TEST BANK for Accounting Information Systems 11th Edition Bodnar Hopwood Richard B. Dull by welldoneassistant

Accounting Information Systems 11th Edition Bodnar Hopwood Richard B. Dull (Test Bank, For All Chapters 100% Original Verified,A + Grade)

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 1 Accounting Information Systems: An Overview 1) A system is a collection of related resources designed to help a company achieve specified objectives. Answer: TRUE Diff: 1 Learning Obj.: 1 2) Accounting information systems are designed to gather and utilize information which may cost more to provide than it is worth to the user. Answer: FALSE Diff: 2 Learning Obj.: 1 3) The basic goal of accounting information systems is to convert financial data into information. Answer: TRUE Diff: 1 Learning Obj.: 1 4) Quick-response systems are essential to the total quality performance movement in business. Answer: TRUE Diff: 1 Learning Obj.: 4 5) All data processed and information stored in an accounting information system are mandatory for financial reporting purposes. Answer: FALSE Diff: 2 Learning Obj.: 1 6) A typical CRM contains one common database in which all departments with customer contact can access and update. Answer: TRUE Diff: 1 Learning Obj.: 3 7) A company can use QR codes to provide a convenient way to direct customers to its Web site by embedding them in advertising, such as magazines or in-store displays. Answer: TRUE Diff: 1 Learning Obj.: 4

8) An extended enterprise brings suppliers and customers together in order to meet customer demand while minimizing supplier costs. Answer: FALSE Diff: 1 Learning Obj.: 4 9) Procurement and firm infrastructure are examples of primary business processes. Answer: FALSE Diff: 3 Learning Obj.: 1 10) Good documentation means that records should be maintained by all parties involved in a transaction. Answer: TRUE Diff: 1 Learning Obj.: 1 11) Some organizations that use computers to process transactional data must have an information system function. Answer: FALSE Diff: 2 Learning Obj.: 2 12) The operations function allows specialization in areas such as operating systems and software and communications technology. Answer: FALSE Diff: 3 Learning Obj.: 2 13) Cloud computing describes the increasing trend for data processing capabilities to be provided as a service via the Internet. Answer: TRUE Diff: 1 Learning Obj.: 4 14) Most batch processing environments are JIT environments. Answer: FALSE Diff: 2 Learning Obj.: 3 15) XBRL is a language that facilitates the exchange of financial statements over the Internet. Answer: TRUE Diff: 2 Learning Obj.: 4

16) External users of accounting information include stockholders, investors, creditors, government agencies, customers and vendors, competitors, labor unions, and the public at large. Answer: TRUE Diff: 1 Learning Obj.: 1 17) A decision support system (DSS) is tailored to the strategic information needs of top-level management. Answer: FALSE Diff: 1 Learning Obj.: 3 18) The AIS benefits of information technology include automation, information organization, and communication. Answer: TRUE Diff: 1 Learning Obj.: 3 19) AIS application architecture currently focuses on automating the traditional accounting cycle. Answer: FALSE Diff: 2 Learning Obj.: 3 20) MRP and MRP II software was created to aid in Supply Chain Management (SCM). Answer: TRUE Diff: 2 Learning Obj.: 3 21) In CIM systems, computers control management-designed parts of the manufacturing process. Answer: FALSE Diff: 2 Learning Obj.: 3 22) Flexible manufacturing systems can be reprogrammed to produce entirely different products. Answer: TRUE Diff: 1 Learning Obj.: 4 23) The process management approach aids in the management and improvement of a company's processes in order to increase customer satisfaction while ignoring the company's cost structure. Answer: FALSE Diff: 2 Learning Obj.: 4

24) ERPs should reduce data duplication, increase communication between functional areas, and reduce complications of software updates. Answer: TRUE Diff: 2 Learning Obj.: 3 25) ERPs can either be industry-specific or based around "best practices" of various sized companies. Answer: TRUE Diff: 1 Learning Obj.: 3 26) ERPs are inexpensive and relatively easy to implement. Answer: FALSE Diff: 1 Learning Obj.: 3 27) ERP II adds an Enterprise Application Suite (EAS) to aid in the communication between functional areas. Answer: FALSE Diff: 2 Learning Obj.: 3 28) Business processes are always triggered by some economic event, and all have clearly defined starting and ending points. Answer: TRUE Diff: 2 Learning Obj.: 1 29) A key characteristic and benefit of business processes is that they are always limited to one functional area of the information system. Answer: FALSE Diff: 2 Learning Obj.: 1 30) Analyzing a company's value chain aids in the identification of a company's competitive advantages. Answer: TRUE Diff: 2 Learning Obj.: 1 31) Operational transaction cycles have traditionally grouped activities of a business into six common operational processes. Answer: FALSE Diff: 2 Learning Obj.: 1 4 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

