b. extracting data from operational databases c. cleansing the data d. all of the above
ANS: D
PTS: 1
18. Extracting data for a data warehouse a. cannot be done from flat files. b. should only involve active files. c. requires that the files be out of service. d. follows the cleansing of data.
ANS: C
PTS: 1
19. Data cleansing involves all of the following except a. filtering out or repairing invalid data b. summarizing data for ease of extraction c. transforming data into standard business terms d. formatting data from legacy systems
ANS: B
PTS: 1
20. Which of the following is not a risk associated with ERP implementation? a. Opposition to changes in the business culture b. Choosing the wrong ERP c. Choosing the wrong consultant. d. All of these are risks associated with ERP implementations.
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 21. Closed database architecture is a. a control technique intended to prevent unauthorized access from trading partners. b. a limitation inherent in traditional information systems that prevents data sharing. c. a data warehouse control that prevents unclean data from entering the warehouse. d. a technique used to restrict access to data marts. e. a database structure that many of the leading ERPs use to support OLTP applications.
ANS: B 22.
PTS: 1
Which of the following is NOT as a risk associated with ERP implementation? a. A drop in firm performance after implementation because the firm looks and works differently than it did while using a legacy system. b. Implementing companies have found that staff members, employed by ERP consulting firms, do not have sufficient experience in implementing new systems. c. Implementing firms fail to select systems that properly support their business activities. d. The selected system does not adequately meet the adopting firm’s economic growth. e. ERPs are too large, complex, and generic for them to be well integrated into most company cultures.
ANS: E
PTS: 1
23. Which statement is LEAST accurate? a. Implementing an ERP system has as much to do with changing the way an organization does business than it does with technology. b. The big-bang approach to ERP implementation is generally riskier than the phased in approach. c. To take full advantage of the ERP process, reengineering will need to occur. d. A common reason for ERP failure is that the ERP does not support one or more important business processes of the organization
ANS: D
PTS: 1
24. Which of the following is NOT a reason that data warehouses be created and maintained separately from operational databases? a. It is impractical to keep both operational and archive data in the same database. b. The continued influence of legacy systems. c. A separate centralized data warehouse is an effective means of collecting data from diverse sources. d. All of these are reasons that data warehouses are maintained separately.
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 25. The big bang approach a. is more ambitious and risky than the phased in approach. b. is a popular alternative to the phase-in approach. c. reduces the change of system failure. d. all of the above. e. none of the above.
ANS: A
PTS: 1
26. Auditors of ERP systems a. need not be concerned about segregation of duties because these systems possess strong computer controls. b. focus on output controls such as independent verification to reconcile batch totals. c. are concerned that managers fail to exercise adequate care in assigning permissions. d. do not view the data warehouse as an audit or control issue at all because financial records are not stored there. e. need not review access levels granted to users because these are determined when the system is configured and never change. ANS: C
PTS: 1
SHORT ANSWER 1. Define ERP. ANS: Enterprise resource planning systems are multiple module systems designed to integrate the key processes in an organization–order entry, manufacturing, procurement, human resources, etc. PTS: 1 2. Define the term “core applications” and give some examples. ANS: Core applications are those applications that support the day-to-day activities of the business, e.g., sales, distribution, shop floor control, logistics. PTS: 1 3. Define OLAP and give some examples. ANS: On-line analytical processing (OLAP) includes decision support, modeling, information retrieval, ad hoc reporting and analysis, and what-if analysis, e.g., determining sales within each region, determining relationship of sales to certain promotions. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 4. What is bolt-on software? ANS: Bolt-on software is software produced by third-party vendors which can be added onto an ERP to provide function not built into the ERP. PTS: 1 5. What is SCM software? ANS: Supply-chain management software is designed to manage the activities that get the product to the customer. This software typically handles procurement, production scheduling, order processing, inventory management, etc. PTS: 1 6. What is a data warehouse? ANS: A data warehouse is a database constructed for quick searching, retrieval, ad hoc queries, and ease of use. A data warehouse is composed of both detail and summary data which are normally extracted periodically from an operational database or from a public information service. A data warehouse is an effective means of collecting, standardizing, and assimilating data from diverse sources, and may consume hundreds of gigabytes or even terabytes of disk storage. Most organizations implement a data warehouse as part of a strategic IT initiative that involves an ERP system. The creation of a data warehouse separate from operational systems is a fundamental data warehousing concept. PTS: 1 7. What is the big-bang approach? ANS: The big-bang approach to conversion to an ERP is the approach which converts from old legacy systems to the new in one step that implements the ERP across the entire company. PTS: 1 8. Describe the two-tier client server model. ANS: In a two-tier architecture, the server handles both application and database duties. Some ERP vendors use this approach for local area network (LAN) applications. Client computers are responsible for presenting data to the user and passing user input back to the server. PTS: 1
9. What is the client-server model?
Accounting Information Systems, 9e—Test Bank, Chapter 11 ANS: The client-server model is a form of network topology in which the user’s computer or terminal (the client) accesses the ERP’s programs and data via a host computer called the server. While the servers may be centralized, the clients are usually located at multiple locations throughout the enterprise. PTS: 1 10. What is scalability? ANS: System scalability refers to the ability of a system to grow as the organization itself grows. This can involve four factors: size, speed, workload, and transaction cost. PTS: 1 11. What is data mining? ANS: Data mining is the process of selecting, exploring, and modeling large amounts of data to uncover unknown relationships and patterns. PTS: 1 12. Why do ERP systems need bolt-on software? Give an example. ANS: Depending on the unique characteristics of a company, an ERP may not be designed to drive all processes needed, e.g., supply chain management software is a common bolt-on. PTS: 1 13. How can a firm acquire bolt-on software? What are the options? ANS: When a firm needs additional function not provided by the ERP, bolt-on applications may be available. These can often be obtained from third-party vendors with which the ERP provider has a partnership arrangement. The more risky alternative is to seek an independent source. PTS: 1 14. Why does data need to be cleansed? ANS: Data cleansing involves filtering out or repairing invalid data prior to its being stored in the data warehouse. It also involves standardizing the format. PTS: 1
15. What are the basic stages of the data warehousing process?
Accounting Information Systems, 9e—Test Bank, Chapter 11 ANS: modeling data for the data warehouse, extracting data from the operational databases, cleansing the extracted data, transforming data into the warehouse model, and loading the data into the data warehouse database PTS: 1 16. Describe the three-tier client server model. ANS: The database and application functions are separated in the three-tier model. This architecture is typical of large production ERP systems that use wide area networks (WANs) for connectivity. Satisfying a client requests requires two or more network connections. Initially, the client establishes communications with the application server. The application server then initiates a second connection to the database server. PTS: 1 17. Why must a data warehouse include both detail and summary data? ANS: Many decision makers need similar information and need it regularly. Prepared summary data and standard reports can take the pressure off the data warehouse and speed up the provision of regularly needed information. PTS: 1 18. What are the three key internal control concerns for managers and auditors regarding ERP roles? ANS: 1. The creation of unnecessary roles. 2. The rule of least access should apply to permission assignments. 3. Monitor role creation and permission-granting activities, PTS: 1 19. What is the closed database architecture? ANS: The closed database architecture is similar in concept to the basic flat-file model. Under this approach a database management system is used to provide minimal technological advantage over flat-file systems. The DBMS is little more than a private but powerful file system. Each function has a private database. PTS: 1
20. What is meant by the OLAP term: consolidation?
Accounting Information Systems, 9e—Test Bank, Chapter 11 ANS: Consolidation is the aggregation or roll-up of data. For example, sales offices data can be rolled up to districts and districts rolled up to regions. PTS: 1 21. What is meant by the OLAP term: drill-down? ANS: Drill-down permits the disaggregation of data to reveal the underlying details that explain certain phenomena. For example, the user can drill down from total sales returns for a period to identify the actual products returned and the reasons for their return. PTS: 1 22. What is meant by the OLAP term: slicing and dicing? ANS: Slicing and dicing enables the user to examine data from different viewpoints. One slice of data might show sales within each region. Another slice might present sales by product across regions. Slicing and dicing is often performed along a time axis to depict trends and patterns. PTS: 1 23. What should management do to assess the potential benefits from implementing an ERP? ANS: To assess benefits, management first needs to know what they want and need from the ERP. They should establish key performance measures such as reductions in inventory levels, inventory turnover, stockouts, and average order fulfillment time that reflect their expectations. To monitor performance in such key areas, they should establish an independent value assessment group that reports to top management. PTS: 1 24. Internal efficiency is cited as one reason for separating the data warehouse from the operational database. Explain. ANS: The structural and operational requirements of transaction processing and data mining systems are fundamentally different, making it impractical to keep both operational (current) and archive data in the same database. Transaction processing systems need a data structure that supports performance, whereas data mining systems need data organized in a manner that permits broad examination and the detection of underlying trends. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 25. Why are data in a data warehouse stored in unnormalized tables? ANS: Normalizing data in an operational database is necessary to reflect accurately the dynamic interactions among entities. While a fully normalized database provides the flexible model needed for supporting multiple users in operations environment, it also adds to complexity that translates into performance inefficiency. Because of the vast size of a data warehouse, such inefficiency can be devastating. A three-way join between tables in a large data warehouse may take an unacceptably long time to complete and may be unnecessary. In the data warehouse model, the relationship among attributes does not change. Because historical data are static in nature, nothing is gained by constructing normalized tables with dynamic links. PTS: 1
26. What is the purpose of role- based governance software? ANS: It monitors role creation and permission granting to ensure compliance with internal control objectives. It verifies role compliance across all applications and users in an ERP environment. PTS: 1 27. What is a role? ANS: It is the task an individual plays within the organization and is associated with specific access privileges. PTS: 1 28. What is an access control list? ANS: It is a technique for assigning specific access permissions directly to the individual user. PTS: 1 29. How is the access control list approach different from RBAC? ANS: The access control list approach assigns access directly to the individual. RBAC assigns permissions to a role and the individual is assigned to the role. It is a way of dealing efficiently with the many to much relationship between individuals and permissions. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 30. Briefly explain the two general approaches to contingency planning for ERPs. ANS: Centralized organizations may employ two linked servers in redundant backup mode. All production processing is done on one server. If it fails, processing is automatically transferred to the other server. Companies whose organizational units are autonomous often choose to install regional servers. This approach permits independent processing and spreads the risk associated with server failure. PTS: 1
ESSAY 1. How are OLTP and OLAP different? Give examples of their use. ANS: On-line transaction processing (OLTP) involves large numbers of relatively simple day-to-day transactions. For example, this may involve order entry which collects data on customers and detail of sales. On-line analytical processing (OLAP) involves large amounts of data used to analyze relationships, involving aggregate data that can be analyzed, compared, and dissected. PTS: 1 2. Why does the data warehouse need to be separate from the operational databases? ANS: The conclusion that a data warehouse must be maintained separately from the operational database reflects several issues. The transaction processing system needs a data structure that supports performance. A normalized database aids users but adds complexity that can yield performance inefficiency. Data mining systems need an organization that permits broad queries. The data warehouse permits the integration of data still maintained in legacy systems. And the complexities of modern business can benefit from the ability to analyze data extensively in ways not permitted in traditional databases. PTS: 1 3. If an auditor suspected an unusual relationship between a purchasing agent and certain suppliers, how could drill-down be used to collect data? ANS: Drill-down capability permits a user to repeatedly extract detailed data at increasing levels of detail. An auditor would be able to examine purchasing transactions to determine any pattern of purchases with the supplier in question that were approved by the purchasing agent and tie such transactions to other characteristics like price variations relative to other vendors at the same time. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 4. Why must an organization expect the implementation of an ERP to disrupt operations? ANS: Successful implementation of an ERP requires that many business processes be reengineered. Once done, everything is different. If the organizational culture is not responsive to the changes, many problems can arise. PTS: 1 5. Scalability has several dimensions. What are they? What do they mean for ERP installation? ANS: Most organizations want to grow. When a new system of any type is installed, it should be expected to be able to handle a reasonable amount of growth. ERP systems are no different. Several dimensions of scalability can be considered. If size of the database doubles, access time may double. If system speed is increased, response time should decrease proportionately. If workload is increased, response time can be maintained by increasing hardware capacity accordingly. Transaction costs should not increase as capacity is increased. PTS: 1 6. Distinguish between the two-tier and three-tier client server model. Describe when each would be used. ANS: In a two-tier architecture, the server handles both application and database duties. Some ERP vendors use this approach for local area network (LAN) applications. Client computers are responsible for presenting data to the user and passing user input back to the server. In the three-tier model the database and application functions are separated. This architecture is typical of large production ERP systems that use wide area networks (WANs) for connectivity. Satisfying a client requests requires two or more network connections. Initially, the client establishes communications with the application server. The application server then initiates a second connection to the database server. PTS: 1 7. Data in a data warehouse are in a stable state. Explain how this can hamper data mining analysis? What can an organization do to alleviate this problem? ANS: Typically transaction data are loaded into the warehouse only when the activity on them has been completed–they are stable. Potentially important relationships between entities may, however, be absent from data that are captured in their stable state. For example, information about cancelled sales orders will probably not be reflected among the sales orders that have been shipped and paid for before they are placed in the warehouse. One way to reflect these dynamics is to extract the operations data in slices of time. These slices provide snapshots of business activity. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 11 8. This chapter stressed the importance of data normalization when constructing a relational database. Why then is it important to denormalize data in a data warehouse? ANS: Wherever possible, normalized tables pertaining to selected events should be consolidated into denormalized tables. Because of the vast size of a data warehouse, inefficiency caused by joining normalized data can be very detrimental to the performance of the system. A three-way join between tables in a large data warehouse may take an unacceptably long time to complete and may be unnecessary. Since historical data are static in nature, nothing is gained by constructing normalized tables with dynamic links. PTS: 1 9. ERP implementations are at risk to extensive cost overruns. Discuss three of the more commonly experienced problems area. ANS: Training. Training costs are invariably higher than estimated because management focuses primarily on the cost of teaching employees the new software. This is only part of the needed training. Employees also need to learn new procedures, which is often overlooked during the budgeting process. System Testing and Integration. In theory, ERP is a holistic model in which one system drives the entire organization. The reality, however, is that many organizations use their ERP as a backbone system that is attached to legacy systems and other bolt-on systems, which support unique needs of the firm. Integrating these disparate systems with the ERP may involve writing special conversion programs or even modifying the internal code of the ERP. Integration and testing are done on a caseby-case basis; thus, the cost is extremely difficult to estimate in advance. Database Conversion. A new ERP system usually means a new database. Data conversion is the process of transferring data from the legacy system’s flat files to the ERP’s relational database. When the legacy system’s data are reliable, the conversion process may be accomplished through automated procedures. Even under ideal circumstances, however, a high degree of testing and manual reconciliation is necessary to ensure that the transfer was complete and accurate. More often, the data in the legacy system are not reliable (sometimes called dirty). Empty fields and corrupted data values cause conversion problems that demand human intervention and data rekeying. Also, and more importantly, the structure of the legacy data is likely to be incompatible with the reengineered processes of the new system. Depending on the extent of the process reengineering involved, the entire database may need to be converted through manual data entry procedures. PTS: 1 10. Explain the risks associated with the creation of unnecessary roles and why it can happen. ANS: Managers in ERP environments have significant discretion in creating new roles for individuals. This may be done for employees who need access to resources for special and/or one-time projects. Such access granting authority needs to be temper with judgment to prevent the number of roles from multiplying to the point of becoming dysfunctional and thus creating a control risk. Indeed, an oft cited problem in ERP environments is that roles tend to proliferate to a point where their numbers actually exceed the number of employees in the organization. Policies need to be in place to prevent the creation of unnecessary new roles and to ensure that temporary role assignments are deleted when the reason for them terminates.
Accounting Information Systems, 9e—Test Bank, Chapter 11 PTS: 1 11. What is the fundamental concept behind the rule of least access? Explain why this is a potential problem in an ERP environment. ANS: Access privileges (permissions) should be granted on a need to know basis only. Nevertheless, ERP users tend to accumulate unneeded permissions over time. This is often due to two problems: 1. Managers fail to exercise adequate care in assigning permissions as part of their role granting authority. Since, managers are not always experts in internal controls they may not recognize when excessive permissions are awarded to an individual. Managers tend to be better at issuing privileges than removing them. As a result, an individual may retain unneeded access privileges from a previous job assignment that creates a segregation of duties violation when combined with a newly assigned role PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
Chapter 12—Electronic Commerce Systems TRUE/FALSE 1. Electronic commerce refers only to direct consumer marketing on the Internet. ANS: F
PTS: 1
2. The standard format for an e-mail address is DOMAIN NAME@USER NAME. ANS: F
PTS: 1
3. The network paradox is that networks exist to provide user access to shared resources while one of its most important objectives is to control access. ANS: T
PTS: 1
4. Business risk is the possibility of loss or injury that can reduce or eliminate an organization’s ability to achieve its objectives. ANS: T
PTS: 1
5. IP spoofing is a form of masquerading to gain unauthorized access to a Web server. ANS: T
PTS: 1
6. The rules that make it possible for users of networks to communicate are called protocols. ANS: T
PTS: 1
7. A factor that contributes to computer crime is the reluctance of many organizations to prosecute criminals for fear of negative publicity. ANS: T
PTS: 1
8. Cookies are files created by user computers and stored on Web servers. ANS: F
PTS: 1
9. Because of network protocols, users of networks built by different manufacturers are able to communicate and share data. ANS: T
PTS: 1
10. Sniffing is the unauthorized transmitting of information across an Intranet. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
11. The phrase .com has become an Internet buzz word. It refers to a top-level domain name for communications organizations. ANS: F
PTS: 1
12. The client-server model can only be applied to ring and star topologies. ANS: F 13.
PTS: 1
Only two types of motivation drive DoS attacks: 1) to punish an organization with which the perpetrator had a grievance; and 2) to gain bragging rights for being able to do it. ANS: F
PTS: 1
14. A distributed denial of service (DDoS) attack may take the form of a SYN flood but not a smurf attack. ANS: F
PTS: 1
15. The bus topology connects the nodes in parallel. ANS: T
PTS: 1
16. A network topology is the physical arrangement of the components of the network. ANS: T
PTS: 1
17. Business to consumer is the largest segment of Internet commerce. ANS: F 18.
PTS: 1
A digital signature is a digital copy of the sender’s actual signature that cannot be forged. ANS: F
PTS: 1
19. A bus topology is less costly to install than a ring topology. ANS: T 20.
PTS: 1
A smurf attack involves three participants: a zombie, an intermediary, and the victim. ANS: F
PTS: 1
21. In a hierarchical topology, network nodes communicate with each other via a central host computer. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
22. Polling is one technique used to control data collisions. ANS: T
PTS: 1
23. The more individuals that need to exchange encrypted data, the greater the chance that the key will become known to an intruder. To overcome this problem, private key encryption was devised. ANS: F
PTS: 1
24. The most frequent use of EDI is in making vendor payments. ANS: F
PTS: 1
25. EDI is the inter-company exchange of computer processible business information in standard format. ANS: T 26.
PTS: 1
A certification authority is an independent and trusted third party empowered with responsibility to vouch for the identity of organizations and individuals engaging in Internet commerce. ANS: T
PTS: 1
27. The intermediary in a smurf attack is also a victim. ANS: T
PTS: 1
28. A ping is used to test the state of network congestion and determine whether a particular host computer is connected and available on the network. ANS: T
PTS: 1
29. HTML controls web browsers that access the web. ANS: F
PTS: 1
30. A ping is an Internet maintenance tool that is used to test the state of network congestion and determine whether a particular host computer is s and available on the network. ANS: T
PTS: 1
31. Cloud computing is the technology that has unleashed virtualization. ANS: F
PTS: 1
32. Cloud computing is decreasing as hardware resources become cheaper because acquisition of resources is slow and not scalable. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
MULTIPLE CHOICE 1. What do you call a system of computers that connects the internal users of an organization that is distributed over a wide geographic area? a. LAN b. decentralized network c. multidrop network d. Intranet
ANS: D
PTS: 1
2. Network protocols fulfill all of the following objectives except a. facilitate physical connection between network devices b. provide a basis for error checking and measuring network performance c. promote compatibility among network devices d. result in inflexible standards
ANS: D
PTS: 1
3. To physically connect a workstation to a LAN requires a a. file server b. network interface card c. multiplexer d. bridge
ANS: B
PTS: 1
4. Packet switching a. combines the messages of multiple users into one packet for transmission. At the receiving end, the packet is disassembled into the individual messages and distributed to the intended users. b. is a method for partitioning a database into packets for easy access where no identifiable primary user exists in the organization. c. is used to establish temporary connections between network devices for the duration of a communication session. d. is a denial of service technique that disassembles various incoming messages to targeted users into small packages and then reassembles them in random order to create a useless garbled message.
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
5. Protocols a. facilitate the physical connection between the network devices. b. synchronize the transfer of data between physical devices. c. provide a basis for error checking and measuring network performance. d. all of the above. ANS: D 6.
PTS: 1
A virtual private network: a. is a password-controlled network for private users rather than the general public. b. is a private network within a public network. c. is an Internet facility that links user sites locally and around the world. d. defines the path to a facility or file on the web. e. none of the above is true.
ANS: B
PTS: 1
7. Which topology has a large central computer with direct connections to a periphery of smaller computers? Also in this topology, the central computer manages and controls data communications among the network nodes. a. star topology b. bus topology c. ring topology d. client/server topology
ANS: A 8.
PTS: 1
A ping signal is used to initiate a. URL masquerading b. digital signature forging c. Internet protocol spoofing d. a smurf attack e. none of the above is true ANS: D
PTS: 1
9. In a star topology, when the central site fails a. individual workstations can communicate with each other b. individual workstations can function locally but cannot communicate with other workstations c. individual workstations cannot function locally and cannot communicate with other workstations d. the functions of the central site are taken over by a designated workstation
ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
10. Which of the following statements is correct? The client-server model a. is best suited to the token-ring topology because the random-access method used by this model detects data collisions. b. distributes both data and processing tasks to the server’s node. c. is most effective used with a bus topology. d. is more efficient than the bus or ring topologies.
ANS: B
PTS: 1
11. Sniffer software is a. software used by malicious Web sites to sniff data from cookies stored on the user’s hard drive b. used by network administrators to analyze network traffic c. used by bus topology Intranets to sniff for a carrier before transmitting a message to avoid data collisions d. illegal programs downloaded from the Net to sniff passwords from the encrypted data of Internet customers
ANS: B
PTS: 1
12. In a ring topology a. all nodes are of equal status b. nodes manage private programs and databases locally c. shared resources are managed by a file server which is a node on the ring d. all of the above
ANS: D
PTS: 1
13. The client/server topology a. increases the amount of data that is transmitted between the central file and the network node b. eliminates the need for nodes to communicate with each other c. reduces the number of records that must be locked by having the file server perform record searches d. functions only with a ring and bus topology
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
14. The primary difference between a LAN and a WAN is a. the geographical area covered by the network b. the transmission technology used c. the type of workstation used d. the size of the company
ANS: A
PTS: 1
15. A star topology is appropriate a. for a wide area network with a mainframe for a central computer b. for centralized databases only c. for environments where network nodes routinely communicate with each other d. when the central database does not have to be concurrent with the nodes
ANS: A
PTS: 1
16. In a ring topology a. the network consists of a central computer which manages all communications between nodes b. has a host computer connected to several levels of subordinate computers c. all nodes are of equal status; responsibility for managing communications is distributed among the nodes d. information processing units rarely communicate with each other
ANS: C
PTS: 1
17. A distributed denial of service (DDoS) attack a. is more intensive that a Dos attack because it emanates from single source b. may take the form of either a SYN flood or smurf attack c. is so named because it effects many victims simultaneously, which are distributed across the internet d. turns the target victim's computers into zombies that are unable to access the Internet e. none of the above is correct
ANS: B
PTS: 1
18. Which method does not manage or control data collisions that might occur on a network? a. Multiplexing b. Polling c. carrier sensing d. token passing
ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
19. All of the following are true about the Open System Interface (OSI) protocol except a. within one node different layers communicate with other layers at that node b. one protocol is developed and applied to all the OSI layers c. specific layers are dedicated to hardware tasks and other layers are dedicated to software tasks d. layers at each node communicate logically with their counterpart layers across nodes ANS: B
PTS: 1
20. NNTP a. is the document format used to produce Web pages. b. controls Web browsers that access the Web. c. is used to connect to Usenet groups on the Internet d. is used to transfer text files, programs, spreadsheets, and databases across the Internet. e. is a low-level encryption scheme used to secure transmissions in higher-level (HTTP) format. ANS: C
PTS: 1
21. Which of the following statements is correct? TCP/IP a. is the basic protocol that permits communication between Internet sites. b. controls Web browsers that access the WWW. c. is the file format used to produce Web pages. d. is a low-level encryption scheme used to secure transmissions in HTTP format.
ANS: A
PTS: 1
22. FTP a. is the document format used to produce Web pages. b. controls Web browsers that access the Web. c. is used to connect to Usenet groups on the Internet d. is used to transfer text files, programs, spreadsheets, and databases across the Internet. e. is a low-level encryption scheme used to secure transmissions in higher-level () format.
ANS: D 23.
PTS: 1
IP spoofing a. combines the messages of multiple users into a “spoofing packet” where the IP addresses are interchanged and the messages are then distributes randomly among the targeted users. b. is a form of masquerading to gain unauthorized access to a web server. c. is used to establish temporary connections between network devices with different IP addresses for the duration of a communication session. d. is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the IP address needed by other users. ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
24. HTML a. is the document format used to produce Web pages. b. controls Web browsers that access the Web. c. is used to connect to Usenet groups on the Internet. d. is used to transfer text files, programs, spreadsheets, and databases across the Internet. e. is a low-level encryption scheme used to secure transmissions in higher-level () format. ANS: A
PTS: 1
25. Which one of the following statements is correct? a. Cookies always contain encrypted data. b. Cookies are text files and never contain encrypted data. c. Cookies contain the URLs of sites visited by the user. d. Web browsers cannot function without cookies. ANS: C
PTS: 1
26. A message that is made to look as though it is coming from a trusted source but is not is called a. a denial of service attack b. digital signature forging c. Internet protocol spoofing d. URL masquerading ANS: C
PTS: 1
27. An IP Address: a. defines the path to a facility or file on the web. b. is the unique address that every computer node and host attached to the Internet must have. c. is represented by a 64-bit data packet. d. is the address of the protocol rules and standards that governing the design of internet hardware and software. e. none of the above is true. ANS: B
PTS: 1
28. A digital signature is a. the encrypted mathematical value of the message sender’s name b. derived from the digest of a document that has been encrypted with the sender’s private key c. the computed digest of the sender’s digital certificate d. allows digital messages to be sent over analog telephone lines ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
29. HTTP a. is the document format used to produce Web pages. b. controls Web browsers that access the Web. c. is used to connect to Usenet groups on the Internet d. is used to transfer text files, programs, spreadsheets, and databases across the Internet. e. is a low-level encryption scheme used to secure transmissions in higher-level () format. ANS: B
PTS: 1
30. Which of the following statements is correct? a. Packet switching combines the messages of multiple users into a “packet” for transmission. At the receiving end, the packet is disassembled into the individual messages and distributed to the intended users. b. The decision to partition a database assumes that no identifiable primary user exists in the organization. c. Packet switching is used to establish temporary connections between network devices for the duration of a communication session. d. A deadlock is a temporary phenomenon that disrupts transaction processing. It will resolve itself when the primary computer completes processing its transaction and releases the data needed by other users. ANS: C
PTS: 1
31. The provision of computing power and disk space to client firms who access it from desktop PCs is known as a. Computing-as-a-Service b. Infrastructure-as-a-Service c. Platform-as-a-Service d. Software-as-a-Service ANS: B
PTS: 1
32. This class of cloud computing enables client firms to develop and deploy onto the cloud infrastructure consumer-generated applications using facilities provided by the vendor. a. Computing-as-a-Service b. Infrastructure-as-a-Service c. Platform-as-a-Service d. Software-as-a-Service ANS: C
PTS: 1
33. Which of the following is not a key feature of cloud computing? a. Acquisition of resources is rapid and infinitely scalable. b. Client firms can acquire IT resources from vendors on demand and as needed. c. Computing resources are pooled to meet the needs of multiple client firms. d. Individual clients have control over the physical location of the service being provided. ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
SHORT ANSWER 1. What is packet switching? ANS: Packet switching is a transmission whereby messages are divided into small packets. Individual packets of the same message may take different routes to their destinations. Each packet contains address and sequencing codes so they can be reassembled into the original complete message at the receiving end. PTS: 1 2. What is an extranet? ANS: An extranet is a variant on Internet technology. This is a password-controlled network for private users rather than the general public. Extranets are used to provide access between trading partner internal databases. PTS: 1 3. What is a URL? ANS: A URL is the address that defines the path to a facility or file on the Web. URLs are typed into the browser to access Web site homepages and individual Web pages, and can be embedded in Web pages to provide hypertext links to other pages. PTS: 1 4. What is an IP address? ANS: Every computer node and host attached to the Internet must have a unique Internet protocol (IP) address. For a message to be sent, the IP addresses of both the sending and the recipient nodes must be provided. PTS: 1 5. What is spoofing? ANS: Spoofing is a form of masquerading to gain unauthorized access to a Web server to perpetrate an unlawful act without revealing ones identity. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
6. Name the three types of addresses used on the Internet. ANS: The three types of addresses used on the Internet are: e-mail addresses of individuals, Web site (URL) addresses of pages, and IP addresses of individual computers attached to the Internet. PTS: 1 7. What is a ping? ANS: It is an internet maintenance tool that is used to test the state of network congestion and determine whether a particular host computer is connected and available on the network. PTS: 1 8. What is an IRC? ANS: It is a popular interactive service on the internet that lets thousands of people from all around the world engage in real-time communications via their computers. PTS: 1 9. Name the three parties involved in a smurf attack. ANS: The perpetrator, the intermediary, and the victim. PTS: 1 10. Explain the parts of an e-mail address and give an example (your own?). ANS: The two parts of an e-mail address are the user name and the domain name. For example, hsavage@cc.ysu.edu is the address of Helen Savage at the computer center site at Youngstown State University. PTS: 1 11. What are cookies and why are they used? ANS: Cookies are files containing user information that are created by the Web server of the site being visited and are then stored on the visitor’s own computer hard drive. They can contain the addresses of sites visited by the user. If the site is revisited, the browser sends the cookie(s) to the Web server. This was originally intended to enhance efficiency. Many questions now exist about the use of cookies, especially with regard to user privacy and the security of user information such as passwords.
Accounting Information Systems, 9e—Test Bank, Chapter 12
PTS: 1 12. List at least five top-level domain names used in the United States. ANS: Among the top-level domain names used in the U.S. are: .com–a commercial entity .net–a network provider .org–an non-profit organization .edu–an educational or research entity .gov–a government entity PTS: 1 13. When are a bridge and with a gateway used to connect networks? ANS: Bridges connect LANs of the same type; gateways connect LANs of different manufacturers and different types. PTS: 1 14. Describe an advantage to the client/server topology. ANS: Client/server technology reduces the number of records that have to be locked and reduces the amount of data that is transmitted over the network. PTS: 1 15. Describe one primary advantage of polling as a network control method. ANS: Polling is non-contentious so data collisions are prevented. Firms can prioritize data communications by polling important nodes more frequently than less important nodes. PTS: 1 16. Describe one disadvantage to carrier sensing as a network control method. ANS: Collisions can occur when two messages are sent simultaneously. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
17. Why is network control needed? What tasks are performed? ANS: Network control establishes a communication session between sender and receiver, manages the flow of data across the network, detects and resolves data collisions, and detects errors in data caused by line failure or signal degeneration. PTS: 1 18. Define WAN, LAN, and VAN. ANS: A WAN is a wide area network, a LAN is a local area network, and a VAN is a value-added network. PTS: 1 19. What are the five basic network architectures? ANS: The five basic network architectures are: star, hierarchical, ring, bus, and client/server. PTS: 1 20.
Discuss the private key encryption technique and its shortcomings. ANS: To encode a message, the sender provides the encryption algorithm with the key, which produces the ciphertext message. This is transmitted to the receiver’s location, where it is decoded using the same key to produce a cleartext message. Because the same key is used for coding and decoding, control over the key becomes an important security issue. The more individuals that need to exchange encrypted data, the greater the chance that the key will become known to an intruder who could intercept a message and read it, change it, delay it, or destroy it. PTS: 1
21. Discuss the public key encryption technique. ANS: This approach uses two different keys: one for encoding messages and the other for decoding them. The recipient has a private key used for decoding that is kept secret. The encoding key is public and published for everyone to use. Receivers never need to share private keys with senders, which reduces the likelihood that they fall into the hands of an intruder. One of the most trusted public key encryption methods is Rivest-Shamir-Adleman (RSA). This method is, however, computationally intensive and much slower than private key encryption. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
22. What is a digital signature? ANS: A digital signature is an electronic authentication technique that ensures the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied. The digital signature is derived from a mathematically computed digest of the document that has been encrypted with the sender’s private key. PTS: 1 23.
What is a digital certificate? ANS: A digital certificate is like an electronic identification card that is used in conjunction with a public key encryption system to verify the authenticity of the message sender. Trusted third parties known as certification authorities (CA s) (for example, Veri-Sign, Inc.) issue digital certificates, also called digital IDs. The digital certificate is actually the sender’s public key that the CA has digitally signed. The digital certificate is transmitted with the encrypted message to authenticate the sender. PTS: 1
24.
What is a seal of assurance? ANS: In response to consumer demand for evidence that a web-based business is trustworthy, a number of trusted third-party organizations are offering seals of assurance that businesses can display on their website home pages. To legitimately bear the seal, the company must show that it complies with certain business practices, capabilities, and controls. Examples of seal are: Better Business Bureau (BBB), TRUSTe, Veri-Sign, Inc., International Computer Security Association (ICSA), AICPA/CICA WebTrust, and AICPA/CICA SysTrust. PTS: 1
25. Describe a denial of service (DoS) attack and identify three common forms. ANS: A denial of service attacks (DoS) is an assault on a web server to prevent it from servicing its legitimate users. While such attacks can be aimed at any type of website, they are particularly devastating to business entities that are prevented from receiving and processing business transactions from their customers. Three common types of DoS attacks are: SYN flood, smurf, and distributed denial of service (DDoS). PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
26.
What is cloud computing? ANS: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. PTS: 1
27.
Describe virtualization. ANS: Virtualization is the technology that has unleashed cloud computing. Virtualization multiplies the effectiveness of the physical system by creating virtual (software) versions of the computer with separate operating systems that reside in the same physical equipment. In other words, virtualization is the concept of running more than one “virtual computer” on a single physical computer. Since each virtual system runs its own application, total computing power is multiplied with no additional hardware investment. PTS: 1
ESSAY 1. Discuss common risks to consumers from cyber criminals that impact electronic commerce. ANS: The perception that the Internet is not safe for credit card purchases is considered to be the biggest barrier to electronic commerce. Some Internet companies are negligent or even fraudulent in the way they collect, use, and store credit card information. Another form of Internet fraud involves establishing a website to steal a visitor’s password. To access the page the visitor is asked to register with an email address and password. Because many people use the same password for different applications, cybercriminals use the password given to break into the victim’s other accounts. Consumer privacy concerns discourages many consumers from engaging in Internet commerce. One aspect involves the way websites capture and use cookies in areas such as online marketing. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
2. Describe the basic differences between the star, ring, and bus topologies. ANS: The star topology is a configuration of IPUs with a large central computer (the host) at the hub (or center) that has connections to a number of smaller computers. Communication between nodes is managed from the host. The ring topology connects many computers of equal status. There is no host. Management of communication is distributed among the nodes. In the bus topology, all nodes are connected to a common cable, the bus. Communication and file transfer are controlled centrally by one or more server. PTS: 1 3. What security questions must be considered with regard to Internet commerce? ANS: Security questions that must be answered to safeguard Internet commerce relate to: private or confidential financial data stored on a host or server that could be accessed by unauthorized individuals, interception of private information sent between sites, such as credit card numbers, and the risk of destruction of data and programs by virus attacks and other malice. PTS: 1 4. What is the World Wide Web? ANS: The World Wide Web is an Internet facility that links user sites locally and around the world. It was originally developed to share scientific information over the Internet. Although the Web is the part of the Internet that is most familiar to average users, it is just a part. Other Internet tools include file transfer using FTP, remote connection to another computer using Telnet, and access to the menuing system Gopher. Its popularity is in part due to the ease of access that is provided by Internet browser software. The basic Web document is written in hypertext markup language that contains numerous links to other pages, thus permitting easy movement. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
5. Discuss the three levels of Internet business models. ANS: How much benefit an organization gains from the Internet depends on how much of its function is used. Three levels of uses can be made: a. At the simplest level, the information level, the organization uses the Internet to display information about the company, its products, services, and business policies. In other words, it provides information only. b. At the transaction level, the organization uses the Internet to accept orders from customers and/or to place them with their suppliers. In other words, transactions occur. c. At the highest level, the distribution level, the organization uses the Internet to both sell and deliver digital products–online news, software, music, video, etc. PTS: 1 6. Define risk in an electronic commerce setting. ANS: The typical definition of business risk is the possibility of loss or injury that can reduce or eliminate an organization’s ability to achieve its objectives. In the area of e-commerce, risk relates to the loss, theft, or destruction of data and/or the use or generation of data or computer programs that financially or physically harm an organization. PTS: 1 7. What is a firewall? What does it do? Discuss the common configuration that employs two firewalls. ANS: A firewall is a system used to insulate an organization’s intranet from the Internet. It can be used to authenticate an outsider user of the network, verify access authority and then direct the user to the program, data or service requested. Firewalls can also be used to protect LANs from unauthorized internal access. The network-level firewall provides basic screening of low security messages and routes them to their destinations. The application-level firewall provides high-level network security. These firewalls are configured to run security applications called proxies that perform sophisticated functions such as verifying user authentication. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
8. Define and contrast digital certificate and digital signature. ANS: A digital certificate is like an electronic identification card that is used in conjunction with a public key encryption system to verify the authenticity of the message sender. These are issued by certification authorities. A digital signature is an electronic authentication technique that ensures that the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied. PTS: 1 9. Explain the function of the two parts of the TCP/IP protocol. ANS: The two parts of the TCP/IP protocol are the transfer control protocol (TCP) and the Internet protocol (IP). This controls how individual packets of data are formatted, transmitted, and received. The TCP supports the transport function of the OSI (Open System Interface) model that has been adopted by the International Standards Organization for the communication community. This ensures that the full message is received. The IP component provides the routing mechanism. It contains a network address and is used to route messages to their destinations. PTS: 1 10. What are network protocols? What functions do they perform? ANS: Network protocols are the rules and standards governing the design of hardware and software that permit users of networks manufactured by different vendors to communicate and share data. Protocols perform a number of different functions. a. They facilitate the physical connection between network devices. b. They synchronize the transfer of data between physical devices. c. They provide a basis for error checking and measuring network performance. d. They promote compatibility among network devices. e. They promote network designs that are flexible, expandable, and cost-effective. PTS: 1 11. List and briefly define the privacy conditions inherent to the Safe Harbor agreement ANS: Notice: Organizations must provide individuals with clear notice of, “the purposes for which it collects and uses information about them, the types of third parties to which it discloses the information, and how to contact the company with inquiries or complaints.” Choice: Before any data is collected, an organization must give its customers the opportunity to choose whether to share their sensitive information (e.g., data related to factors such as health, race, or religion).