32) Transactions are used by auditors to verify account balances and internal controls. Answer: TRUE Diff: 2 Learning Obj.: 1 33) The internal audit function and the accounting functions should not be segregated in order to increase a company's internal control. Answer: FALSE Diff: 2 Learning Obj.: 1 34) The director of internal auditing should report directly to the controller of the company. Answer: FALSE Diff: 2 Learning Obj.: 1 35) The treasurer is responsible for the budgeting and tax planning aspects of a business. Answer: FALSE Diff: 2 Learning Obj.: 1 36) The essence of cloud computing is that data storage is maintained by the end-user. Answer: FALSE Diff: 1 Learning Obj.: 4 37) A steering committee consists of high-level members of user functions such as manufacturing and marketing, as well as the head of the information system function and several of his or her staff. Answer: TRUE Diff: 2 Learning Obj.: 2 38) An information center is a support facility for end users in an organization. Answer: TRUE Diff: 1 Learning Obj.: 2 39) DBMS is the hands-on use of computers by end users. Answer: FALSE Diff: 2 Learning Obj.: 4 40) Quick Response code is a three-dimensional bar code. Answer: FALSE Diff: 1 Learning Obj.: 4 5 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

41) EDI is a key component to quick-response technology systems. Answer: TRUE Diff: 2 Learning Obj.: 4 42) The philosophy that one should do the right thing the first time is better known as TQM or TQP. Answer: TRUE Diff: 2 Learning Obj.: 4 43) RFID tags are used for tracking objects within a quick-response system. Answer: TRUE Diff: 1 Learning Obj.: 4 44) Only active RFID tags transmit signals containing digital information to receivers. Answer: FALSE Diff: 1 Learning Obj.: 4 45) Lean manufacturing focuses on eliminating waste from the entire value chain. Answer: FALSE Diff: 1 Learning Obj.: 4 46) A just-in-time manufacturing system is one form of lean manufacturing. Answer: TRUE Diff: 1 Learning Obj.: 4 47) Microsoft sponsors the Web TrustTM seal of approval to certain Web sites that meet their security and integrity criteria. Answer: FALSE Diff: 2 Learning Obj.: 4 48) Electronic data interchange (EDI) is the direct computer-to-end-user exchange of business documents via a communications network. Answer: FALSE Diff: 1 Learning Obj.: 4 49) ANSI X.12 is a public EDI standard. Answer: TRUE Diff: 3 Learning Obj.: 4 6 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

50) The SEC requires that all companies must file their financial reports electronically using XBRL. Answer: FALSE Diff: 2 Learning Obj.: 4 51) FedWire is a retail EFT system used for telephone wire transfers and payments. Answer: FALSE Diff: 2 Learning Obj.: 4 52) E-waste refers to dollars spent on unsuccessful implementations and technologies. Answer: FALSE Diff: 2 Learning Obj.: 4 53) Green IT states system design should include a plan for recycling and reusing system components. Answer: TRUE Diff: 1 Learning Obj.: 4 54) A systems development project consists of ________ general phases. Answer: three Diff: 1 Learning Obj.: 3 55) The purpose of the ________ approach is to assist in the orderly development of effective systems. Answer: systems Diff: 2 Learning Obj.: 3 56) Many companies prefer business process ________ because they find it more cost-effective than designing their own system from the ground up. Answer: blueprinting Diff: 2 Learning Obj.: 1 57) A philosophy of ________ design fosters a set of attitudes and an approach to systems development that consciously considers the organizational context. Answer: user-oriented Diff: 2 Learning Obj.: 3