Accounting Information Systems, 9e—Test Bank, Chapter 12
Onward Transfer: Unless they have the individual’s permission to do otherwise, organizations may share information only with those third parties that belong to the Safe Harbor Agreement or follow its principles. Security and Data Integrity: Organizations need to ensure that the data they maintain is accurate, complete, and current, and thus reliable, for use. They must also ensure the security of the information by protecting it against loss, misuse, unauthorized access, disclosure, alteration, and destruction. Access: Unless they would be unduly burdened or violate the rights of others, organizations must give individuals “access to personal data about themselves and provide an opportunity to correct, amend, or delete such data.” Enforcement: Organizations must “enforce compliance, provide recourse for individuals who believe their privacy rights have been violated, and impose sanctions on their employees and agents for noncompliance.” PTS: 1 12. Explain the disadvantage of private key encryption and how public key encryption overcomes the problem. ANS: Private key encryption uses the same key for coding and decoding. Therefore, control over the key becomes an important security issue. When several individuals that need to exchange encrypted data the chance that the private key will become known to an intruder is increased. To overcome this problem, public key encryption was devised. This approach uses two different keys: one for encoding messages and the other for decoding them. The recipient has a private key used for decoding that is kept secret. The encoding key is public and published for everyone to use. PTS: 1 13. What is a Certification Authority and what are the implications for the accounting profession? ANS: A certification authority (CA) is independent and trusted third party empowered with responsibility to vouch for the identity of organizations and individuals engaging in Internet commerce. The question then becomes who vouches for the CA? How does one know that the CA who awarded a seal of authenticity to an individual is itself reputable and was meticulous in establishing his or her identity? These questions hold specific implication for the accounting profession. Since they enjoy a high degree of public confidence, public accounting firms are natural candidates for certification authorities. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 12
14. Explain a SYN Flood attack. ANS: Normally user establishes a connection on the Internet via a three-way handshake. The connecting server sends an initiation code called a SYN (SYNchronize) packet to the receiving server. The receiving server then acknowledges the request by returning a SYNchronize-AC Knowledge (SYNAC K) packet. Finally, the initiating host machine responds with an ACK packet code. The SYN flood attack is accomplished by not sending the final acknowledgment to the server’s SYNACK response, which causes the server to keep signaling for acknowledgement until the server times out. The individual or organization perpetrating the SYN flood attack transmits hundreds of SYN packets to the targeted receiver, but never responds with an ACK to complete the connection. As a result, the ports of the receiver’s server are clogged with incomplete communication requests that prevent legitimate transactions from being received and processed. Organizations under attack may, thus, be prevented from receiving Internet messages for days at a time. PTS: 1 15. Explain a Smurf Attack. ANS: A smurf attack involves three parties: the perpetrator, the intermediary, and the victim. It is accomplished by exploiting an internet maintenance tool called a ping, which is used to test the state of network congestion and determine whether a particular host computer is connected and available on the network. The perpetrator of a smurf attack uses a program to create a ping message packet that contains the forged IP address of the victim’s computer (IP spoofing) rather than that of the actual source computer. The ping message is then sent to the intermediary, which is actually an entire sub network of computers. By sending the ping to the network’s IP broadcast address, the perpetrator ensures that each node on the intermediary network receives the echo request automatically. Consequently, each intermediary node sends echo responses to the ping message, which are returned to the victim’s IP address not the source computer’s. The resulting flood of echoes can overwhelm the victim’s computer and cause network congestion that makes it unusable for legitimate traffic. PTS: 1 16. Explain a Distributed Denial of Service Attack. ANS: A distributed denial of service (DDoS) attack may take the form of a SYN flood or smurf attack. The distinguishing feature of the DDoS is the sheer scope of the event. The perpetrator of a DDoS attack may employ a virtual army of so-called zombie or bot (robot) computers to launch the attack. Since vast numbers of unsuspecting intermediaries are needed, the attack often involves one or more Internet Relay Chat (IRC) networks as a source of zombies. The perpetrator accesses the IRC and uploads a malicious program such as a Trojan horse, which contains DDoS attack script. This program is subsequently downloaded to the PCs of the many thousands of people who visit the IRC site. The attack program runs in the background on the new zombie computers, which are now under the control of the perpetrator. Via the zombie control program the perpetrator can direct the DDoS to specific victims and turn on or off the attack at will.
Accounting Information Systems, 9e—Test Bank, Chapter 12
PTS: 1 17. Discuss the changing motivation behind a Denial of Service Attack ANS: The motivation behind DoS attacks may originally have been to punish an organization with which the perpetrator had a grievance or simply to gain bragging rights for being able to do it. Today, DoS attacks are also perpetrated for financial gain. Financial institutions, which are particularly dependent on Internet access, have been prime targets. Organized criminals threatening a devastating attack have extorted several institutions, including the Royal Bank of Scotland. The typical scenario is for the perpetrator to launch a short DDoS attack (a day or so) to demonstrate what life would be like if the organization were isolated from the Internet. After the attack, the CEO of the organization receives a phone call demanding that a sum of money be deposited in an off-shore account, or the attack will resume. Compared to the potential loss in customer confidence, damaged reputation, and lost revenues, the ransom may appear to be a small price to pay. PTS: 1 18. Discuss the key features of cloud computing. ANS: The key features of cloud computing are, first, client firms can acquire IT resources from vendors on demand and as needed. Second, resources are provided over a network (private or Internet) and accessed through network terminals at the client location. Third, acquisition of resources is rapid and infinitely scalable. Fourth, computing resources are pooled to meet the needs of multiple client firms. PTS: 1 19. Is cloud computing the best option for all companies? Why or why not? ANS: In spite of its convenience and potential for cost savings, cloud computing is not a realistic option for all companies. For smaller businesses, startup companies, and some new applications, the cloud concept is a promising alternative to in-house computing. The information needs of large companies, however, are often in conflict with the cloud solution for the following three reasons. First, large firms have typically already incurred massive investments in equipment, proprietary software, and human resources. These organizations are not inclined to walk away from their investments and turn over their entire IT operations to a cloud vendor. Second, many large enterprises have mission-critical functions running on legacy systems that are many decades old. These systems continue to exist because they continue to add value. The task of migrating legacy systems to the cloud would require new architectures and considerable reprogramming. Third, a central tenant of cloud computing is the philosophy that IT is a one-size-fits-all commodity asset. Indeed, the economies of scale that cloud vendors achieve depend upon standardization of solutions across all clients. Cloud vendors treat all workloads and all clients as commodities and do not provide the special treatment required by some organizations. Larger companies are more likely to have esoteric information needs and pursue strategic advantage through IT systems. Finally, internal control and security issues are concerns for companies of all sizes that outsource their IT to the cloud. When an organization’s critical data reside outside its corporate walls, it is at risk. The client firm has little option but to trust to the ethics, competence, and internal controls of the vendor. The relevant risk issues include an extensive set of
Accounting Information Systems, 9e—Test Bank, Chapter 12
topics, such as technology failures in the cloud, distributed denial of service attacks, hacking, vendor exploitation, vendor failure to perform, and the loss of strategic advantage. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13
Chapter 13—Managing the Systems Development Life Cycle TRUE/FALSE 1. The majority of the cost of a system is incurred in the new systems development phase of the life cycle. ANS: F
PTS: 1
2. According to the text, a stakeholder is an end user of a system. ANS: F
PTS: 1
3. The objective of systems planning is to link systems projects to the strategic objectives of the firm. ANS: T
PTS: 1
4. The Systems Development Life Cycle (SDLC) concept applies to specific applications and not to strategic systems planning. ANS: F
PTS: 1
5. An accountant’s responsibility in the SDLC is to ensure that the system applies proper accounting conventions and rules and possesses adequate control. ANS: T
PTS: 1
6. In the conceptual design phase of the Systems Development Life Cycle (SDLC), task force members are focused on selecting the new system design. ANS: F
PTS: 1
7. When determining the operational feasibility of a new system, the expected ease of transition from the old system to the new system should be considered. ANS: T
PTS: 1
8. One-time costs include operating and maintenance costs. ANS: F
PTS: 1
9. When preparing a cost-benefit analysis, design costs incurred in the systems planning, systems analysis and conceptual design phases of the Systems Development Life Cycle are relevant costs. ANS: F
PTS: 1
10. A tangible benefit can be measured and expressed in financial terms. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 11. Instead of implementing an application in a single big-bang release, modern systems are delivered in parts continuously and quickly ANS: T
PTS: 1
12. When the nature of the project and the needs of the user permit, most organizations will seek a precoded commercial software package rather than develop a system in-house. ANS: T
PTS: 1
13. All of the steps in the Systems Development Life Cycle apply to software that is developed in-house and to commercial software. ANS: F
PTS: 1
14. Mixing technologies from many vendors improves technical feasibility. ANS: F
PTS: 1
15. The first step in the SDLC is to develop a systems strategy ANS: T
PTS: 1
16. System maintenance is often viewed as the first phase of a new development cycle. ANS: T
PTS: 1
17. Project initiation is the process by which systems proposals are assessed for consistency with the strategic systems plan and evaluated in terms of their feasibility and cost-benefit characteristics. ANS: T
PTS: 1
18. When the nature of the project and the needs of the user permit, most organizations will create the system in-house rather than rely on a commercial package. ANS: F
PTS: 1
19. Existing (maintained) applications are the prototypes for their new versions. ANS: T
PTS: 1
20. Because of the robustness of modern technology, businesses today see infrequent changes in their IT systems and much longer system life spans. ANS: F
PTS: 1
21. During the detailed feasibility study of the project, the systems professional who proposed the project should be involved in performing the study. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 22. Recurring costs include: hardware maintenance, software acquisition, software maintenance, insurance, supplies, personnel costs. ANS: F
PTS: 1
23. The payback method is often more useful than the net present value method for evaluating systems projects because the effective lives of information system tend to be short and shorter payback projects are often desirable. ANS: T
PTS: 1
24. Intangible benefits are not physical, but can be measured and expressed in financial terms. ANS: F
PTS: 1
25. Legal feasibility identifies conflicts between the proposed system and the company’s ability to discharge its legal responsibilities ANS: T
PTS: 1
MULTIPLE CHOICE 1. When studying the detailed feasibility of a new project a. prototyping does not affect the schedule feasibility analysis b. the need for user training will influence the schedule feasibility analysis c. protection from fraud and errors will influence the schedule feasibility analysis d. a cost-benefit review will affect the schedule feasibility analysis ANS: B
PTS: 1
2. Protection from inadvertent disclosures of confidential information is part of the detailed a. operational feasibility study b. schedule feasibility study c. legal feasibility study d. economic feasibility study ANS: C
PTS: 1
3. A cost-benefit analysis is a part of the detailed a. operational feasibility study b. schedule feasibility study c. legal feasibility study d. economic feasibility study ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 4. Examples of one-time costs include all of the following except a. hardware acquisition b. insurance c. site preparation d. programming ANS: B
PTS: 1
5. Examples of recurring costs include a. software acquisition b. data conversion c. personnel costs d. systems design ANS: C
PTS: 1
6. Site preparation costs include all of the following except a. crane used to install equipment b. freight charges c. supplies d. reinforcement of the building floor ANS: C
PTS: 1
7. The testing of individual program modules is a part of a. software acquisition costs b. systems design costs c. data conversion costs d. programming costs ANS: D
PTS: 1
8. When implementing a new system, the costs associated with transferring data from one storage medium to another is an example of a. a recurring cost b. a data conversion cost c. a systems design cost d. a programming cost ANS: B 9.
PTS: 1
An example of a tangible benefit is a. increased customer satisfaction b. more current information c. reduced inventories d. faster response to competitor actions ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 10. An example of an intangible benefit is a. expansion into other markets b. reduction in supplies and overhead c. more efficient operations d. reduced equipment maintenance ANS: C
PTS: 1
11. A tangible benefit a. can be measured and expressed in financial terms b. might increase revenues c. might decrease costs d. all of the above ANS: D
PTS: 1
12. Intangible benefits a. are easily measured b. are of relatively little importance in making information system decisions c. are sometimes estimated using customer satisfaction surveys d. when measured, do not lend themselves to manipulation ANS: C
PTS: 1
13. Which technique is least likely to be used to quantify intangible benefits? a. opinion surveys b. simulation models c. professional judgment d. review of accounting transaction data ANS: D
PTS: 1
14. The formal product of the systems evaluation and selection phase of the Systems Development Life Cycle is a. the report of systems analysis b. the systems selection report c. the detailed system design d. the systems plan ANS: B
PTS: 1
15. One-time costs include all of the following except a. site preparation b. insurance c. programming and testing d. data conversion ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 16. Recurring costs include all of the following except a. data conversion b. software maintenance c. insurance d. supplies ANS: A 17.
PTS: 1
All of the following are reasons why new systems fail except a. the user is not involved in the development of the system b. system requirements are not clearly specified c. systems analysts rely on prototyping models d. system development techniques are ineffective ANS: C
PTS: 1
18. The systems steering committee is responsible for all of the following except a. assigning priorities b. determining whether and when to terminate systems projects c. analyzing the technical feasibility of the project d. budgeting funds for systems development ANS: C
PTS: 1
19. Strategic systems planning is important because the plan a. provides authorization control for the Systems Development Life Cycle b. will eliminate any crisis component in systems development c. provides a static goal to be attained within a five-year period d. all of the above ANS: A
PTS: 1
20. Project feasibility includes all of the following except a. technical feasibility b. conceptual feasibility c. operational feasibility d. schedule feasibility ANS: B
PTS: 1
21. The degree of compatibility between the firm’s existing procedures and personnel skills and the requirements of the new system is called a. technical feasibility b. operational feasibility c. schedule feasibility d. legal feasibility ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 22. The ability of a system to protect individual privacy and confidentiality is an example of a. schedule feasibility b. operational feasibility c. legal feasibility d. economic feasibility ANS: C
PTS: 1
23. The systems project proposal a. provides management with a basis for deciding whether or not to proceed with the project b. supplies an input to the project planning activity c. links the objectives of the proposed system to the system’s scheduling requirements d. prioritizes the proposal in relation to other system proposals ANS: A
PTS: 1
24. Which step is not used to evaluate a systems proposal? An analysis of the project’s a. feasibility factors b. ability to eliminate nonessential activities and costs c. ability to provide a competitive advantage to the firm d. use of Computer Aided Software Engineering (CASE) tools in developing the system proposal ANS: D
PTS: 1
25. Reasons that a new systems implementation may be unsuccessful include all of the following except a. organizational restructuring required by the new system results in displaced workers b. end users do not understand the strategic merits of the new system c. employees are not trained to use the system d. system development team members include representatives from end-user departments ANS: D
PTS: 1
26. Typically a systems analysis a. results in a formal project schedule b. does not include a review of the current system c. identifies user needs and specifies system requirements d. is performed by the internal auditor ANS: C
PTS: 1
27. A disadvantage of surveying the current system is a. it constrains the generation of ideas about the new system b. it highlights elements of the current system that are worth preserving c. it pinpoints the causes of the current problems d. all of the above are advantages of surveying the current system ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 28. Systems analysis involves all of the following except a. gathering facts b. surveying the current system c. redesigning bottleneck activities d. reviewing key documents ANS: C
PTS: 1
29. The systems analysis report does not a. identify user needs b. specify requirements for the new system c. formally state the goals and objectives of the system d. specify the system processing methods ANS: D
PTS: 1
30. After the systems analysis phase of the System Development Life Cycle (SDLC) is complete, the company will have a formal systems analysis report on a. the conceptual design of the new system b. an evaluation of the new system c. users’ needs and requirements for the new system d. a comparison of alternative implementation procedures for the new system ANS: C
PTS: 1
31. The accountant’s role in systems analysis includes all of the following except a. specify audit trail requirements b. prepare data gathering questionnaires c. suggest inclusion of advanced audit features d. ensure mandated procedures are part of the design ANS: B
PTS: 1
32. The role of the steering committee includes a. designing the system outputs b. resolving conflicts that arise from a new system c. selecting the programming techniques to be used d. approving the accounting procedures to be implemented ANS: B
PTS: 1
33. Project planning includes all of the following except a. specifying system objectives b. preparing a formal project proposal c. selecting hardware vendors d. producing a project schedule ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 34. Aspects of project feasibility include all of the following except a. technical feasibility b. economic feasibility c. logistic feasibility d. schedule feasibility ANS: C
PTS: 1
35. Which of the following is not a tool of systems analysts? a. observation b. task participation c. audit reports d. personal interviews ANS: C
PTS: 1
36. When developing the conceptual design of a system, a. all similarities and differences between competing systems are highlighted b. structure diagrams are commonly used c. the format for input screens and source documents is decided d. inputs, processes, and outputs that distinguish one alternative from another are identified ANS: D
PTS: 1
37. The role of the accountant/internal auditor in the conceptual design phase of the Systems Development Life Cycle includes all of the following except a. the accountant is responsible for designing the physical system b. the accountant is responsible to ensure that audit trails are preserved c. the internal auditor is responsible to confirm that embedded audit modules are included in the conceptual design d. the accountant is responsible to make sure that the accounting conventions that apply to the module are considered by the system designers ANS: A
PTS: 1
SHORT ANSWER 1. Why is it important that the systems professionals who design a project not perform the detailed feasibility study of the project? ANS: Objectivity is essential to the fair assessment of each project design. To ensure objectivity, an independent systems professional should perform the study. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 2. List at least three one-time costs and three recurring costs in system development. ANS: Onetime costs include: hardware acquisition, site preparation, software acquisition, system design, programming and testing, data conversion, training. Recurring costs include: hardware maintenance, software maintenance, insurance, supplies, personnel costs. PTS: 1 3.
benefits can be measured and expressed in financial terms, while benefits cannot be easily measured and/or quantified. ANS: Tangible, intangible PTS: 1
4. What is a systems selection report? ANS: A systems selection report is a formal document that consists of a revised feasibility study, a costbenefit analysis, and a list and explanation of intangible benefits for each alternative design. The steering committee uses this report to select a system. PTS: 1 5. Why is the payback method often more useful than the net present value method for evaluating systems projects? ANS: Because of brief product life cycles and rapid advances in technology, the effective lives of information systems tend to be short. Shorter payback projects are often desirable. PTS: 1 6. Contrast reactive and proactive management styles. ANS: Reactive management responds to problems only when they reach a crisis state and can no longer be ignored. In this situation, problem resolution is generally suboptimal. Proactive management is alert for early signs of problems and actively looks for ways to improve the organization’s systems. This allows adequate time for planning and implementing solutions. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 7. Explain why accountants are interested in the legal feasibility of a new systems project. ANS: Legal feasibility identifies conflicts between the proposed system and the company’s ability to discharge its legal responsibilities. Accountants are often tasked with the legal requirements associated with developing the internal control system and securing information from inappropriate disclosure. PTS: 1 8. Explain an advantage of surveying the current system when preparing a systems analysis for a new systems project. ANS: An analysis of the current system: will identify what aspects of the current system should be retained; will facilitate the conversion from the old to the new system; may uncover causes of reported problems. PTS: 1 9. What are two purposes of the systems project proposal? ANS: First, it summarizes the findings of the study conducted to this point into a general recommendation for a new or modified system. This enables management to evaluate the perceived problem along with the proposed system as a feasible solution. Second, the proposal outlines the linkage between the objectives of the proposed system and the business objectives of the firm. It shows that the proposed new system complements the strategic direction of the firm. PTS: 1 10. List two ways that a systems project can contribute to the strategic objectives of the firm. ANS: A new system can improve the operational performance by eliminating nonessential activities and costs, provide a method of differentiating the product or service from the competitors, and provide information that will help improve management decision-making. PTS: 1 11. List four types of facts that should be gathered during an analysis of a system. ANS: data sources; users; data stores; processes; data flows; controls; transaction volumes; error rates; resource costs; bottlenecks; and redundant operations PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 12. What is the internal business process perspective? ANS: Metrics based on this perspective allow the manager to know how well their business is running, and whether its products and services conform to customer requirements. PTS: 1 13. What is the learning and growth perspective? ANS: Learning and growth constitute the essential foundation for success of any organization. This perspective includes employee training and corporate cultural attitudes related to both individual and corporate self-improvement PTS: 1 14. When a company is doing financially well, why is the customer perspective measure important? ANS: These are leading indicators: if customers are not satisfied, they will eventually find other suppliers that will meet their needs. Poor performance from this perspective predicts of future decline, even though the current financial picture may look good. The customer perspective includes objective measurements such as customer retention rate, as well as more subjective criteria such as market research and customer satisfaction surveys. PTS: 1 15. Distinguish between escapable and inescapable costs. Give an example. ANS: Escapable costs are directly related to the system, and they cease to exist when the system ceases to exist. An example would be an annual software support fee for purchased software. If the system ceases to exist, the support for the software will no longer be necessary. Inescapable costs, on the other hand, represent costs which will not be eliminated if the system is scrapped. An example would be an overhead charge for office space in a building which is owned by the company. If the system ceases to exist, these costs will be allocated to the remaining departments. PTS: 1 16. Why is cost-benefit analysis more difficult for information systems than for many other types of investments organizations make? ANS: The benefits of information systems are oftentimes very difficult to assess. Many times the benefits are intangible, such as improved decision making capabilities. Also, maintenance costs may be difficult to predict. Most other investments that organizations make, i.e. purchase of a new piece of equipment, tend to have more tangible and estimable costs and benefits. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 17. What does assessing user feedback involve? ANS: 1. recognizing the problem 2. defining the problem 3. specifying system objectives 4. determining project feasibility 5. preparing a formal project proposal PTS: 1 ESSAY 1. Explain the five stages of the systems development life cycle. ANS: The first step in the SDLC is to develop a systems strategy, which requires an understanding the strategic business needs of the organization. This may be derived from the organization’s mission statement, an analysis of competitive pressures on the firm, and the nature of current and anticipated market conditions. These needs reflect the organizations current position relative to where it needs to be long term to maintain strategic advantage. Project initiation is the process by which systems proposals are assessed for consistency with the strategic systems plan and evaluated in terms of their feasibility and cost-benefit characteristics. Alternative conceptual designs are considered and those selected enter the construct phase of the SDLC. As mentioned earlier, some organizations have such unique information needs that they can only be adequately met through internal development. The in-house development step includes analyzing user needs, designing processes and databases, creating user views, programming the applications, and testing and implementing the completed system. When the nature of the project and the needs of the user permit, most organizations will seek a precoded commercial software package rather than develop a new system from scratch. Maintenance and support involves both acquiring and implementing the latest software versions of commercial packages and making in-house modifications to existing systems to accommodate changing user needs. Maintenance may be relatively trivial, such as modifying an application to produce a new report or more extensive, such as programming new functionality into a system. Another aspect of maintenance includes a establishing a user support infrastructure. This could include help desk services, providing user training and education classes, and documenting user feedback pertaining to problems and system errors. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 2. What is the balanced scorecard? ANS: The balanced scorecard is a management system that enables organizations to clarify their vision and strategy and translate them into action. It provides feedback both from internal business processes and external outcomes to continuously improve strategic performance. When fully deployed, the balanced scorecard transforms strategic planning from an academic exercise into operational tasks. PTS: 1 3. Define the feasibility measures that should be considered during project analysis and give an example of each. ANS: Technical feasibility is an assessment as to whether the system can be developed under existing technology or if new technology is needed. An example might be a situation where a firm wants to completely automate the sales process. A question would be-Is technology available that allows sales to be made without humans? Economic feasibility is an assessment as to the availability of funds to complete the project. A question would be-Is it cost feasible to purchase equipment to automate sales? Legal feasibility identifies any conflicts with the proposed system and the company’s ability to discharge its legal responsibilities. An example would be a firm that is proposing a new mail order sales processing system for selling wine. Operational feasibility shows the degree of compatibility between the firm’s existing procedures and personnel skills and the operational requirements of the new system. Do the firm have the right work force to operate the system? If not, can employees be trained? If not, can they be hired? Schedule feasibility pertains to whether the firm can implement the project within an acceptable time frame. An example would be a new ticket sales system for a sports team. The system would need to be implemented prior to the start of the new season. PTS: 1 4. Explain the role of accountants in the conceptual design stage. ANS: The accountant palsy an important role in the conceptual design of the system. He or she must recognize control implications of each alternative design and ensue that accounting conventions and legal requirements are understood. The auditability of a new system depends in part on its design characteristics. Some computer auditing techniques require systems to be designed with built-in audit features. Such features require resources and need to be considered at conceptual design. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 5. Contrast the feasibility study performed in the systems analysis phase of the Systems Development Life Cycle (SDLC) with the study performed in the systems selection phase of the SDLC. ANS: A preliminary feasibility study for the project as a whole is performed in the systems analysis phase of the SDLC. Five aspects to project feasibility are considered: technical feasibility, economic feasibility, legal feasibility, operational feasibility, and schedule feasibility. The preliminary analysis is based largely on the judgment and intuition of the systems professionals. In the systems selection phase of the SDLC, the same five feasibility factors are considered for the specific system features that have been conceptualized and for each conceptual design alternative. The economic feasibility study in the detailed analysis includes a cost-benefit analysis for each alternative. PTS: 1 6. Explain why the Systems Development Life Cycle is of interest to accountants. What is the accountant’s role in the Systems Development Life Cycle? ANS: The information system requires a significant investment of both financial and human resources. Accountants are concerned with the integrity of this process as they are with any manufacturing process that has financial resource implications. Also, the quality of accounting information systems rests directly on the SDLC activities that produce them. The accountant’s responsibility is to ensure that the systems apply proper accounting conventions and rules and possess adequate controls. Accountants have three roles in the Systems Development Life Cycle. Accountants are users of the information system and as such must be able to communicate their needs to the systems designers. These needs include audit trail requirements, depreciation models, and other accounting techniques. Accountants are members of the SDLC development team and are expected to provide information about the requirements of the system including security needs. Finally, accountants are auditors of the information system and determine what audit features should be designed into the system. PTS: 1 7. What is the payback method and how is it used? ANS: The payback method is a variation of break-even analysis. The break-even point is reached when total costs equals total benefits. In choosing an information system, payback speed is often a decisive factor. With brief product life cycles and rapid advances in technology, the effective lives of information systems tend to be short. The length of the payback period often takes precedence over other considerations represented by intangible benefits. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 8. What are the advantages and disadvantages of surveying the current system? ANS: Advantages: It is a way to identify what aspects of the old system should be kept. When the new system is implemented, users must go through a conversion process. The analysts must determine what tasks, procedures, and data will be phased out with the old system and which will continue. This requires a thorough understanding of the current system. By surveying the current system, the analyst may determine conclusively the cause of the reported problem symptoms. Disadvantages: There is a tendency on the part of the analyst to be sucked in and bogged down by the task of surveying the current dinosaur system (current physical tar pit phenomenon). By studying and modeling the old system, the analyst may develop a constrained notion about how the new system should function. PTS: 1 9. Why is the announcement of a new systems project so critical to project success? ANS: This communication, if successful, will pave the way for the new system and help ensure its acceptance among the use community. Uncertainty surrounding the new system may cause some users to feel threatened. Because a new system brings about operational changes, some employees may be displaced or required to undergo re-training to function in the new workplace. To minimize opposition, upper management must quell unnecessary fears and fully explain the business rationale for the system before formal construction begins. If lower-level management and operating staff are assured that the system will be beneficial, the project’s chances for success are vastly improved. PTS: 1 10. Explain industry and competency analysis. ANS: Industry analysis provides management with an analysis of the driving forces that affect its industry and its organization’s performance. Such analysis offers a fact-based perspective on the industry’s important trends, significant risks, and potential opportunities that may impact the business’s performance. Competency analysis provides a complete picture of the organization’s effectiveness as see via four strategic filters: resources, infrastructure, product/services, and customers. By assessing these factors, an organization can develop an accurate view of its relative strengths, weaknesses, and core competencies. This analysis helps in developing strategic options, which are based on an understanding of the future environment and the firm’s core competencies. Strategic opportunities may include market-entry options or new product development options. our
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 13 11. Part of systems planning is a project feasibility study. Several feasibility issues can be raised. What are they? Explain the key concerns. ANS: The key feasibility issues include: technical, economic, legal, operational, and schedule. Technical feasibility relates to whether the proposed system can be developed with existing technology or requires new. Economic feasibility relates to cost questions. Legal feasibility relates to the firm’s ability to discharge is legal responsibilities under the proposed system. Operational feasibility concerns the compatibility of the new and old systems, including personnel issues. Schedule feasibility relates to meet target deadlines. PTS: 1 12. Explain the role of accountants in systems selection. ANS: The economic feasibility of proposed systems is of primary concern to accountants. Specifically, the accountant should ensure that: Only escapable costs are used in calculating cost-savings benefits. Reasonable interest rates are being used in measuring present value of cash flows. One-time and recurring costs are completely and accurately reported. Realistic useful lives are used in comparing competing projects. Intangible benefits are assigned reasonable financial values. PTS: 1 13. Classify each of the following as either a one-time or recurring costs: training personnel initial programming and testing system design-one hardware costs software maintenance costs site preparation rent for facilities data conversion from old system to new system insurance costs installation of original equipment hardware upgrades ANS: training personnel-one-time initial programming and testing-one-time system design-one-time hardware costs-one-time software maintenance costs-recurring site preparation-one-time rent for facilities-recurring data conversion from old system to new system-one-time insurance costs-recurring installation of original equipment-one-time hardware upgrades-recurring
Accounting Information Systems, 9e—Test Bank, Chapter 13 PTS: 1 14. What are some of the intangible benefits that may be expected from the new system? Discuss their importance and why they are difficult to interpret. ANS: Common intangible benefits include: increased customer and employee satisfaction, improved decision making and more current information, faster response time to competitor actions, more efficient operations, better communications, improved planning and control, and operational flexibility. Intangible benefits are often of overriding importance in information system decisions, but cannot be easily measured and quantified. For example, improved customer satisfaction may translate into increased sales, but how do we quantify this benefit? Assigning a value is often highly subjective. By overstating or understating these benefits, a system’s proponents may push it forward or its opponents may kill it. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14
Chapter 14—Construct, Deliver, and Maintain Systems Projects TRUE/FALSE 1. The detailed design phase of the Systems Development Life Cycle is a linear process with each of five steps occurring once and in its proper sequence. ANS: F
PTS: 1
2. In a Computer Aided Software Engineering (CASE) environment, the most important use of a data flow diagram is to present a graphic display of the system. ANS: F
PTS: 1
3. During maintenance of a system developed using Computer Aided Software Engineering (CASE) tools, changes to the system are made directly through the data flow diagram. ANS: T
PTS: 1
4. The Computer Aided Software Engineering (CASE) coding model transforms the structure diagram into computer code. ANS: T
PTS: 1
5. If system development is conducted properly, most system maintenance costs can be eliminated. ANS: F
PTS: 1
6. The context level data flow diagram is a physical input to the lower CASE models that automatically produce program code. ANS: F
PTS: 1
7. The design and programming of modern systems follows one of two basic approaches: the structured approach and the object-oriented approach. ANS: T
PTS: 1
8. The concept of reusability is central to the structured approach to systems design. ANS: F
PTS: 1
9. In the object-oriented approach to systems design, a vendor is an example of an attribute. ANS: F
PTS: 1
10. In the object-oriented approach to systems design, an instance is a logical grouping of individual objects which share the same attributes and operations. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 11. In the object-oriented approach to systems design, when an operation is performed on an object, an attribute will always be changed. ANS: F
PTS: 1
12. In the object-oriented approach to systems design, inheritance means that each object instance inherits the attributes and operations of the class to which it belongs. ANS: T
PTS: 1
13. In the object-oriented approach to systems design, it is possible for an object class to inherit attributes and operations of another object class. ANS: T
PTS: 1
14. The entity relationship diagram is used to represent object-oriented designs. ANS: T
PTS: 1
15. Office automation is more complex than accounting packages. ANS: F
PTS: 1
16. In-house developed systems are less reliable than commercial software. ANS: T
PTS: 1
17. Output of the Management Reporting System may vary considerably among companies. ANS: T
PTS: 1
18. Output reporting includes both paper and electronic reports. ANS: T
PTS: 1
19. Information as to which databases are required for a new system can be obtained from the entity relationship diagram. ANS: T
PTS: 1
20. A point-of-sale terminal is an example of electronic data input from source documents. ANS: F
PTS: 1
21. Correctly designed, processing modules are tightly coupled and have strong cohesion. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 22. A system walkthrough occurs after the system is implemented. ANS: F
PTS: 1
23. The detailed design report is the blueprint which guides programmers and database administrators in constructing the physical system. ANS: T
PTS: 1
24. When a program module is tested, both good and bad data are included with the test transactions. ANS: T
PTS: 1
25. Instructions for the filling out of paper input forms should always be printed on a separate instruction sheet. ANS: F
PTS: 1
26. Program modules with weak cohesion are more complex and difficult to maintain. ANS: T
PTS: 1
27. If individual modules are thoroughly tested, it is not necessary to test the whole system. ANS: F
PTS: 1
MULTIPLE CHOICE 1. Which statement is not true? a. prototypes do not include internal control features b. a prototype is an inexpensive, simplified model of a system c. a throwaway prototype is discarded after the requirements are established d. systems designers always discard prototypes and do not develop them into finished systems ANS: D
PTS: 1
2. Which statement is not true? Computer Aided Software Engineering (CASE) technology a. is commercially available software b. reduces the productivity but increases the quality of the work of systems professionals c. expedites the System Development Life Cycle d. consists of upper and lower tools ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 3. The central repository of the Computer Aided Software Engineering (CASE) system contains a. the program code b. user prototype screens c. data flow diagrams d. all of the above ANS: D
PTS: 1
4. Which is not a level of a data flow diagram? a. conceptual level b. context level c. intermediate level d. elementary level ANS: A
PTS: 1
5. Which level of a data flow diagram is used to produce program code and database tables? a. context level b. elementary level c. intermediate level d. prototype level ANS: B
PTS: 1
6. In a Computer Aided Software Engineering (CASE) environment, a structure diagram a. presents an overview model of the primary transactions processed b. graphically depicts the iceberg effect c. presents a model of the program code that constitutes the physical system d. is prepared by the systems analyst ANS: C
PTS: 1
7. An advantage of the Computer Aided Software Engineering (CASE) model tool, which transforms the structure diagram into machine language, is a. it facilitates the auditors review of the system b. it ensures that firm will use a specific CASE tool and vendor c. it forces all system changes to be made through the data flow diagrams d. it reduces the analysis required in designing the system ANS: C
PTS: 1
8. When maintaining a system that was developed using Computer Aided Software Engineering (CASE) tools, a. the programmer must thoroughly review the program code b. changes should be made directly to the structure diagram c. significantly less time is required compared to maintenance activities for a system developed without using Computer Aided Software Engineering (CASE) tools d. the need for testing the modified application is eliminated ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 9. Which of the following is an advantage of the Computer Aided Software Engineering (CASE) approach? a. the ability to easily revise the model during the development stage b. the requirement that all program code and documentation be regenerated for each module c. the cost of software engineering programs d. user involvement is restricted to final stages of development ANS: A
PTS: 1
10. Which of the following is a disadvantage of the Computer Aided Software Engineering (CASE) approach? a. source code produced by CASE tools is less efficient than code written by a skilled programmer b. alternative designs cannot be reviewed prior to implementation c. system users are reluctant to become involved with the CASE approach d. maintenance costs are increased ANS: A
PTS: 1
11. Which statement is not correct? The structured design approach a. is a top-down approach b. is documented by data flow diagrams and structure diagrams c. assembles reusable modules rather than creating systems from scratch d. starts with an abstract description of the system and redefines it to produce a more detailed description of the system ANS: C
PTS: 1
12. The benefits of the object-oriented approach to systems design include all of the following except a. this approach does not require input from accountants and auditors b. development time is reduced c. a standard module once tested does not have to be retested until changes are made d. system maintenance activities are simplified ANS: A
PTS: 1
13. In the object-oriented systems design approach, the employee pay rate is an example of a. an object b. an attribute c. an operation d. a class ANS: B
PTS: 1
14. Ms. Andrews is a customer of the Edsell Company. In the object-oriented design approach a. Ms. Andrews is an instance in the object class accounts receivable b. the amount Ms. Andrews owes the Edsell Company is an operation c. determining the amount past due is an attribute d. the object class accounts receivable inherits all the attributes of Ms. Andrews ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 15. In the object-oriented systems design approach, a. objects possess two characteristics–attributes and instances b. an instance is a logical grouping of individual objects c. inheritance means that each object instance inherits the attributes and operations of the class to which it belongs d. operations performed on objects always change attributes ANS: C
PTS: 1
16. Which statement is not correct? In the object-oriented design approach a. a single change to an attribute or operation in one object class is automatically changed for all the object instances and subclasses that inherit the attribute b. each module can inherit from other modules the attributes and operations it requires c. the entity relationship diagram is used to create a program which can be used in other systems d. the control module must be recreated for each program ANS: D
PTS: 1
17. Evaluators of the detailed feasibility study should not include a. the internal auditor b. the project manager c. a user representative d. the system designer ANS: D
PTS: 1
18. A commercial software system that is completely finished, tested, and ready for implementation is called a a. backbone system b. vendor-supported system c. benchmark system d. turnkey system ANS: D
PTS: 1
19. Which of the following is not an advantage of commercial software? Commercial software a. can be installed faster than a custom system b. can be easily modified to the user’s exact specifications c. is significantly less expensive than a system developed in-house d. is less likely to have errors than an equivalent system developed in-house ANS: B
PTS: 1
20. Which step is least likely to occur when choosing a commercial software package? a. a detailed review of the source code b. contact with user groups c. preparation of a request for proposal d. comparison of the results of a benchmark problem ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 21. The output of the detailed design phase of the Systems Development Life Cycle (SDLC) is a a. fully documented system report b. systems selection report c. detailed design report d. systems analysis report ANS: C
PTS: 1
22. The detailed design report contains all of the following except a. input screen formats b. alternative conceptual designs c. report layouts d. process logic ANS: B
PTS: 1
23. When each element of information supports the user’s decision or task, the output is said to possess a. completeness b. summarization c. conciseness d. relevance ANS: D
PTS: 1
24. There is often a conflict between the attributes of a. timeliness and conciseness b. accuracy and timeliness c. relevance and summarization d. completeness and exceptions orientation ANS: B
PTS: 1
25. A report of accounts that are past due has many information attributes. The most important attribute is a. summarization b. timeliness c. conciseness d. exception orientation ANS: D
PTS: 1
26. When hardcopy forms are used as the source for electronic data input, a. a paper audit trail is maintained b. economies of scale in data collection are avoided c. input errors are reduced d. a point-of-sale terminal is required ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 27. The most important design element for a hardcopy form that is used for electronic data input is that a. the form is a standard size b. the source document and the input screen are identical c. instructions use active voice d. sufficient copies of the form are prepared ANS: B
PTS: 1
28. Which of the following is not one of the problems that accounts for most systems failures? a. poorly specified systems requirements b. ineffective development techniques c. lack of user involvement in systems development d. insufficient dollar investment in the new system ANS: D
PTS: 1
29. Which statement is not true? a. loosely coupled modules are independent of other modules b. cohesive modules perform a single, well-defined task c. maintenance of a module with weak cohesion is simple d. an error made in a tightly coupled module will affect other modules ANS: C
PTS: 1
30. Translating the system modules into pseudocode a. occurs in the implementation phase of the Systems Development Life Cycle b. expresses the detailed logic of the module in programming language c. discourages end users from becoming actively involved in designing the system d. permits individuals with few technical skills to understand the logic of the module ANS: D
PTS: 1
31. Which statement is not true? A systems design walkthrough a. is conducted by a quality assurance group b. occurs just after system implementation c. simulates the operation of the system in order to uncover errors and omissions d. reduces costs by reducing the amount of reprogramming ANS: B
PTS: 1
32. System documentation is designed for all of the following groups except a. systems designers and programmers b. end users c. accountants d. all of the above require systems documentation ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 33. Which type of documentation shows the detailed relationship of input files, programs, and output files? a. structure diagrams b. overview diagram c. system flowchart d. program flowchart ANS: C
PTS: 1
34. Typical contents of a run manual include all of the following except a. run schedule b. logic flowchart c. file requirements d. explanation of error messages ANS: B
PTS: 1
35. Computer operators should have access to all of the following types of documentation except a. a list of users who receive output b. a program code listing c. a list of all master files used in the system d. a list of required hardware devices ANS: B
PTS: 1
36. Which task is not essential during a data conversion procedure? a. decomposing the system b. validating the database c. reconciliation of new and old databases d. backing up the original files ANS: A
PTS: 1
37. When converting to a new system, which cutover method is the most conservative? a. cold turkey cutover b. phased cutover c. parallel operation cutover d. data coupling cutover ANS: C
PTS: 1
38. What is not true about data modeling? a. Relationships are the degree of association between two entities. b. Attributes are data that describe the characteristics or properties of entities. c. Entities are resources, events, or agents involved in the business. d. Modeling is the task of formalizing the data requirements of the business process as a physical model. ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 SHORT ANSWER 1. Using Computer Aided Software Engineering (CASE) tools, the structure diagram can be transformed into machine code. Describe a disadvantage associated with this procedure. ANS: The program source code is part of the system documentation. To properly design test procedures, auditors sometimes need to review the source code. If it is not available, this may hamper testing and force the auditor to employ alternative, less efficient, more costly procedures. Also, this approach usually commits the company to a particular CASE tool and vendor while source code is accepted by most CASE tools. PTS: 1 2. Using Computer Aided Software Engineering (CASE) tools, the structure diagram can be transformed into machine code. Describe an advantage associated with this procedure. ANS: Programmers are forced to make all changes through the data flow diagrams. The CASE tool will then modify the structure diagram and rewrite the machine code automatically. This ensures that the systems documentation always agrees with the computer code. PTS: 1 3. What is prototyping? Why is it used in systems development? ANS: Prototyping is a technique for providing users with a preliminary working version of the new system that users can test. This leads to better understanding of user needs and system requirements. When used in the early stages of the SDLC, prototyping is an effective tool for establishing user requirements. PTS: 1 4. A bottom-up method to design a new system by assembling reusable modules is called . ANS: object-oriented design PTS: 1 5. Contrast the structured and object-oriented approaches to conceptual systems design. Which is more common? ANS: The structured approach develops each new system from scratch from the top down. Object-oriented design builds systems from the bottom up through the assembly of reusable modules rather than creating each system from scratch. The structured approach dominates modern system design while the object-oriented approach is still an emerging concept.