58) Middle management uses ________ information in an organization. Answer: tactical Diff: 2 Learning Obj.: 2 59) The source for most information used by lower-level managers is largely ________. Answer: internal Diff: 2 Learning Obj.: 2 60) There are ________ major categories of information systems within an organization. Answer: seven Diff: 2 Learning Obj.: 2 61) A(n) ________ information system is tailored to the strategic information needs of top-level management. Answer: executive Diff: 1 Learning Obj.: 4 62) A(n) ________ ________ ________ system manages all contact with customers. Answer: customer relation management CRM Diff: 1 Learning Obj.: 3 63) A(n) ________ ________ ________ system encompasses the planning and management of all activities involved in sourcing, procurement, conversion, and logistics management activities. Answer: supply chain management SCM Diff: 1 Learning Obj.: 3 64) A group of loosely connected companies that work together to maximize the value of their economic outputs is a(n) ________ ________. Answer: extended enterprise Diff: 2 Learning Obj.: 3 65) The IT benefits for AISs are ________, ________, and ________. Answer: automation, information organization, and communication Diff: 2 Learning Obj.: 3

66) Application ________ involves the process of ensuring the suite of organization's applications work together in order to meet organizational goals and objectives. Answer: architecture Diff: 2 Learning Obj.: 3 67) ________ software assists management in managing inventories and scheduling production. Answer: MRP Diff: 1 Learning Obj.: 3 68) In ________ ________ ________, computers take control of the entire production process (CIM) but also can be reprogrammed so the same processes can produce entirely different products. Answer: flexible manufacturing systems FMSs FMS Diff: 2 Learning Obj.: 3 69) The ________ management approach involves the application of knowledge, skills, tools, techniques and systems to manage and improve organizational processes to better meet customers' needs and maximize profitability. Answer: process Diff: 2 Learning Obj.: 3 70) The ISO 9001 is a(n) ________-management standard published by the International Standards Organization. Answer: quality Diff: 2 Learning Obj.: 3 71) ________ ________ ________ combines functional information systems in a single software package and a single database. Answer: Enterprise resource planning ERP Diff: 1 Learning Obj.: 3 72) ERP II adds collaborative ________ to ERP. Answer: commerce Diff: 2 Learning Obj.: 3

73) Enterprise ________ suite uses a group of individual packages that work with each other on a Web browser as opposed to one large ERP software package. Answer: application Diff: 2 Learning Obj.: 3 74) The linking of applications in a suite is facilitated through a(n) ________ ________ ________. Answer: service oriented architecture SOA Diff: 2 Learning Obj.: 3 75) A business process is an interrelated set of tasks that involve data, ________ units, and a logical time sequence. Answer: organizational Diff: 3 Learning Obj.: 1 76) A simple way of viewing the company's activities in a manner suited to analyzing its competitive advantages is known as the ________ ________. Answer: value chain Diff: 1 Learning Obj.: 1 77) The controller is the executive in charge of ________ activities of the organization, while the treasurer supervises the ________ activities. Answer: accounting; financial Diff: 1 Learning Obj.: 1 78) Events related to the acquisition of goods and services from other entities and the settlement of related obligations are in the ________ cycle; events related to the transformation of resources into goods and services are in the ________ cycle. Answer: expenditure; production Diff: 1 Learning Obj.: 1 79) A common violation of the ________ principle is the delegation of both accounting and financial responsibilities to the same individual or department. Answer: segregation Diff: 2 Learning Obj.: 1

80) The ________ is the head of the information systems function in an organization. Answer: CIO chief information officer Diff: 2 Learning Obj.: 2 81) A(n) ________ committee is an advisory group who can influence the policies, budget, and planning of information services within an organization. Answer: steering Diff: 2 Learning Obj.: 2 82) Radio frequency identification tags (RFID) can be either ________, ________, or ________. Answer: active, passive, or semi-passive Diff: 3 Learning Obj.: 4 83) The main focus of ________ manufacturing is eliminating waste and improving production flow. Answer: lean Diff: 1 Learning Obj.: 3 84) The three major categories of waste under the original Toyota Production System (TPS) are ________, ________, and ________. Answer: muda, muri, and mura Diff: 3 Learning Obj.: 4 85) Green IT is concerned with reducing ________ through recycling and reusing electronic products rather than discarding these products. Answer: e-waste Diff: 1 Learning Obj.: 4 86) A just-in-time (JIT) environment is characterized by activities occurring in a(n) ________ ________ environment. Answer: continuous flow Diff: 1 Learning Obj.: 3 87) A(n) ________ ________ ________ is a type of information system that supports nonroutine needs for information, while ________ systems support routine, nonrecurring information needs. Answer: decision support system; DP Diff: 2 Learning Obj.: 3 11 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