Accounting Information Systems, 9e—Test Bank, Chapter 14 PTS: 1 6. What is meant by object-oriented design? What does it mean for systems design? ANS: Object-oriented design refers to a building block approach to system design which develops systems from reusable standard components, called objects. This approach avoids starting from scratch for each new system. This saves time and expense for development, maintenance, and testing of systems. An example of an object is inventory. Each object possesses two characteristics: attributes (part number, description, quantity on hand, …) and operations (reorder, replace, review quantity, … ) PTS: 1 7. List three advantages and one disadvantage of commercial software. ANS: Advantages include very quick implementation time, relatively inexpensive software, and reliable, tested software. Disadvantages include not being able to customize the system and difficulty in modifying the software. PTS: 1 8. What is the purpose of the Request for Proposal (RFP)? ANS: The purpose of the RFP is to obtain proposals for supplying commercial software packages from various vendors. Each prospective vendor is sent an RFP explaining the nature of the problem, the objectives of the system, and the deadline for proposal submission. The RFP includes a format for responses to facilitate a comparison of the proposals from different vendors. PTS: 1 9. Explain how a benchmark problem is used to measure the performance of two different commercial software packages. ANS: Each prospective vendor is given the same data and task to perform (usually important transactions or tasks performed by key components of the proposed system). The results of the benchmark problem are compared for speed, accuracy, and efficiency. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 10. What is a GNATT chart? ANS: The GNATT chart is a horizontal bar chart that presents time on a horizontal plane and activities on a vertical plane. A bar marking the starting and ending dates represents the time associated with each activity. The GNATT chart is popular because it can show the current status of a project at a glance making it easy to determine which projects are on, ahead of, or behind schedule. PTS: 1 11. List three characteristics that should be considered when designing a hardcopy input form. ANS: handling, storage, number of copies, form size PTS: 1 12. List two techniques of forms design that encourage efficient and effective data collection. ANS: zones and embedded instructions PTS: 1 13. What is the importance of the base case? ANS: A base case is test data that documents how the system performed at a point in time, and it provides a reference point for analyzing the effects of future system changes. The base case also eases the burden of recreating test data. PTS: 1 14. Describe a risk associated with the phased cutover procedure for data conversion. ANS: Incompatibilities may exist between the new subsystems and the yet-to-be replaced old subsystems. PTS: 1 15. List the attributes of output views. ANS: relevance, summarization, exception orientation, timeliness, accuracy, completeness, conciseness PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 16. Describe and discuss embedded instructions. ANS: Embedded instructions are contained within the body of the form itself rather than on a separate sheet. It is important to place instructions directly in the zone to which they pertain. If an instruction pertains to the entire form, it should be placed at the top of the form. Instructions should be brief and unambiguous, using active rather than passive voice. PTS: 1 17. What are the two methods of electronic input? How do they differ? ANS: The two basic types of electronic input are input from source documents and direct input. The former involves the collection of data on paper that is then transcribed. The latter involves direct capture of data in electronic form. There is no physical record of the input. PTS: 1 18. Describe the cold turkey (or big bang) approach to system cutover. ANS: Under the cold turkey cutover approach (also called the big bang approach), the firm switches to the new system and simultaneously terminates the old system. When implementing simple systems, this is often the easiest and least costly approach. With more complex systems, it is the riskiest. PTS: 1 19. Discuss the advantage of the parallel operation cutover approach. ANS: Parallel operation cutover involves running the old system and the new system simultaneously for a period of time. The advantage of parallel cutover is the reduction in risk. By running two systems, the user can reconcile outputs to identify errors and debug errors before running the new system solo. PTS: 1 20. What is the objective of a post-implementation review? ANS: The objective post-implementation review is to measure the success of the system and of the process after the dust has settled. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 14 ESSAY 1. Describe at least four advantages and two disadvantages of the Computer Aided Software Engineering (CASE) approach. ANS: Advantages of the CASE approach include:
Reduced system complexity Increased flexibility in making revisions to the system model Capacity to review many alternative designs before committing to a system Quicker development process Promotion of user involvement Reusable program code and documentation Reduced maintenance costs
Disadvantages of the CASE approach include:
Product cost Start-up time and cost involved with developing CASE expertise Incompatible CASE tools CASE source code is not as efficient as code written by skilled programmers. Inefficient source code generated by CASE tools encourages skilled programmers to modify the code which results in discrepancies between the data flow diagram and the program code.
PTS: 1 2. Discuss a PERT chart and its principal features. ANS: The project evaluation and review technique (PERT) is a tool for showing relationships among key activities that constitute the construct and delivery process. The principal features of the diagram are: 1. Activities or tasks to be completed during the project are labeled in alphabetical order on the lines, along with their estimated time of completion. 2. Events are numbered and mark the completion of one activity and the start of another. 3. Paths are routes through the diagram that connect the events from first to last. 4. Critical path is the path with the greatest overall time. Any delay in the activities along this path will extend the overall project time.
PTS: 1
Ac
Accounting Information Systems, 9e—Test Bank, Chapter 14 3. Discuss the appropriate steps to take when selecting a commercial software package. ANS: When selecting a commercial software package, the first step is to prepare a needs analysis, as detailed as the user’s technical background permits. The second step is to send out a request for proposal, explaining to the vendor the nature of the problem, the objectives of the system, and the deadline for proposal submission. The third step is to identify and capture facts about each vendor’s system. These facts come from vendor presentations (including a technical demonstration), comparing the results of a benchmark problem, obtaining information about vendor support, and contacting user groups. The final step is to evaluate the findings and make a selection. A weighted factor matrix is used to analyze the qualitative variables, and the results are reported as a performance/cost index. PTS: 1 4. The Studebaker Company is evaluating two proposals for a commercial software package. Three relevant factors were identified and weighted. Then the evaluation team assigned raw scores from 1 to 5 to each factor for each vendor. Proposal One will cost $70,000 and Proposal Two will cost $65,000.
Weight
Proposal One
Proposal Two
Vendor support
30
4
5
Ease of use
30
5
4
Range of capabilities
40
5
3
Determine a composite score and a performance/cost index for both proposals. Which proposal is the more economically feasible choice? ANS: The composite score is 470 (30 x 4 + 30 x 5 + 40 x 5) for Proposal One and 390 (30 x 5 + 30 x 4 + 40 x 3) for Proposal Two. The performance/cost index is 6.7 (470/$70,000 x $1,000) for Proposal One and 6.0 (390/$65,000 x $1,000) for Proposal Two. Based on this analysis, Proposal One is the more economically feasible proposal. PTS: 1 5. Discuss the advantages and disadvantages of the three methods of converting to a new system: cold turkey (big bang) cutover, phased cutover, and parallel operation cutover. ANS: Cold turkey (big bang)–This is the fastest, quickest and least expensive cutover method. It is also the most risky. If the system does not function properly, there is no backup system to rely on. Phased cutover–The phased cutover avoids the risk of total system failure because the conversion occurs one module at a time. The disadvantage of this method is the potential incompatibilities between new modules that have been implemented and old modules that have not yet been phased out. Parallel operation cutover–This is the most time consuming and costly of the three methods, but it also provides the greatest security. The old system is not terminated until the new system is tested for accuracy.
Accounting Information Systems, 9e—Test Bank, Chapter 14 PTS: 1 6. What issues must be considered in designing hardcopy documents? ANS: The issues to be considered in designing hardcopy documents relate to the physical operations of the business. Handling: designers must take into account moisture, manipulation, temperature, etc. Storage: where, why, environment, time. Number of copies: how many are needed, where they will be stored, etc. Forms distribution sheets can help determine the number of copies needed. Form size: should be standard unless special circumstances are involved. PTS: 1
7. What is the role of test data? What is a base case? ANS: Test data is hypothetical data with known results. The test data is run through the system to verify the processing occurs correctly. Test data should test all aspects of the new system including error capture. When a thorough set of test data is developed, it is saved to document system performance at the time of testing. This is the base case. It can therefore be compared to results of test data after system modification. PTS: 1 8. Correctly designed modules possess two attributes. Name and explain each. ANS: Coupling measures the degree of interaction or exchange of data between modules. A loosely coupled module is independent of the others. Modules with a great deal of interaction are tightly coupled. Cohesion refers to the number of tasks a module performs. Strong cohesion means that each module performs a single, well-defined task. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15
Chapter 15—IT Controls Part I: Sarbanes-Oxley and IT Governance TRUE/FALSE 1. Corporate management (including the CEO) must certify monthly and annually their organization’s internal controls over financial reporting. ANS: F
PTS: 1
2. Both the SEC and the PCAOB require management to use the COBIT framework for assessing internal control adequacy. ANS: F
PTS: 1
3. Both the SEC and the PCAOB require management to use the COSO framework for assessing internal control adequacy. ANS: F
PTS: 1
4. A qualified opinion on management’s assessment of internal controls over the financial reporting system necessitates a qualified opinion on the financial statements? ANS: F
PTS: 1
5. The same internal control objectives apply to manual and computer-based information systems. ANS: T
PTS: 1
6. To fulfill the segregation of duties control objective, computer processing functions (like authorization of credit and billing) are separated. ANS: F
PTS: 1
7. To ensure sound internal control, program coding and program processing should be separated. ANS: T
PTS: 1
8. Some systems professionals have unrestricted access to the organization's programs and data. ANS: T
PTS: 1
9. Application controls apply to a wide range of exposures that threaten the integrity of all programs processed within the computer environment. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 10. The database administrator should be separated from systems development. ANS: T
PTS: 1
11. A disaster recovery plan is a comprehensive statement of all actions to be taken after a disaster. ANS: T
PTS: 1
12. IT auditing is a small part of most external and internal audits. ANS: F
PTS: 1
13. Statements on Auditing Standards recommendations must be followed by every member of the profession unless it can be shown why a standard does not apply in a given situation. ANS: T
PTS: 1
14. An IT auditor expresses an opinion on the fairness of the financial statements. ANS: F
PTS: 1
15. External auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization. ANS: F
PTS: 1
16. External auditors can cooperate with and use evidence gathered by internal audit departments that are organizationally independent and that report to the Audit Committee of the Board of Directors. ANS: T
PTS: 1
17. Tests of controls determine whether the database contents fairly reflect the organization's transactions. ANS: F
PTS: 1
18. Audit risk is the probability that the auditor will render an unqualified opinion on financial statements that are materially misstated. ANS: T
PTS: 1
19. A strong internal control system will reduce the amount of substantive testing that must be performed. ANS: T
PTS: 1
20. Substantive testing techniques provide information about the accuracy and completeness of an application's processes. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 21. The most common access point for perpetrating computer fraud is at the data collection stage. ANS: T
PTS: 1
22. Changing the Hours Worked field in an otherwise legitimate payroll transaction to increase the amount of the paycheck is an example of data collection fraud. ANS: T
PTS: 1
23. Scavenging is a form of fraud in which the perpetrator uses a computer program to search for key terms in a database and then steal the data. ANS: F
PTS: 1
24. Transaction cost economics (TCE) theory suggests that firms should outsource specific noncore IT assets. ANS: F
PTS: 1
25. Commodity IT assets easily acquired in the marketplace and should be outsourced under the core competency theory. ANS: F
PTS: 1
MULTIPLE CHOICE 1. Which of the following is NOT an implication of section 302 of the Sarbanes-Oxley Act? a. Auditors must determine, whether changes in internal control has, or is likely to, materially affect internal control over financial reporting. b. Auditors must interview management regarding significant changes in the design or operation of internal control that occurred since the last audit. c. Corporate management (including the CEO) must certify monthly and annually their organization’s internal controls over financial reporting. d. Management must disclose any material changes in the company’s internal controls that have occurred during the most recent fiscal quarter. ANS: C
PTS: 1
2. Which of the following is NOT a requirement in management’s report on the effectiveness of internal controls over financial reporting? a. A statement of management’s responsibility for establishing and maintaining adequate internal control user satisfaction. b. A statement that the organization’s internal auditors has issued an attestation report on management’s assessment of the company’s internal controls. c. A statement identifying the framework used by management to conduct their assessment of internal controls. d. An explicit written conclusion as to the effectiveness of internal control over financial reporting. ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 3. In a computer-based information system, which of the following duties needs to be separated? a. program coding from program operations b. program operations from program maintenance c. program maintenance from program coding d. all of the above duties should be separated ANS: D
PTS: 1
4. Supervision in a computerized environment is more complex than in a manual environment for all of the following reasons except a. rapid turnover of systems professionals complicates management's task of assessing the competence and honesty of prospective employees b. many systems professionals have direct and unrestricted access to the organization's programs and data c. rapid changes in technology make staffing the systems environment challenging d. systems professionals and their supervisors work at the same physical location ANS: D
PTS: 1
5. Adequate backups will protect against all of the following except a. natural disasters such as fires b. unauthorized access c. data corruption caused by program errors d. system crashes ANS: B
PTS: 1
6. Which is the most critical segregation of duties in the centralized computer services function? a. systems development from data processing b. data operations from data librarian c. data preparation from data control d. data control from data librarian ANS: A
PTS: 1
7. Systems development is separated from data processing activities because failure to do so a. weakens database access security b. allows programmers access to make unauthorized changes to applications during execution c. results in inadequate documentation d. results in master files being inadvertently erased ANS: B
PTS: 1
8. Which organizational structure is most likely to result in good documentation procedures? a. separate systems development from systems maintenance b. separate systems analysis from application programming c. separate systems development from data processing d. separate database administrator from data processing ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 9. All of the following are control risks associated with the distributed data processing structure except a. lack of separation of duties b. system incompatibilities c. system interdependency d. lack of documentation standards ANS: C
PTS: 1
10. Which of the following is not an essential feature of a disaster recovery plan? a. off-site storage of backups b. computer services function c. second site backup d. critical applications identified ANS: B
PTS: 1
11. A cold site backup approach is also known as a. internally provided backup b. recovery operations center c. empty shell d. mutual aid pact ANS: C
PTS: 1
12. The major disadvantage of an empty shell solution as a second site backup is a. the host site may be unwilling to disrupt its processing needs to process the critical applications of the disaster stricken company b. intense competition for shell resources during a widespread disaster c. maintenance of excess hardware capacity d. the control of the shell site is an administrative drain on the company ANS: B
PTS: 1
13. An advantage of a recovery operations center is that a. this is an inexpensive solution b. the initial recovery period is very quick c. the company has sole control over the administration of the center d. none of the above are advantages of the recovery operations center ANS: B
PTS: 1
14. For most companies, which of the following is the least critical application for disaster recovery purposes? a. month-end adjustments b. accounts receivable c. accounts payable d. order entry/billing ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 15. The least important item to store off-site in case of an emergency is a. backups of systems software b. backups of application software c. documentation and blank forms d. results of the latest test of the disaster recovery program ANS: D
PTS: 1
16. Some companies separate systems analysis from programming/program maintenance. All of the following are control weaknesses that may occur with this organizational structure except a. systems documentation is inadequate because of pressures to begin coding a new program before documenting the current program b. illegal lines of code are hidden among legitimate code and a fraud is covered up for a long period of time c. a new systems analyst has difficulty in understanding the logic of the program d. inadequate systems documentation is prepared because this provides a sense of job security to the programmer ANS: C
PTS: 1
17. All of the following are recommended features of a fire protection system for a computer center except a. clearly marked exits b. an elaborate water sprinkler system c. manual fire extinguishers in strategic locations d. automatic and manual alarms in strategic locations ANS: B
PTS: 1
18. Which concept is not an integral part of an audit? a. evaluating internal controls b. preparing financial statements c. expressing an opinion d. analyzing financial data ANS: B
PTS: 1
19. Which statement is not true? a. Auditors must maintain independence. b. IT auditors attest to the integrity of the computer system. c. IT auditing is independent of the general financial audit. d. IT auditing can be performed by both external and internal auditors. ANS: C
PTS: 1
20. Typically, internal auditors perform all of the following tasks except a. IT audits b. evaluation of operational efficiency c. review of compliance with legal obligations d. internal auditors perform all of the above tasks ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 21. The fundamental difference between internal and external auditing is that a. internal auditors represent the interests of the organization and external auditors represent outsiders b. internal auditors perform IT audits and external auditors perform financial statement audits c. internal auditors focus on financial statement audits and external auditors focus on operational audits and financial statement audits d. external auditors assist internal auditors but internal auditors cannot assist external auditors ANS: A
PTS: 1
22. Internal auditors assist external auditors with financial audits to a. reduce audit fees b. ensure independence c. represent the interests of management d. None of the above. Internal auditors are not permitted to assist external auditors with financial audits. ANS: A
PTS: 1
23. Which statement is not correct? a. Auditors gather evidence using tests of controls and substantive tests. b. The most important element in determining the level of materiality is the mathematical formula. c. Auditors express an opinion in their audit report. d. Auditors compare evidence to established criteria. ANS: B
PTS: 1
24. All of the following are steps in an IT audit except a. substantive testing b. tests of controls c. post-audit testing d. audit planning ANS: C
PTS: 1
25. When planning the audit, information is gathered by all of the following methods except a. completing questionnaires b. interviewing management c. observing activities d. confirming accounts receivable ANS: D
PTS: 1
26. Substantive tests include a. examining the safety deposit box for stock certificates b. reviewing systems documentation c. completing questionnaires d. observation ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 27. Tests of controls include a. confirming accounts receivable b. counting inventory c. completing questionnaires d. counting cash ANS: C
PTS: 1
28. All of the following are components of audit risk except a. control risk b. legal risk c. detection risk d. inherent risk ANS: B
PTS: 1
29. Control risk is a. the probability that the auditor will render an unqualified opinion on financial statements that are materially misstated b. associated with the unique characteristics of the business or industry of the client c. the likelihood that the control structure is flawed because controls are either absent or inadequate to prevent or detect errors in the accounts d. the risk that auditors are willing to take that errors not detected or prevented by the control structure will also not be detected by the auditor ANS: C
PTS: 1
30. All of the following tests of controls will provide evidence about the physical security of the computer center except a. review of fire marshal records b. review of the test of the backup power supply c. verification of the second site backup location d. observation of procedures surrounding visitor access to the computer center ANS: C
PTS: 1
31. All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan except a. inspection of the second site backup b. analysis of the fire detection system at the primary site c. review of the critical applications list d. composition of the disaster recovery team ANS: B
PTS: 1
32. Which of the following is true? a. In the CBIS environment, auditors gather evidence relating only to the contents of databases, not the reliability of the computer system. b. Conducting an audit is a systematic and logical process that applies to all forms of information systems. c. Substantive tests establish whether internal controls are functioning properly. d. IT auditors prepare the audit report if the system is computerized. ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 33. Inherent risk a. exists because all control structures are flawed in some ways. b. is the likelihood that material misstatements exist in the financial statements of the firm. c. is associated with the unique characteristics of the business or industry of the client. d. is the likelihood that the auditor will not find material misstatements. ANS: C
PTS: 1
34. Which of the following is not a generally accepted auditing standard general standard? a. The auditor must have adequate technical training and proficiency. b. The auditor must obtain sufficient, competent evidence. c. The auditor must have independence of mental attitude. d. All of the above are generally accepted auditing standard general standards. ANS: B
PTS: 1
35. The financial statements of an organization reflect a set of management assertions about the financial health of the business. All of the following describe types of assertions except a. that all of the assets and equities on the balance sheet exist b. that all employees are properly trained to carry out their assigned duties c. that all transactions on the income statement actually occurred d. that all allocated amounts such as depreciation are calculated on a systematic and rational basis ANS: B 36.
PTS: 1
Which of the following is not an advantage of distributed data processing? a. ability to backup computing facilities b. improved user satisfaction c. efficient use of resources d. all of the above are advantages of distributed data processing ANS: C
PTS: 1
37 . Operations fraud includes a. altering program logic to cause the application to process data incorrectly b. misusing the firm’s computer resources c. destroying or corrupting a program’s logic using a computer virus d. creating illegal programs that can access data files to alter, delete, or insert values ANS: B 38.
PTS: 1
Segregation of duties in the computer-based information system includes a. separating the programmer from the computer operator b. preventing management override c. separating the inventory process from the billing process d. performing independent verifications by the computer operator ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 39.
Computer fraud can take on many forms, including each of the following except a. theft or illegal use of computer-readable information b. theft, misuse, or misappropriation of computer equipment c. theft, misuse, or misappropriation of assets by altering computer-readable records and files d. theft, misuse, or misappropriation of printer supplies ANS: D
40.
The following are examples of commodity assets except a. network management b. systems operations c. systems development d. server maintenance ANS: C
41.
application maintenance data warehousing highly skilled employees server maintenance
ANS: D
PTS: 1
Which of the following is true? a. Core competency theory argues that an organization should outsource specific core assets. b. Core competency theory argues that an organization should focus exclusively on its core business competencies c. Core competency theory argues that an organization should not outsource specific commodity assets. d. Core competency theory argues that an organization should retain certain specific noncore assets in-house. ANS: B
43.
PTS: 1
The following are examples of specific assets except a. b. c. d.
42.
PTS: 1
PTS: 1
Which of the following is not true? a. Large-scale IT outsourcing involves transferring specific assets to a vendor b. Specific assets, while valuable to the client, are of little value to the vendor c. Once an organization outsources its specific assets, it may not be able to return to its pre-outsource state. d. Specific assets are of value to vendors because, once acquired, vendors can achieve economies of scale by employing them with other clients ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 44.
Which of the following is not true? a. When management outsources their organization’s IT functions, they also outsource responsibility for internal control. b. Once a client firm has outsourced specific IT assets, its performance becomes linked to the vendor’s performance. c. IT outsourcing may affect incongruence between a firm’s IT strategic planning and its business planning functions. d. The financial justification for IT outsourcing depends upon the vendor achieving economies of scale. ANS: A
45.
PTS: 1
Which of the following is not true? a. Management may outsource their organizations’ IT functions, but they cannot outsource their management responsibilities for internal control. b. Section 404 requires the explicit testing of outsourced controls. c. The SAS 70 report, which is prepared by the outsourcer’s auditor, attests to the adequacy of the vendor’s internal controls. d. Auditors issue two types of SAS 70 reports: SAS 70 Type I report and SAS 70 Type II report. ANS: C
PTS: 1
SHORT ANSWER 1.
Both the SEC and the PCAOB have expressed an opinion as which internal control framework an organization should use to comply with SOX legislation. Explain. ANS: Both the SEC and PCAOB endorse the SAS 7/COSO framework but any framework can be used that encompasses all of the SAS 78/COSO’s general themes
PTS: 1 2. COSO identifies two broad groupings of information system controls. What are they? ANS: general; application PTS: 1 3. The Sarbanes-Oxley Act contains many sections. Which sections are the focus of this chapter? ANS: The chapter concentrates on internal control and audit responsibilities pursuant to Sections 302 and 404. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 4. What control framework is recommended by the PCAOB? ANS: The PCAOB’s Auditing Standard No. 5 endorses the use of COSO as the framework for control assessment. PTS: 1 5. What are the objectives of application controls? ANS: The objectives of application controls are to ensure the validity, completeness, and accuracy financial transactions. PTS: 1 6. Define general controls. ANS: General controls apply to all systems. They are not application specific. General controls include controls over IT governance, the IT infrastructure, security and access to operating systems and databases, application acquisition and development, and program changes. PTS: 1 7. Discuss the key features of Section 302 of the Sarbanes-Oxley Act. ANS: Section 302 requires corporate management (including the chief executive officer [CEO]) to certify financial and other information contained in the organization’s quarterly and annual reports. The rule also requires them to certify the internal controls over financial reporting. The certifying officers are required to have designed internal controls, or to have caused such controls to be designed, and to provide reasonable assurance as to the reliability of the financial reporting process. Furthermore, they must disclose any material changes in the company’s internal controls that have occurred during the most recent fiscal quarter. PTS: 1 8. What primary IT functions must be separated in a centralized firm? ANS: separate systems development from computer operations separate the database administrator from other functions separate new systems development from maintenance PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 9. List three pairs of system functions that should be separated in the centralized computer services organization. Describe a risk exposure if the functions are not separated. Functions to Separate
Risk Exposure
ANS: separate systems development from data processing operations (unauthorized changes to application programs during execution), separate database administrator from systems development (unauthorized access to database files), separate new systems development from systems maintenance (writing fraudulent code and keeping it concealed during maintenance), separate data library from computer operations (loss of files or erasing current files) PTS: 1 10. For disaster recovery purposes, what criteria are used to identify an application or data as critical? ANS: Critical application and files are those that impact the short-run survival of the firm. Critical items impact cash flows, legal obligations, and customer relations. PTS: 1 11. Describe the components of a disaster recovery plan. ANS: Every disaster recovery plan should: designate a second site backup identify critical applications perform backup and off-site storage procedures create a disaster recovery team test the disaster recovery plan PTS: 1 12. What is a mirrored data center? ANS: A mirrored data center duplicates programs and data onto a computer at a separate location. Mirroring is performed for backup purposes. At any point in time, the mirrored data center reflects current economic events of the firm. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 13. What is a recovery operations center? What is its purpose? ANS: A recovery operations center (ROC) or hot site is a fully equipped backup data center that many companies share. In addition to hardware and backup facilities, ROC service providers offer a range of technical services to their clients, who pay an annual fee for access rights. In the event of a major disaster, a subscriber can occupy the premises and, within a few hours, resume processing critical applications.. PTS: 1 14. Why is inadequate documentation a chronic problem? ANS: Poor-quality systems documentation is a significant challenge for many organizations seeking SOX compliance. There are at least two explanations for this phenomenon. First, documenting systems is not as interesting as designing, testing, and implementing them. Systems professionals much prefer to move on to an exciting new project rather than document one just completed. The second possible reason for poor documentation is job security. When a system is poorly documented, it is difficult to interpret, test, and debug. Therefore, the programmer who understands the system (the one who coded it) maintains bargaining power and becomes relatively indispensable. When the programmer leaves the firm, however, a new programmer inherits maintenance responsibility for the undocumented system. Depending on its complexity, the transition period may be long and costly. PTS: 1 15. What is program fraud? ANS: Program fraud involves making unauthorized changes to parts of a program for the purpose of committing an illegal act. PTS: 1 16. The distributed data processing approach carries some control implications of which accountants should be aware. Discuss two. ANS: Incompatibility of hardware and software, selected by users working independently, can result in system incompatibility that can affect communication. When individuals in different parts of the organization “do their own thing,” there can be significant redundancy between units. When user areas handle their own computer services functions, there may be a tendency to consolidate incompatible activities. Small units may lack the ability to evaluate systems professionals and to provide adequate opportunities and may therefore have difficulty acquiring qualified professionals. As the number of units handling systems tasks, there is an increasing chance that the systems will lack standards. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 17.
are intentional mistakes while
are
unintentional mistakes. ANS: Irregularities, errors PTS: 1 18. Explain the relationship between internal controls and substantive testing. ANS: The stronger the internal controls, the less substantive testing must be performed. PTS: 1 19. Define fault tolerance. ANS: Fault tolerance is the ability of the system to continue operation when part of the system fails. Implementing redundant system components such as redundant disks and powers supplies are two examples. PTS: 1 20. Distinguish between errors and irregularities. Which do you think concern the auditors the most? ANS: Errors are unintentional mistakes; while irregularities are intentional misrepresentations to perpetrate a fraud or mislead the users of financial statements. Errors are a concern if they are numerous or sizable enough to cause the financial statements to be materially misstated. Processes which involve human actions will contain some amount of human error. Computer processes should only contain errors if the programs are erroneous, or if systems operating procedures are not being closely and competently followed. Errors are typically much easier to uncover than misrepresentations, thus auditors typically are more concerned whether they have uncovered any and all irregularities. PTS: 1 21. What is a disaster recovery plan? ANS: A disaster recovery plan is a comprehensive statement of all actions to be taken before during and after a disaster, along with documented, tested procedures that will ensure the continuity of operations. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 22. Distinguish between inherent risk and control risk. How do internal controls and detection risk fit in? ANS: Inherent risk is associated with the unique characteristics of the business or industry of the client. Firms in declining industries are considered to have more inherent risk than firms in stable or thriving industries. Control risk is the likelihood that the control structure is flawed because internal controls are either absent or inadequate to prevent or detect errors in the accounts. Internal controls may be present in firms with inherent risk, yet the financial statements may be materially misstated due to circumstances outside the control of the firm, such as a customer with unpaid bills on the verge of bankruptcy. Detection risk is the risk that auditors are willing to accept that errors are not detected or prevented by the control structure. Typically, detection risk will be lower for firms with higher inherent risk and control risk. PTS: 1 23. Contrast internal and external auditing. ANS: Internal auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization. External auditing is often called "independent auditing" because it is done by certified public accountants who are independent of the organization being audited. This independence is necessary since the external auditors represent the interests of third-party stakeholders such as shareholders, creditors, and government agencies. PTS: 1 24. What are the components of audit risk? ANS: Inherent risk is associated with the unique characteristics of the business itself; control risk is the likelihood that the control structure is flawed because controls are absent or inadequate; and detection risk is the risk that auditors are willing to take that errors will not be detected by the audit. PTS: 1 25. How do the tests of controls affect substantive tests? ANS: Tests of controls are used by the auditor to measure the strength of the internal control structure. The stronger the internal controls, the lower the control risk, and the less substantive testing the auditor must do. PTS: 1 26. What is an auditor looking for when testing computer center controls? ANS: When testing computer center controls, the auditor is trying to determine that the physical security controls are adequate to protect the organization from physical exposures, that insurance coverage on equipment is adequate, that operator documentation is adequate to deal with operations and failures, and that the disaster recovery plan is adequate and feasible.
Accounting Information Systems, 9e—Test Bank, Chapter 15 PTS: 1 27. What is the empty shell? ANS: The empty sell or cold site plan is an arrangement wherein the company buys or leases a building that will serve as a data center. In the vent of disaster, the shell is available and ready to receive whatever hardware the temporary user needs to run essential systems. PTS: 1 28. What is IT Governance? ANS: IT governance is a broad concept relating to the decision rights and accountability for encouraging desirable behavior in the use of IT. Three aspects of IT governance are of particular importance to SOX compliance: organizational structure of the IT function, computer operations, and disaster recovery planning. PTS: 1 29. Why should the tasks of systems development and maintenance be segregated from operations? ANS: The segregation of systems development (both new systems development and maintenance) and operations activities is of the greatest importance. Systems development and maintenance professionals acquire (by in-house development and purchase) and maintain systems for users. Operations staff should run these systems and have no involvement in their design and implementation. Consolidating these functions invites fraud. With detailed knowledge of an application’s logic and control parameters along with access to the computer operations, an individual could make unauthorized changes to application logic during execution. Such changes may be temporary (on the fly.) and will disappear with little or no trace when the application terminates. PTS: 1 30. Why should new systems development activities be segregated from the program change (maintenance) function? ANS: Combining these functions increases the potential for two problems: inadequate documentation and fraud. Inadequate systems documentation is a chronic IT problem and a significant challenge for many organizations seeking SOX compliance. The potential for fraud is increased when the original programmer of a system also has maintenance responsibility,. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 31. Name three forms of computer fraud. ANS: Computer fraud includes: The theft, misuse, or misappropriation of assets by altering computer-readable records and files. The theft, misuse, or misappropriation of assets by altering the logic of computer software. The theft or illegal use of computer-readable information. The theft, corruption, illegal copying, or intentional destruction of computer software. The theft, misuse, or misappropriation of computer hardware. PTS: 1 32. Name three types of program fraud. ANS: Program fraud includes: (1) creating illegal programs that can access data files to alter, delete, or insert values into accounting records; (2) destroying or corrupting a program’s logic using a computer virus; or (3) altering program logic to cause the application to process data incorrectly. PTS: 1 33. Define operational fraud. ANS: Operations fraud is the misuse or theft of the firm’s computer resources. This often involves using the computer to conduct personal business. PTS: 1 34. Define database management fraud. ANS: Database management fraud includes altering, deleting, corrupting, destroying, or stealing an organization’s data. PTS: 1 35. What is scavenging? ANS: Scavenging involves searching through the trash of the computer center for discarded output. PTS: 1 36. As a form of computer fraud, what is eavesdropping? Eavesdropping involves listening to output transmissions over telecommunications lines. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 37. Briefly explain the core competency theory. ANS: Core competency theory argues that an organization should focus exclusively on its core business competencies, while allowing outsourcing vendors to efficiently manage the noncore areas such as the IT functions. PTS: 1 38. What are commodity IT assets? ANS: Commodity IT assets are not unique to a particular organization and are thus easily acquired in the marketplace. These include such things as network management, systems operations, server maintenance, and help-desk functions. PTS: 1 39. Briefly outline transaction cost economics as it relates to IT outsourcing. ANS: Transaction cost economics theory is in conflict with the core competency school by suggesting that firms should retain certain specific non-core IT assets in-house. Because of their esoteric nature, specific assets cannot be easily replaced once they are given up in an outsourcing arrangement. PTS: 1 40. Briefly explain how a SSAE 16 report is used in assessing internal controls of outsourced facilities. ANS: The internal controls over the outsourced services reside at the vendor location. They are audited by the vendor’s auditor, who expresses an opinion and issues a SSAE 16 report on the control adequacy. The Type 1 report attests to the vendor management’s description of their system and the suitability of the design of controls. The Type 2 report goes further and includes an assessment on the operating effectiveness of the controls. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 ESSAY 1. Discuss the key features of Section 404 of the Sarbanes-Oxley Act. ANS: Section 404 requires the management of public companies to assess the effectiveness of their organization’s internal controls over financial reporting and provide an annual report addressing the following points: 1) A statement of management’s responsibility for establishing and maintaining adequate internal control. 2) An assessment of the effectiveness of the company’s internal controls over financial reporting. 3) A statement that the organization’s external auditor has issued an attestation report on management’s assessment of the company’s internal controls. 4) An explicit written conclusion as to the effectiveness of internal control over financial reporting. 6) A statement identifying the framework used by management to conduct their assessment of internal controls. PTS: 1 2. Section 404 requires management to make a statement identifying the control framework used to conduct their assessment of internal controls. Discuss the options in selecting a control framework. ANS: The SEC has made specific reference as to COSO as a recommended control framework. PCAOB’s Auditing Standard No. 5 endorses the use of COSO as the framework for control assessment. Although other suitable frameworks have been published, any other framework used should encompass all of COSO’s general themes. PTS: 1 3. Explain how general controls impact transaction integrity and the financial reporting process. ANS: Consider an organization with poor database security controls. In such a situation, even data processed by systems with adequate built in application controls may be at risk. An individual who can circumvent database security, may then change, steal, or corrupt stored transaction data. Thus, general controls are needed to support the functioning of application controls, and both are needed to ensure accurate financial reporting. PTS: 1 4. Prior to SOX, external auditors were required to be familiar with the client organization’s internal controls, but not test them. Explain. ANS: Auditors had the option of not relying on internal controls in the conduct of an audit and therefore did not need to test them. Instead auditors could focus primarily of substantive tests. Under SOX, management is required to make specific assertions regarding the effectiveness of internal controls. To attest to the validity of these assertions, auditors are required to test the controls. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 5. Does a qualified opinion on management’s assessment of internal controls over the financial reporting system necessitate a qualified opinion on the financial statements? Explain. ANS: No. Auditors are permitted to simultaneously render a qualified opinion on management’s assessment of internal controls and an unqualified opinion on the financial statements. In other words, it is technically possible for auditors to find internal controls over financial reporting to be weak, but conclude through substantive tests that the weaknesses did not cause the financial statements to be materially misrepresented. PTS: 1 6. The PCAOB’s standard No. 5 specifically requires auditors to understand transaction flows in designing their test of controls. What steps does this entail? ANS: This involves: 1. Selecting the financial accounts that have material implications for financial reporting. 2. Identify the application controls related to those accounts. 3. Identify the general that support the application controls. The sum of these controls, both application and general, constitute the relevant internal controls over financial reporting that need to be reviewed. PTS: 1 7. What fraud detection responsibilities (if any) are imposed on auditors by the Sarbanes-Oxley Act? ANS: SOX places responsibility on auditors to detect fraudulent activity and emphasizes the importance of controls designed to prevent or detect fraud that could lead to material misstatement of the financial statements. Management is responsible for implementing such controls and auditors are expressly required to test them. PTS: 1 8. Describe how a Corporate Computer Services Function can overcome some of the problems associated with distributed data processing. ANS: The Corporate Computer Services Function may provide the following technical advice and expertise to distributed data processing units: central testing of commercial software and hardware; installation of new software; trouble-shooting hardware and software problems; technical training; firm-wide standard setting for the systems area; and performance evaluation of systems professionals. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 15 9. Discuss the advantages and disadvantages of the second site backup options. ANS: Second site backups include mutual aid pacts, empty shell, recovery operations center, and internally provided backups. Mutual Aid Pacts Advantages Inexpensive Disadvantages May encounter reluctance to share facilities during an emergency Empty Shell Advantages Disadvantages
Inexpensive Extended time lag between disaster and initial recovery May encounter competition among users for shell resources
Recovery Operations Center Advantages Rapid initial recovery Disadvantages Expensive Internally Provided Backups Advantages Controlled by the firm Compatibility of hardware and software Rapid initial recovery Disadvantages Expense of maintaining excess capacity year round PTS: 1 10. Internal control in a computerized environment can be divided into two broad categories. What are they? Explain each. ANS: Internal controls can be divided into two broad categories. General controls apply to all or most of a system to minimize exposures that threaten the integrity of the applications being processed. These include operating system controls, data management controls, organizational structure controls, system development controls, system maintenance controls, computer center security, Internet and Intranet controls, EDI controls, and PC controls. Application controls focus on exposures related to specific parts of the system: payroll, accounts receivable, etc. PTS: 1 11. Auditors examine the physical environment of the computer center as part of their audit. Many characteristics of computer centers are of interest to auditors. What are they? Discuss. ANS: The characteristics of computer centers that are of interest of auditors include: physical location because it affects the risk of disaster–it should be away from man-made and natural hazards; construction of the computer center should be sound; access to the computer center should be controlled; air-conditioning should be adequate given the heat generated by electronic equipment and the failure that can result from over-heating; fire suppression systems are critical; and adequate power supply is needed to ensure service.
Accounting Information Systems, 9e—Test Bank, Chapter 15 PTS: 1 12. Explain why certain duties that are deemed incompatible in a manual system may be combined in an automated environment? Give an example. ANS: In an automated environment it would be inefficient and contrary to the objectives of automation to separate such tasks and processing and recoding a transaction among several different application programs merely to emulate a manual control model. Further, the reason for separating tasks is to control against the negative behavior of humans; in an automated environment the computer performs the tasks not humans. PTS: 1 13. Compare and contrast the following disaster recovery options: empty shell, recovery operations center, and internally provided backup. Rank them from most risky to least risky, as well as most costly to least costly. ANS: The lowest cost method is internally provided backup. With this method, organizations with multiple data processing centers may invest in internal excess capacity and support themselves in the case of disaster in one data processing center. This method is not as risky as the mutual aid pact because reliance on another organization is not a factor. In terms of cost, the next highest method is the empty shell where two or more organizations buy or lease space for a data processing center. The space is made ready for computer installation; however, no computer equipment is installed. This method requires lease or mortgage payments, as well as payment for air conditioning and raised floors. The risk of this method is that the hardware, software, and technicians may be difficult, if not impossible, to have available in the case of a natural disaster. Further, if multiple members' systems crash simultaneously, an allocation problem exists. The method with lowest risk and also the highest cost is the recovery operations center. This method takes the empty shell concept one step further - the computer equipment is actually purchased and software may even be installed. Assuming that this site is far enough away from the disaster-stricken area not to be affected by the disaster, this method can be a very good safeguard. PTS: 1 14. What is a disaster recovery plan? What are the key features? ANS: A disaster recovery plan is a comprehensive statement of all actions to be taken before, during, and after a disaster, along with documented, tested procedures that will ensure the continuity of operations. The essential features are: providing second site backup, identifying critical applications, backup and off-site storage procedures, creating a disaster recovery team, and testing the disaster recovery plan. PTS: 1 15. Computer fraud is easiest at the data collection stage. Why? ANS: Computer fraud is easiest at the data collection stage because much of what occurs after the data collection or input stage is not visible to human eyes. Once entered, the system will presume that the input is legitimate and will process it as all others.