88) ________ is an automated clearing house system used for the clearing of Eurodollar payments between U.S. and non-U.S. financial institutions. Answer: CHIPS Diff: 3 Learning Obj.: 4 89) The term that best describes an information system that is tailored to the strategic information needs of top-level management is a(n) A) accounting information system. B) expert system. C) executive information system. D) EDP system. Answer: C Diff: 1 Learning Obj.: 4 90) ________ are the only physical items that are absolutely required for a user of cloud computing. A) A data storage unit and an Internet connection B) A Web browser and a RFID card C) A QR reader and an Internet connection D) A Web browser and an Internet connection Answer: D Diff: 1 Learning Obj.: 4 91) Which of the following is not a common transaction processing cycle found in business organizations? A) Expenditure cycle B) Accounting cycle C) Production cycle D) Revenue cycle Answer: B Diff: 2 Learning Obj.: 1 92) Which of the following transaction processing cycles concerns events related to the distribution of goods and services to other organizations and the collection of related payments? A) Production B) Expenditure C) Financial reporting D) Revenue Answer: D Diff: 1 Learning Obj.: 1

93) The transaction processing cycle that is concerned with the events related to the transformation of resources into goods and services is A) production. B) revenue. C) financial reporting. D) expenditure. Answer: A Diff: 1 Learning Obj.: 1 94) A system that manages all contacts with customers is a ________ system. A) customer value chain B) customer relation management C) customer supply chain management D) customer requirements planning Answer: B Diff: 1 Learning Obj.: 1 95) A(n) ________ is a group of loosely connected companies that work together to maximize the value of their economic outputs. A) extended enterprise B) enterprise resource planners C) enterprise suite D) value chain consortium Answer: A Diff: 2 Learning Obj.: 1 96) A(n) ________ system encompasses the planning and management of all activities involved in sourcing, procurement, conversion, and logistics management activities. A) CRM B) SCM C) DS D) ES Answer: B Diff: 2 Learning Obj.: 3 97) The fundamental benefits of information technology for AISs include the following except A) communication. B) information organization. C) systems development. D) automation. Answer: C Diff: 1 Learning Obj.: 1 13 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

98) ________ involves the process of ensuring the suite of organization's applications work together as a composite application according to the goals and objectives of the organization. A) Applications requirements planning B) Enterprise application structure C) Enterprise resource planning D) Applications architecture Answer: D Diff: 2 Learning Obj.: 3 99) Material requirements planning software assists management in managing A) inventories. B) overhead. C) scheduling production. D) both inventories and scheduling production. Answer: D Diff: 2 Learning Obj.: 3 100) The international quality-management standard credited for promoting the process management approach is the A) Six Sigma. B) ISA-95. C) ISO 9001. D) ISA-Y2K. Answer: C Diff: 2 Learning Obj.: 3 101) Which systems permit the reprogramming of computers to produce entirely different products in the same manufacturing facility with the same equipment? A) MRP and MRP II B) CIMs and FMSs C) ESs and FMSs D) ERPs and MRPs Answer: B Diff: 2 Learning Obj.: 3

102) A complete systems solution involving one software package and one database is referred to as A) ERP. B) MRP. C) SCM. D) DSS. Answer: A Diff: 1 Learning Obj.: 3 103) The following are benefits of an ERP except for the ability A) to eliminate data duplication and redundancy. B) to standardize data formats. C) to easily share data from various departments. D) to easily customize software to meet company needs. Answer: D Diff: 1 Learning Obj.: 3 104) Groups of organizations working together to create new products, new process methods, and/or human capital intelligence is referred to as a(n) A) ERP. B) e-commerce. C) collaborative commerce. D) application consortium. Answer: C Diff: 2 Learning Obj.: 3 105) A group of individual software applications designed to run in Web browsers and facilitated through a service oriented architecture (SOA) is referred to as a(n) A) ERP II. B) application architecture. C) value chain application suite. D) enterprise application suite. Answer: D Diff: 2 Learning Obj.: 3

106) What language facilitates business-to-business commerce through the extended value chain, which includes both manufacturers and their suppliers? A) VCML B) XBRL C) HTML D) COBOL Answer: A Diff: 3 Learning Obj.: 1 107) The staff position which would generally report to the treasurer rather than to the controller is A) budgeting. B) accounts payable. C) credit manager. D) cost accounting. Answer: C Diff: 1 Learning Obj.: 1 108) The high-level executive who supervises accounting functions such as budgeting, billing, and payroll is known as the A) treasurer. B) controller. C) chief information officer. D) chief internal auditor. Answer: B Diff: 2 Learning Obj.: 1 109) The three general phases of systems development projects and the order in which they occur are A) systems design, systems implementation, and systems analysis. B) systems design, systems implementation, and systems auditing. C) systems design, systems analysis, and systems programming. D) systems analysis, systems design, and systems implementation. Answer: D Diff: 2 Learning Obj.: 3

110) Quick Response reader application can typically ________. A) open a Web site B) display a video C) display text D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 4 111) When information levels within an organization are viewed as a pyramid, strategic information is used primarily by A) lower-level management. B) top-level management. C) middle management. D) lower-level and middle management. Answer: B Diff: 2 Learning Obj.: 2 112) From an organization's viewpoint, a distinction can be drawn between the following two broad classes of accounting information. A) Historical and future B) Strategic and operational C) Internal and external D) Mandatory and discretionary Answer: D Diff: 2 Learning Obj.: 2 113) Which item listed below is not considered a primary business process? A) Marketing B) Outbound sales logistics C) Technology development D) Service Answer: C Diff: 2 Learning Obj.: 1 114) Which of the following is not an objective of internal control as a process? A) Reliability of financial reporting B) Accuracy of accounting information C) Compliance with applicable laws and regulations D) Effectiveness and efficiency of operations Answer: B Diff: 1 Learning Obj.: 1 17 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

115) The preparation of forecasts and analyses used by management in planning and controlling the operations of the organization is generally a(n) A) budgeting function. B) tax planning function. C) accounting manager function. D) treasurer function. Answer: A Diff: 2 Learning Obj.: 1 116) The internal audit function within an organization should be considered a(n) A) activity supervised by the controller. B) sub function of the treasurer. C) independent appraisal activity. D) optional service provided by the firm's external auditors. Answer: C Diff: 2 Learning Obj.: 1 117) The area of functional specialization which is responsible for the design, coding, testing, and debugging of computer programs is the A) technical support function. B) user function. C) operations function. D) programming function. Answer: D Diff: 1 Learning Obj.: 1 118) Information retrieval from the organization's database using the query language feature of DBMS is a common A) programming function. B) technical support function. C) EUC application. D) ES application. Answer: C Diff: 3 Learning Obj.: 3

119) The technological philosophy that emphasizes "customer satisfaction" to the point of "customer obsession" is known as A) TQP. B) EDI. C) TQM. D) TQP and TQM. Answer: D Diff: 1 Learning Obj.: 4 120) Which of the following is not a consumer benefit of Web commerce? A) There is no waiting for a salesperson or product information. B) There is automatic electronic encoding of transaction data. C) Web-based transactions are encrypted providing security. D) Intelligent Web-based software can provide answers to complicated questions. Answer: B Diff: 2 Learning Obj.: 4 121) Which of the following is not a benefit of electronic data interchange (EDI)? A) Electronic mail messages are interpreted by humans. B) EDI eliminates paper. C) EDI saves time. D) EDI may allow for EFT payments to vendor accounts. Answer: A Diff: 2 Learning Obj.: 4 122) Which of the statements below is false regarding extensible business reporting language (XBRL)? A) Many experts feel that XBRL will replace EDI. B) XBRL is in effect a narrower standard than the ANSI X.12 standard for EDI. C) The SEC allows use of the XBRL format. D) XBRL facilitates the exchange of business documents over the Internet. Answer: B Diff: 3 Learning Obj.: 4 123) The Clearing House Automated Payment System is also known as A) FedWire. B) CHIPS. C) CHAPS. D) EFT. Answer: C Diff: 1 Learning Obj.: 4 19 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