Accounting Information Systems, 9e—Test Bank, Chapter 15 PTS: 1
16. Explain the outsourcing risk of failure to perform. ANS: Once a client firm has outsourced specific IT assets, its performance becomes linked to the vendor’s performance. The negative implications of such dependency are illustrated in the financial problems that have plagued the huge outsourcing vendor Electronic Data Systems Corp. (EDS). In a cost-cutting effort, EDS terminated seven thousand employees, which impacted its ability to serve other clients. Following an eleven-year low in share prices, EDS stockholders filed a class-action lawsuit against the company. Clearly, vendors experiencing such serious financial and legal problems threaten the viability of their clients also. PTS: 1 17. Explain vendor exploitation. ANS: Once the client firm has divested itself of specific assets it becomes dependent on the vendor. The vendor may exploit this dependency by raising service rates to an exorbitant level. As the client’s IT needs develop over time beyond the original contract terms, it runs the risk that new or incremental services will be negotiated at a premium. This dependency may threaten the client’s long term flexibility, agility and competitiveness and result in even greater vendor dependency. PTS: 1 18. Explain why reduced security is an outsourcing risk. ANS: Information outsourced to off-shore IT vendors raises unique and serious questions regarding internal control and the protection of sensitive personal data. When corporate financial systems are developed and hosted overseas, and program code is developed through interfaces with the host company's network, US corporations are at risk of losing control of their information. To a large degree US firms are reliant on the outsourcing vendor’s security measures, data-access policies and the privacy laws of the host country. PTS: 1 19. Explain how IT outsourcing can lead to loss of strategic advantage. ANS: Alignment between IT strategy and business strategy requires a close working relationship between corporate management and IT management in the concurrent development of business and IT strategies. This, however, is difficult to accomplish when IT planning is geographically redeployed off-shore or even domestically. Further, since the financial justification for IT outsourcing depends upon the vendor achieving economies of scale, the vendor is naturally driven to toward seeking common solutions that may be used by many clients rather than creating unique solutions for each of them. This fundamental underpinning of IT outsourcing is inconsistent with the client’s pursuit of strategic advantage in the marketplace.
Accounting Information Systems, 9e—Test Bank, Chapter 15 PTS: 1 20. Explain the role of a SAS 70 report in reviewing internal controls. ANS: SAS 70 report is the means by which an outsourcing vendor can obtain a single audit report that may be used by its clients’ auditors and thus preclude the need for each client firm auditor to conduct its own audit of the vendor organization’s internal controls. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16
Chapter 16—IT Controls Part II: Security and Access TRUE/FALSE 1. In a computerized environment, the audit trail log must be printed onto paper documents. ANS: F
PTS: 1
2. Disguising message packets to look as if they came from another user and to gain access to the host’s network is called spooling. ANS: F
PTS: 1
3. A formal log-on procedure is the operating system’s last line of defense against unauthorized access. ANS: F
PTS: 1
4. Computer viruses usually spread throughout the system before being detected. ANS: T
PTS: 1
5. A worm is software program that replicates itself in areas of idle memory until the system fails. ANS: T
PTS: 1
6. Viruses rarely attach themselves to executable files. ANS: F
PTS: 1
7. Subschemas are used to authorize user access privileges to specific data elements. ANS: F
PTS: 1
8. A recovery module suspends all data processing while the system reconciles its journal files against the database. ANS: F
PTS: 1
9. The database management system controls access to program files. ANS: F
PTS: 1
10. Operating system controls are of interest to system professionals but should not concern accountants and auditors. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 11. The most frequent victims of program viruses are microcomputers. ANS: T
PTS: 1
12. Access controls protect databases against destruction, loss or misuse through unauthorized access. ANS: T
PTS: 1
13. Operating system integrity is not of concern to accountants because only hardware risks are involved. ANS: F
PTS: 1
14. Audit trails in computerized systems are comprised of two types of audit logs: detailed logs of individual keystrokes and event-oriented logs. ANS: T
PTS: 1
15. In a telecommunications environment, line errors can be detected by using an echo check. ANS: T
PTS: 1
16. Firewalls are special materials used to insulate computer facilities ANS: F
PTS: 1
17. The message authentication code is calculated by the sender and the receiver of a data transmission. ANS: T
PTS: 1
18. The request-response technique should detect if a data communication transmission has been diverted. ANS: T
PTS: 1
19. Electronic data interchange translation software interfaces with the sending firm and the value added network. ANS: F
PTS: 1
20. A value added network can detect and reject transactions by unauthorized trading partners. ANS: T
PTS: 1
21. Electronic data interchange customers may be given access to the vendor's data files. ANS: T
PTS: 1
22. Malicious and destructive programs cause millions of dollars of loss to corporations annually. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 23. A firewall is a hardware partition designed to protect networks from power surges. ANS: F
PTS: 1
24. To preserve audit trails in a computerized environment, transaction logs are permanent records of transactions. ANS: T
PTS: 1
25. Examining programmer authority tables for information about who has access to Data Definition Language commands will provide evidence about who is responsible for creating subschemas. ANS: T
PTS: 1
MULTIPLE CHOICE 1. The operating system performs all of the following tasks except a. translates third-generation languages into machine language b. assigns memory to applications c. authorizes user access d. schedules job processing
ANS: C
PTS: 1
2. Which of the following is considered an unintentional threat to the integrity of the operating system? a. a hacker gaining access to the system because of a security flaw b. a hardware flaw that causes the system to crash c. a virus that formats the hard drive d. the systems programmer accessing individual user files
ANS: B
PTS: 1
3. A software program that replicates itself in areas of idle memory until the system fails is called a a. Trojan horse b. Worm c. logic bomb d. none of the above
ANS: B
PTS: 1
4. A software program that allows access to a system without going through the normal logon procedures is called a a. logic bomb b. Trojan horse c. Worm d. back door
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 5. All of the following will reduce the exposure to computer viruses except a. install antivirus software b. install factory-sealed application software c. assign and control user passwords d. install public-domain software from reputable bulletin boards
ANS: D
PTS: 1
6. Public key encryption a. uses one key for encoding messages and another for decoding them b. is an enhancement to Data Encryption Standard (DES) c. is electronic authentication that cannot be forged d. All of the above.
ANS: A
PTS: 1
7. A Trojan horse a. burrows into a computer’s memory and replicates itself into areas of idle memory b. is a destructive program triggered by some predetermined event c. allows unauthorized access to a system without going through normal log on procedures d. captures IDs and passwords from unsuspecting users
ANS: D
PTS: 1
8. Hackers can disguise their message packets to look as if they came from an authorized user and gain access to the host’s network using a technique called a. spoofing. b. spooling. c. dual-homed. d. screening.
ANS: A
PTS: 1
9. The checkpoint feature a. makes a periodic backup of the entire database b. uses logs and backup files to restart the system after failure c. suspends all data processing wile the system reconciles the transaction log against the database d. provides an audit trail of all processed transactions
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 10. Which of the following is not an access control in a database system? a. antivirus software b. database authorization table c. passwords d. voice prints
ANS: A
PTS: 1
11. Which is not a biometric device? a. password b. retina prints c. voice prints d. signature characteristics
ANS: A
PTS: 1
12. Which of the following is not a basic database backup and recovery feature? a. checkpoint b. backup database c. transaction log d. database authority table
ANS: D
PTS: 1
13. All of the following are objectives of operating system control except a. protecting the OS from users b. protesting users from each other c. protecting users from themselves d. protecting the environment from users
ANS: D
PTS: 1
14. Passwords are secret codes that users enter to gain access to systems. Security can be compromised by all of the following except a. failure to change passwords on a regular basis b. using obscure passwords unknown to others c. recording passwords in obvious places d. selecting passwords that can be easily detected by computer criminals
ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 15. Audit trails cannot be used to a. detect unauthorized access to systems b. facilitate reconstruction of events c. reduce the need for other forms of security d. promote personal accountability
ANS: C
PTS: 1
16. Which control will not reduce the likelihood of data loss due to a line error? a. echo check b. encryption c. vertical parity bit d. horizontal parity bit
ANS: B
PTS: 1
17. Which method will render useless data captured by unauthorized receivers? a. echo check b. parity bit c. public key encryption d. message sequencing
ANS: C
PTS: 1
18. Which method is most likely to detect unauthorized access to the system? a. message transaction log b. data encryption standard c. vertical parity check d. request-response technique
ANS: A
PTS: 1
19. All of the following techniques are used to validate electronic data interchange transactions except a. value added networks can compare passwords to a valid customer file before message transmission b. prior to converting the message, the translation software of the receiving company can compare the password against a validation file in the firm's database c. the recipient's application software can validate the password prior to processing d. the recipient's application software can validate the password after the transaction has been processed
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 20. In an electronic data interchange environment, customers routinely access a. the vendor's price list file b. the vendor's accounts payable file c. the vendor's open purchase order file d. none of the above
ANS: A
PTS: 1
21. All of the following tests of controls will provide evidence that adequate computer virus control techniques are in place and functioning except a. verifying that only authorized software is used on company computers b. reviewing system maintenance records c. confirming that antivirus software is in use d. examining the password policy including a review of the authority table
ANS: B
PTS: 1
22. Audit objectives for the database management system include all of the following except a. verifying that the security group monitors and reports on fault tolerance violations b. confirming that backup procedures are adequate c. ensuring that authorized users access only those files they need to perform their duties d. verifying that unauthorized users cannot access data files
ANS: A
PTS: 1
23. All of the following tests of controls will provide evidence that access to the data files is limited except a. inspecting biometric controls b. reconciling program version numbers c. comparing job descriptions with access privileges stored in the authority table d. attempting to retrieve unauthorized data via inference queries
ANS: B
PTS: 1
24. Audit objectives for communications controls include all of the following except a. detection and correction of message loss due to equipment failure b. prevention and detection of illegal access to communication channels c. procedures that render intercepted messages useless d. all of the above
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 25. When auditors examine and test the call-back feature, they are testing which audit objective? a. incompatible functions have been segregated b. application programs are protected from unauthorized access c. physical security measures are adequate to protect the organization from natural disaster d. illegal access to the system is prevented and detected
ANS: D
PTS: 1
26. In an electronic data interchange (EDI) environment, when the auditor compares the terms of the trading partner agreement against the access privileges stated in the database authority table, the auditor is testing which audit objective? a. all EDI transactions are authorized b. unauthorized trading partners cannot gain access to database records c. authorized trading partners have access only to approved data d. a complete audit trail is maintained
ANS: C
PTS: 1
27. Audit objectives in the electronic data interchange (EDI) environment include all of the following except a. all EDI transactions are authorized b. unauthorized trading partners cannot gain access to database records c. a complete audit trail of EDI transactions is maintained d. backup procedures are in place and functioning properly
ANS: D
PTS: 1
28. In determining whether a system is adequately protected from attacks by computer viruses, all of the following policies are relevant except a. the policy on the purchase of software only from reputable vendors b. the policy that all software upgrades are checked for viruses before they are implemented c. the policy that current versions of antivirus software should be available to all users d. the policy that permits users to take files home to work on them
ANS: D
PTS: 1
29. Which of the following is not a test of access controls? a. biometric controls b. encryption controls c. backup controls d. inference controls
ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 30. In an electronic data interchange environment, customers routinely a. access the vendor's accounts receivable file with read/write authority b. access the vendor's price list file with read/write authority c. access the vendor's inventory file with read-only authority d. access the vendor's open purchase order file with read-only authority
ANS: C
PTS: 1
31. In an electronic data interchange environment, the audit trail a. is a printout of all incoming and outgoing transactions b. is an electronic log of all transactions received, translated, and processed by the system c. is a computer resource authority table d. consists of pointers and indexes within the database
ANS: B
PTS: 1
32. All of the following are designed to control exposures from subversive threats except a. firewalls b. one-time passwords c. field interrogation d. data encryption
ANS: C
PTS: 1
33. Many techniques exist to reduce the likelihood and effects of data communication hardware failure. One of these is a. hardware access procedures b. antivirus software c. parity checks d. data encryption
ANS: C
PTS: 1
34. Which of the following deal with transaction legitimacy? a. transaction authorization and validation b. access controls c. EDI audit trail d. all of the above
ANS: D
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 35. Firewalls are a. special materials used to insulate computer facilities b. a system that enforces access control between two networks c. special software used to screen Internet access d. none of the above ANS: B
PTS: 1
36. The database attributes that individual users have permission to access are defined in a. operating system. b. user manual. c. database schema. d. user view. e. application listing. ANS: D
PTS: 1
37. An integrated group of programs that supports the applications and facilitates their access to specified resources is called a (an) a. operating system. b. database management system. c. utility system d. facility system. e. object system.
ANS: A
PTS: 1
38. Transmitting numerous SYN packets to a targeted receiver, but NOT responding to an ACK, is a. a smurf attack. b. IP Spoofing. c. an ACK echo attack d. a ping attack. e. none of the above
ANS: E
PTS: 1
39. Which of the following is true? a. Deep Packet Inspection uses a variety of analytical and statistical techniques to evaluate the contents of message packets. b. An Intrusion prevention system works in parallel with a firewall at the perimeter of the network to act as a filer that removes malicious packets from the flow before they can affect servers and networks. c. A distributed denial of service attack is so named because it is capable of attacking many victims simultaneously who are distributed across the internet. d. None of the above are true statements.
ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 40. Advance encryption standard (AES) is a. a 64 -bit private key encryption technique b. a 128-bit private key encryption technique c. a 128-bit public key encryption technique d. a 256-bit public encryption technique that has become a U.S. government standard
ANS: B
PTS: 1
SHORT ANSWER 1. Briefly define an operating system. ANS: An integrated group of programs that supports the applications and facilitates their access to specified resources. PTS: 1 2. What is a virus? ANS: A virus is a program that attaches itself to another legitimate program in order to penetrate the operating system. PTS: 1 3. Describe one benefit of using a call-back device. ANS: Access to the system is achieved when the call-back device makes contact with an authorized user. This reduces the chance of an intruder gaining access to the system from an unauthorized remote location. PTS: 1 4. Contrast the Private Encryption Standard approach with the Public Key Encryption approach to controlling access to telecommunication messages. ANS: In the Private Encryption Standard approach, both the sender and the receiver use the same key to encode and decode the message. In the Public Key Encryption approach all senders receive a copy of the key used to send messages; the receiver is the only one with access to the key to decode the message. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 5. List three methods of controlling unauthorized access to telecommunication messages. ANS: call-back devices, data encryption, message sequence numbering, message authentication codes, message transaction logs, and request-response technique PTS: 1 6. Describe two ways that passwords are used to authorize and validate messages in the electronic data interchange environment. ANS: value-added networks use passwords to detect unauthorized transactions before they are transmitted to recipients; the recipient of the message can validate the password prior to translating the message; the recipient of the message can validate the password prior to processing the transaction PTS: 1 7. Explain how transactions are audited in an electronic data interchange environment. ANS: Firms using electronic data interchange maintain an electronic log of each transaction as it moves from receipt to translation to communication of the message. This transaction log restores the audit trail that was lost because no source documents exist. Verification of the entries in the log is part of the audit process. PTS: 1 8. What are some typical problems with passwords? ANS: users failing to remember passwords; failure to change passwords frequently; displaying passwords where others can see them; using simple, easy-to-guess passwords PTS: 1 9. Discuss the key features of the one-time password technique: ANS: The one-time password was designed to overcome the problems associated with reusable passwords. The user’s password changes continuously. This technology employs a credit card-sized smart card that contains a microprocessor programmed with an algorithm that generates, and electronically displays, a new and unique password every 60 seconds. The card works in conjunction with special authentication software located on a mainframe or network server computer. Each user’s card is synchronized to the authentication software, so that at any point in time both the smart card and the network software are generating the same password for the same user. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 10. Describe two tests of controls that would provide evidence that the database management system is protected against unauthorized access attempts. ANS: compare job descriptions with authority tables; verify that database administration employees have exclusive responsibility for creating authority tables and designing user subschemas; evaluate biometric and inference controls PTS: 1 11. What is event monitoring? ANS: Event monitoring summarizes key activities related to system resources. Event logs typically record the IDs of all users accessing the system; the time and duration of a user’s session; programs that were executed during a session; and the files, databases, printers, and other resources accessed. PTS: 1 12. What are the auditor's concerns in testing EDI controls? ANS: When testing EDI controls, the auditor's primary concerns are related to ascertaining that EDI transactions are authorized, validated, and in compliance with organization policy, that no unauthorized organizations gain access to records, that authorized trading partners have access only to approved data, and that adequate controls are in place to maintain a complete audit trail. PTS: 1 13. What is a database authorization table? ANS: The database authorization table contains rules that limit the actions a user can take. Each user is granted certain privileges that are coded in the authority table, which is used to verify the user’s action requests. PTS: 1 14. What is a user-defined procedure? ANS: A user-defined procedure allows the user to create a personal security program or routine to provide more positive user identification than a password can. For example, in addition to a password, the security procedure asks a series of personal questions (such as the user’s mother’s maiden name), which only the legitimate user is likely to know. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 15. What are biometric devices? ANS: Biometric devices measure various personal characteristics such as fingerprints, voiceprints, retina prints, or signature characteristics. These user characteristics are digitized and stored permanently in a database security file or on an identification card that the user carries. When an individual attempts to access the database, a special scanning device captures his or her biometric characteristics, which it compares with the profile data stored internally or on the ID card. If the data do not match, access is denied. PTS: 1 16.
What can be done to defeat a DDoS Attack? ANS: Intrusion Prevention Systems (IPS) that employ deep packet inspection (DPI) are a countermeasure to DDoS attacks. PTS: 1
17.
What is deep packet inspection? ANS: DPI is a technique that searches individual network packets for protocol non-compliance and can identify and classify malicious packets based on a database of known attack signatures. PTS: 1
18. Explain how smurf attacks can be controlled. ANS: The targeted organization can program their firewall to ignore all communication from the attacking site, once the attackers IP address is determined. PTS: 1 19. Explain how SYN Flood attacks can be controlled. ANS: Two things can be done: First, Internet hosts can program their firewalls to block outbound message packets that contain invalid internal IP addresses. Second, security software can scan for half-open connections that have not been followed by an ACK packet. The clogged ports can then be restored to allow legitimate connections to use them. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 20.
What problem is common to all private key encryption techniques? ANS: The more individuals who need to know the private key, the greater the probability of it falling into the wrong hands. If a perpetrator discovers the key, he or she can intercept and decipher coded messages. PTS: 1 ESSAY
1. What are the three security objectives of audit trails? Explain. ANS: Audit trails support system security objectives in three ways. By detecting unauthorized access to the system, the audit trail protects the system from outsiders trying to breach system controls. By monitoring system performance, changes in the system may be detected. The audit trail can also contribute to reconstructing events such as system failures, security breaches, and processing errors. In addition, the ability to monitor user activity can support increased personal accountability. PTS: 1 2. What is an operating system? What does it do? What are operating system control objectives? ANS: An operating system is a computer’s control program. It controls user sharing of applications and resources such as processors, memory, databases, and peripherals such as printers. Common PC operating systems include Windows 2000, Windows NT, and Linux. An operating system carries out three primary functions: translating high level languages into machine language using modules called compilers and interpreters; allocating computer resources to users, workgroups, and applications; and managing job scheduling and multiprogramming. Operating systems have five basic control objectives: 1. to protect itself from users, 2. to protect users from each other, 3. to protect users from themselves, 4. to protect it from itself, and 5. to protect itself from its environment. PTS: 1 3. Discuss three sources of exposure (threats) to the operating system. ANS: 1. Privileged personnel who abuse their authority. Systems administrators and systems programmers require unlimited access to the operating system to perform maintenance and to recover from system failures. Such individuals may use this authority to access users’ programs and data files. 2. Individuals both internal and external to the organization who browse the operating system to identify and exploit security flaws. 3. Individuals who intentionally (or accidentally) insert computer viruses or other forms of destructive programs into the operating system.
Accounting Information Systems, 9e—Test Bank, Chapter 16 PTS: 1 4. Discuss three techniques for breaching operating system controls. ANS: Browsing involves searching through areas of main memory for password information. Masquerading is a technique where a user is made to believe that he/she has accessed the operating system and therefore enters passwords, etc., that can later be used for unauthorized access. A virus is a program that attaches itself to legitimate software to penetrate the operating system. Most are destructive. A worm is software that replicates itself in memory. A logic bomb is a destructive program triggered by some "logical" condition–a matching date, e.g., Michelangelo's birthday. PTS: 1 5. A formal log-on procedure is the operating system’s first line of defense. Explain how this works. ANS: When the user logs on, he or she is presented with a dialog box requesting the user’s ID and password. The system compares the ID and password to a database of valid users. If the system finds a match, then the log-on attempt is authenticated. If, however, the password or ID is entered incorrectly, the log-on attempt fails and a message is returned to the user. The message should not reveal whether the password or the ID caused the failure. The system should allow the user to reenter the log-on information. After a specified number of attempts (usually no more than five), the system should lock out the user from the system. PTS: 1 6. Explain the concept of discretionary access privileges. ANS: In centralized systems, a system administrator usually determines who is granted access to specific resources and maintains the access control list. In distributed systems, however, resources may be controlled (owned) by end users. Resource owners in this setting may be granted discretionary access privileges, which allow them to grant access privileges to other users. For example, the controller, who is the owner of the general ledger, may grant read-only privileges to a manager in the budgeting department. The accounts payable manager, however, may be granted both read and write permissions to the ledger. Any attempt by the budgeting manager to add, delete, or change the general ledger will be denied. The use of discretionary access control needs to be closely supervised to prevent security breaches because of its liberal use. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 7. One purpose of a database system is the easy sharing of data. But this ease of sharing can also jeopardize security. Discuss at least three forms of access control designed to reduce this risk. ANS: Many types of access control are possible. A user view is a subset of a database that limits a user’s view or access to the database. The database authorization table contains rules that limit what a user can do, i.e., read, insert, modify, delete. A user-defined procedure adds additional queries to user access to prevent others from accessing in a specific user’s place. To protect the data in a database, many systems use data encryption to make it unreadable by intruders. A newer technique uses biometric devices to authenticate users. PTS: 1 8. Explain how the one-time password approach works. ANS: Under this approach, the user’s password changes continuously. To access the operating system, the user must provide both a secret reusable personal identification number (PIN) and the current one-time only password for that point in time. One technology employs a credit-card-sized device (smart card) that contains a microprocessor programmed with an algorithm that generates, and visually displays, a new and unique password every 60 seconds. The card works in conjunction with special authentication software located on a mainframe host or network server computer. At any point in time both the smart card and the network software are generating the same password for the same user. To access the network, the user enters the PIN followed by the current password displayed on the card. The password can be used one time only. PTS: 1 9. Network communication poses some special types of risk for a business. What are the two broad areas of concern? Explain. ANS: Two general types of risk exist when networks communicate with each other–risks from subversive threats and risks from equipment failure. Subversive threats include interception of information transmitted between sender and receiver, computer hackers gaining unauthorized access to the organization’s network, and denial-of-service attacks from remote locations on the Internet. Methods for controlling these risks include firewalls, encryption, digital signatures, digital certificates, message transaction logs, and call-back devices. Equipment failure can be the result of line errors. The problems can be minimized with the help of echo checks, parity checks, and good backup control. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 16 10. What is EDI? How does its use affect the audit trail? ANS: Electronic data interchange is an arrangement which links the computer systems of two trading partners to expedite sales/purchases. The buying company’s purchasing system creates and transmits a purchase order electronically in an agreed format, either directly or through a value-added network. The selling company receives the information, and it is converted electronically into a sales order. The absence of paper documents in an EDI transaction disrupts the traditional audit trail. This can be compensated for through the use of transaction logs which can be reconciled. PTS: 1 11.
Describe three ways in which IPS can be used to protect against DDoS Attacks? ANS: 1) IPS cam work inline with a firewall at the perimeter of the network to act as a filer that removes malicious packets from the flow before they can affect servers and networks. 2) IPS may be used behind the firewall to protect specific network segments and servers. 3) IPS can be employed to protect an organization from becoming part of a botnet by inspecting outbound packets and blocking malicious traffic before it reaches the Internet. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 17
Chapter 17—IT Controls Part III: Systems Development, Program Changes, and Application Controls TRUE/FALSE 1. Users need to be activity involved in the systems development process. ANS: T
PTS: 1
2. All systems should be informally approved to ensure economic justification and feasibility. ANS: F
PTS: 1
3. The technical design activities translate a set of detailed technical specifications for a system into user specifications. ANS: F
PTS: 1
4. All program modules must be thoroughly tested before they are implemented. ANS: T
PTS: 1
5. Meaningful test data is relatively easy to create. ANS: F
PTS: 1
6. To verify the module’s internal logic, the programmer compares the actual results obtained from the test with the predetermined results. ANS: T
PTS: 1
7. The user test and acceptance procedure is the last point at which the user can determine the system’s acceptability prior to it going into service. ANS: T
PTS: 1
8. To support future audit needs, test data prepared during systems implementation should be preserved. ANS: T
PTS: 1
9. Maintenance access to systems increases the risk that logic will be corrupted either by the accident or intent to defraud. ANS: T
PTS: 1
10. One of the auditor’s objectives relating to systems development is to authorize development projects. ANS: F
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 17 11. The longest period in the SDLC is the maintenance phase. ANS: T
PTS: 1
12. Source program library controls should prevent and detect unauthorized access to application programs. ANS: T
PTS: 1
13. The presence of a SPLMS effectively guarantees program integrity. ANS: F
PTS: 1
14. Programs in their compiled state are very susceptible to the threat of unauthorized modification. ANS: F
PTS: 1
15. When using the test data method, the presence of multiple error messages indicates a flaw in the preparation of test transactions. ANS: F 16.
PTS: 1
The black box approach to testing computer applications allows the auditor to explicitly review program logic. ANS: F
PTS: 1
17. A salami fraud affects a large number of victims, but the harm to each appears to be very small. ANS: T
PTS: 1
18. The black box approach to testing computer program controls is also known as auditing around the computer. ANS: T
PTS: 1
19. The base case system evaluation is a variation of the test data method. ANS: T
PTS: 1
20. Tracing is a method used to verify the logical operations executed by a computer application. ANS: T
PTS: 1
21. Generalized audit software packages are used to assist the auditor in performing substantive tests. ANS: T
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 17 22. The results of a parallel simulation are compared to the results of a production run in order to judge the quality of the application processes and controls. ANS: T
PTS: 1
23. Firms with an independent internal audit staff may conduct tests of the system development life cycle on an ongoing basis. ANS: T
PTS: 1
24. The programmer’s authority table will specify the libraries a programmer may access. ANS: T
PTS: 1
25. Use of the integrated test facility poses no threat to organizational data files. ANS: F
PTS: 1
MULTIPLE CHOICE 1. Which of the following statements is NOT true? a. All systems should be properly authorized to ensure their economic justification and feasibility. b. Users need not be actively involved in the systems development process. c. All program modules must be thoroughly tested before they are implemented. d. The task of creating meaningful test data is time-consuming. ANS: B
PTS: 1
2. Which control is not associated with new systems development activities? a. reconciling program version numbers b. program testing c. user involvement d. internal audit participation ANS: A
PTS: 1
3. Routine maintenance activities require all of the following controls except a. documentation updates b. testing c. formal authorization d. internal audit approval ANS: D
PTS: 1
4. Which statement is correct? a. compiled programs are very susceptible to unauthorized modification b. the source program library stores application programs in source code form c. modifications are made to programs in machine code language d. the source program library management system increases operating efficiency ANS: B
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 17 5. Which control is not a part of the source program library management system? a. using passwords to limit access to application programs b. assigning a test name to all programs undergoing maintenance c. combining access to the development and maintenance test libraries d. assigning version numbers to programs to record program modifications ANS: C
PTS: 1
6. Which control ensures that production files cannot be accessed without specific permission? a. Database Management System b. Recovery Operations Function c. Source Program Library Management System d. Computer Services Function ANS: C
PTS: 1
7. Program testing a. involves individual modules only, not the full system b. requires creation of meaningful test data c. need not be repeated once the system is implemented d. is primarily concerned with usability ANS: B
PTS: 1
8. To meet the governance-related expectations of management under SOX, an organization’s internal audit department needs to be a. independent b. objective c. technically qualified d. All of the above are true. ANS: D
PTS: 1
9. Which test of controls will provide evidence that the system as originally implemented was free from material errors and free from fraud? Review of the documentation indicates that a. a cost-benefit analysis was conducted b. the detailed design was an appropriate solution to the user's problem c. tests were conducted at the individual module and total system levels prior to implementation d. problems detected during the conversion period were corrected in the maintenance phase ANS: C
PTS: 1
10. Which statement is not true? a. An audit objective for systems maintenance is to detect unauthorized access to application databases. b. An audit objective for systems maintenance is to ensure that applications are free from errors. c. An audit objective for systems maintenance is to verify that user requests for maintenance reconcile to program version numbers. d. An audit objective for systems maintenance is to ensure that the production libraries are protected from unauthorized access. ANS: A
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 17 11. When the auditor reconciles the program version numbers, which audit objective is being tested? a. protect applications from unauthorized changes b. ensure applications are free from error c. protect production libraries from unauthorized access d. ensure incompatible functions have been identified and segregated ANS: A
PTS: 1
12. When auditors do not rely on a detailed knowledge of the application's internal logic, they are performing a. black box tests of program controls b. white box tests of program controls c. substantive testing d. intuitive testing ANS: A
PTS: 1
13. All of the following concepts are associated with the black box approach to auditing computer applications except a. the application need not be removed from service and tested directly b. auditors do not rely on a detailed knowledge of the application's internal logic c. the auditor reconciles previously produced output results with production input transactions d. this approach is used for complex transactions that receive input from many sources ANS: D
PTS: 1
14. Which test is not an example of a white box test? a. determining the fair value of inventory b. ensuring that passwords are valid c. verifying that all pay rates are within a specified range d. reconciling control totals ANS: A
PTS: 1
15. When analyzing the results of the test data method, the auditor would spend the least amount of time reviewing a. the test transactions b. error reports c. updated master files d. output reports ANS: A
PTS: 1
16. All of the following are advantages of the test data technique except a. auditors need minimal computer expertise to use this method b. this method causes minimal disruption to the firm's operations c. the test data is easily compiled d. the auditor obtains explicit evidence concerning application functions ANS: C
PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 17 17. All of the following are disadvantages of the test data technique except a. the test data technique requires extensive computer expertise on the part of the auditor b. the auditor cannot be sure that the application being tested is a copy of the current application used by computer services personnel c. the auditor cannot be sure that the application being tested is the same application used throughout the entire year d. preparation of the test data is time-consuming ANS: A
PTS: 1
18. All of the following statements are true about the integrated test facility (ITF) except a. production reports are affected by ITF transactions b. ITF databases contain "dummy" records integrated with legitimate records c. ITF permits ongoing application auditing d. ITF does not disrupt operations or require the intervention of computer services personnel ANS: A
PTS: 1
19. Which statement is not true? Embedded audit modules a. can be turned on and off by the auditor. b. reduce operating efficiency. c. may lose their viability in an environment where programs are modified frequently. d. identify transactions to be analyzed using white box tests. ANS: D
PTS: 1
20. Generalized audit software packages perform all of the following tasks except a. recalculate data fields b. compare files and identify differences c. stratify statistical samples d. analyze results and form opinions ANS: D
PTS: 1
SHORT ANSWER 1. Contrast the source program library (SPL) management system to the database management system (DBMS). ANS: The SPL software manages program files and the DBMS manages data files. PTS: 1 2. Describe two methods used to control the source program library. ANS: passwords, separation of development programs from maintenance programs, program management reports, program version numbers, controlling maintenance commands PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 17 3. New system development activity controls must focus on the authorization, development, and implementation of new systems and its maintenance. Discuss at least five control activities that are found in an effective system development life cycle. ANS: System authorization activities assure that all systems are properly authorized to ensure their economic justification and feasibility. User specification activities should not be stifled by technical issues. Users can provide written description of the logical needs that must be satisfied by the system. Technical design activities must lead to specifications that meet user needs. Documentation is both a control and evidence of control. Internal audit involvement should occur throughout the process to assure that the system will serve user needs. Program testing is to verify that data is processed as intended. PTS: 1 4. A appears to be very small.
fraud affects a large number of victims but the harm to each
ANS: salami PTS: 1 5. Describe a test of controls that would provide evidence that only authorized program maintenance is occurring. ANS: reconcile program version numbers, confirm maintenance authorizations PTS: 1 6. Auditors do not rely on detailed knowledge of the application's internal logic when they use the approach to auditing computer applications. ANS: black box or audit around the computer PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 17 7. Describe parallel simulation. ANS: The auditor writes a program that simulates the application under review. The simulation is used to reprocess production transactions that were previously processed by the production application. The results of the simulation are compared to the results of the original production run. PTS: 1 8. What is meant by auditing around the computer versus auditing through the computer? Why is this so important? ANS: Auditing around the computer involves black box testing in which the auditors do not rely on a detailed knowledge of the application's internal logic. Input is reconciled with corresponding output. Auditing through the computer involves obtaining an in-depth understanding of the internal logic of the computer application. As transactions become increasingly automated, the inputs and outputs may become decreasingly visible. Thus, the importance of understanding the programming components of the system is crucial. PTS: 1 9. What is an embedded audit module? ANS: EAM techniques use one or more specially programmed modules embedded in a host application to select and record predetermined types of transactions for subsequent analysis. This method allows material transactions to be captured throughout the audit period. The auditor's substantive testing task is thus made easier since they do not have to identify significant transactions for substantive testing. PTS: 1 10. What are the audit’s objectives relating to systems development? ANS: The auditor’s objectives are to ensure that (1) systems development activities are applied consistently and in accordance with management’s policies to all systems development projects; (2) the system as originally implemented was free from material errors and fraud; (3) the system was judged necessary and justified at various checkpoints throughout the SDLC; and (4) system documentation is sufficiently accurate and complete to facilitate audit and maintenance activities. PTS: 1 11.
What are program version numbers and how are the used? ANS: The SPLMS assigns a version number automatically to each program stored on the SPL. When programs are first placed in the libraries (at implementation), they are assigned version number zero. With each modification to the program, the version number is increased by one. PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 17 12.
Identify six controllable activities that distinguish an effective systems development process. ANS: Systems authorization activities, user specification activities, technical design activities, internal audit participation, program testing, and user test and acceptance procedures. PTS: 1
13. What are CAATS? Identify five of them. ANS: Through-the-computer testing employs computer-assisted audit tools and techniques (CAATTs) and requires an in-depth understanding of the internal logic of the application under review. Five CAATTs include the test data method, base case system evaluation, tracing, integrated test facility, and parallel simulation. PTS: 1 14. What is ITF? ANS: ITF stands for integrated test facility, an automated technique that enables the auditor to test an application’s logic and controls during its normal operation. PTS: 1 15. What is GAS? Identify two examples of GAS products. ANS: Generalized Audit Software (GAS) is a widely used CAATT for IT auditing that allows auditors to access digital data files and perform various operations on the contents. ACL and IDEA are currently the leading GAS products, but others exist with similar features. PTS: 1 ESSAY 1. Outline the six controllable activities that relate to new systems development ANS: Systems Authorization Activities: All systems should be properly authorized to ensure their economic justification and feasibility. This requires a formal environment in which users submit requests to systems professionals in written form. User Specification Activities: Users need to be actively involved in the systems development process. Users should create a detailed written description of their needs. It should describe the user’s view of the problem, not that of the systems professionals. Technical Design Activities: The technical design activities translate user specifications into a set of detailed technical specifications for a system that meets the user’s needs. The scope of these activities includes systems analysis, feasibility analysis, and detailed systems design.
Accounting Information Systems, 9e—Test Bank, Chapter 17 Internal Audit Participation: To meet the governance-related expectations of management under SOX, an organization’s internal audit department needs to be independent, objective, and technically qualified. As such, the internal auditor can play an important role in the control of systems development activities. Program Testing: All program modules must be thoroughly tested before they are implemented. This involves creating hypothetical master files and transactions files that are processed by the modules being tested. The results of the tests are then compared against predetermined results to identify programming and logic errors. User Test and Acceptance Procedures: Prior to system implementation, the individual modules of the system need to be formally and rigorously tested as a whole. The test team should comprise of user personnel, systems professionals, and internal auditors. The details of the tests performed and their results need to be formally documented and analyzed. Once the test team is satisfied that the system meets its stated requirements, the system can be transferred to the user. PTS: 1 2. Describe two tests of controls the auditor can use confirm that authorization procedures for program changes. ANS: RECONCILE PROGRAM VERSION NUMBERS. The permanent file of the application should contain program change authorization documents that correspond to the current version number of the production application. In other words, if the production application is in its tenth version, there should be ten program change authorizations in the permanent file as supporting documentation. Any discrepancies between version numbers and supporting documents may indicate that unauthorized changes were made. CONFIRM MAINTENANCE AUTHORIZATION. The program maintenance authorization should indicate the nature of the change requested and the date of the change. The appropriate management from both computer services and the user departments should also sign and approve it. The auditor should confirm the facts contained in the maintenance authorization and verify the authorizing signatures with the managers involved. PTS: 1 3. Describe and contrast the test data method with the integrated test facility. ANS: In the test data method, a specially prepared set of input data is processed; the results of the test are compared to predetermined expectations. To use the test data method, a copy of the current version of the application must be obtained. The auditor will review printed reports, transaction listings, error reports, and master files to evaluate application logic and control effectiveness. The test data approach results in minimal disruption to the organization's operations and requires little computer expertise on the part of auditors. The integrated test facility (ITF) is an automated approach that permits auditors to test an application's logic and controls during its normal operation. ITF databases contain test records integrated with legitimate records. During normal operations, test transactions are entered into the stream of regular production transactions and are processed against the test records. The ITF transactions are not included with the production reports but are reported separately to the auditor for evaluation. The auditor compares ITF results against expected results.
Accounting Information Systems, 9e—Test Bank, Chapter 17 In contrast to the test data approach, the ITF technique promotes ongoing application auditing and does not interfere with the normal work of computer services employees. In the test data approach, there is a risk that the auditor might perform the tests on a version of the application other than the production version; this cannot happen in the ITF approach. Both versions are relatively costly to implement. The major risk with the ITF approach is that ITF data could become combined with live data and the reports would be misstated; this cannot happen in the test data approach. PTS: 1 4. Contrast embedded audit modules with generalized audit software. ANS: Both techniques permit auditors to access, organize, and select data in support of the substantive phase of the audit. The embedded audit module (EAM) technique embeds special audit modules into applications. The EAM captures specific transactions for auditor review. EAMs reduce operational efficiency and are not appropriate for environments with a high level of program maintenance. Generalized audit software (GAS) permits auditors to electronically access audit files and to perform a variety of audit procedures. For example the GAS can recalculate, stratify, compare, format, and print the contents of files. The EAM is an internal program that is designed and programmed into the application. The GAS is an external package that does not affect operational efficiency of the program. GASs are easy to use, require little IT background on the part of the user, are hardware independent, can be used without the assistance of computer service employees, and are not application-specific. On the other hand, EAMs are programmed into a specific application by computer service professionals. PTS: 1 5. What is the purpose of the auditor's review of SDLC documentation? ANS: In reviewing the SDLC documentation, the auditor seeks to determine that completed projects now in use reflect compliance with SDLC policies including: User and computer services management properly authorized the project. A preliminary feasibility study showed that the project had merit. A detailed analysis of user needs was conducted that resulted in alternative conceptual designs. A cost-benefit analysis was conducted using reasonably accurate figures. The detailed design was an appropriate and accurate solution to the user’s problem. Test results show that the system was thoroughly tested at both the individual module and the total system level before implementation. (To confirm these test results, the auditor may decide to retest selected elements of the application.) There is a checklist of specific problems detected during the conversion period, along with evidence that they were corrected in the maintenance phase. Systems documentation complies with organizational requirements and standards PTS: 1
Accounting Information Systems, 9e—Test Bank, Chapter 17 6.
Discuss the six general categories of tests of IT controls. ANS:
Access tests verify that individuals, programmed procedures, or messages attempting to access a system are authentic and valid. Access tests include verifications of user IDs, passwords, valid vendor codes, and authority tables. Validity tests ensure that the system processes only data values that conform to specified tolerances. These tests also apply to transaction approvals, such as verifying that credit checks and AP three-way matches are properly performed by applications. Accuracy tests ensure that mathematical calculations are accurate and posted to the correct accounts. Completeness tests identify missing data within a single record and entire records missing from a batch. Tests include field tests, record sequence tests and recalculation of has totals and financial control totals. Redundancy tests determine that an application processes each record only once and include reviewing record counts and recalculation of has totals and financial control totals. Audit trail tests ensure that the application creates an adequate audit trail. Tests include obtaining evidence that the application records all transactions, posts data values appropriately, and generates error files and reports for all exceptions. PTS: 1
7. Discuss the three types of controls auditors can perform to determine that programs are free from material errors. ANS: Reconcile the source code. Each application’s permanent file should contain the current program listing and listings of all changes made to the application. These documents describe the application’s maintenance history in detail. The nature of the program change should be clearly stated on the authorization document. The auditor should select a sample of applications and reconcile each program change with the appropriate documents. Review the tests results. Every program change should be thoroughly tested before being implemented. Test procedures should be properly documented as to test objective, test data and processing results. The auditor should review this record for each significant program change to establish that testing was sufficiently rigorous to identify any errors. Retest the program. The auditor can retest the application to confirm its integrity. PTS: 1