124) Which of the steps below is not part of the systems approach process? A) Creation of alternatives B) Statement of system objective(s) C) Systems evaluation D) All of the answers are steps in the systems approach process. Answer: D Diff: 1 Learning Obj.: 3 125) Which of the following is not one of the criteria of the design specification step of the systems approach to design? A) Using a team approach in many cases B) Sufficient detailed specifications for implementation process C) Identification of system inputs D) Strategies for producing system outputs Answer: A Diff: 3 Learning Obj.: 3 126) Which of the following is not an objective of a design group or project team charged with creating and implementing a new information system? A) Securing funding for a new information system B) Identifying needs to be satisfied by a new system C) Developing technical specifications for a new system D) Implementation of a new system Answer: A Diff: 2 Learning Obj.: 3 127) Which of the following is not an objective of internal control? A) Reliability of financial reporting B) Effectiveness and efficiency of operations C) Relevance of financial statements D) Compliance with applicable laws and regulations Answer: C Diff: 2 Learning Obj.: 1 128) An important quick response technology used to track objects using radio signals is called A) sonic tagging. B) radio frequency identification. C) object frequency tagging. D) frequency waves identification. Answer: B Diff: 2 Learning Obj.: 4 20 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

129) RFID tags include all of the following except A) active tags. B) passive tags. C) inactive tags. D) semi-passive tags. Answer: C Diff: 2 Learning Obj.: 4 130) Which of the following is not associated with lean manufacturing? A) CRM B) Toyota Production System C) Eliminating waste D) JIT Answer: A Diff: 2 Learning Obj.: 3 131) The following are EDI standards except A) ANSI X.12. B) AS2. C) eBXML. D) ISO-95. Answer: D Diff: 2 Learning Obj.: 3 132) Green IT is concerned with A) reducing e-waste by reusing and or refurbishing IT products. B) using less fuel in the creation of IT systems. C) designing more efficient systems in order to reduce necessary storage requirements. D) Green IT is concerned with all of the above. Answer: A Diff: 2 Learning Obj.: 4 133) The exchange of business documents such as purchase orders and invoices in an electronic format between the computers of separate organizations is known as A) e-mail. B) electronic data interchange. C) computer-integrated information system. D) electronic document exchange. Answer: B Diff: 1 Learning Obj.: 3

134) Which of the following specialized information systems would be the most useful in providing information for routine decisions? A) Decision support system B) Expert system C) Executive information system D) Accounting information system Answer: D Diff: 2 Learning Obj.: 2 135) Which of the following is not an example of good internal control? A) Having adequate records B) Being sure that everyone clearly understands his or her own responsibilities C) Making sure that each department is responsible for keeping its own accounting records D) Having periodic physical checks (or counts) of the inventory Answer: C Diff: 2 Learning Obj.: 1 136) Which officer, department, or division within an organization is responsible for monitoring the other departments to ensure that the organization's policies and procedures are being carried out? A) Internal auditing B) Vice President for Administration C) Chief Information Officer D) A steering committee Answer: A Diff: 2 Learning Obj.: 1 137) Which of the following is used to ensure a high degree of user involvement in the control of an information systems department? A) Maintenance programmers B) Operations manager C) Technical support committee D) Steering committee Answer: D Diff: 2 Learning Obj.: 1

138) Which of the following is not a merchant benefit of Web commerce? A) Cost savings through automated ordering B) Worldwide availability of the company's products C) No waiting in line for a salesperson or to obtain product information D) Low overhead Answer: C Diff: 1 Learning Obj.: 4 139) A company known for its use of blueprints in systems design for clients is A) SAM. B) SAP. C) SAS. D) SAR. Answer: B Diff: 1 Learning Obj.: 4 140) When should the actual users of a system be involved when a new system is being developed? A) As soon as the new system is implemented B) After all unexpected bugs and glitches have been found and corrected C) Only after all employees have been thoroughly trained to use the new system D) Throughout the design of the new system Answer: D Diff: 2 Learning Obj.: 2 141) Which of the following information characteristics pertains to the situation when a lowerlevel manager receives a well-defined, narrowly focused report, while a top-level manager receives a report covering more general topics? A) Level of aggregation B) Time horizon C) Scope D) Required accuracy Answer: C Diff: 3 Learning Obj.: 2

142) When a management report is discretionary rather than mandatory, the primary consideration should be A) that there are benefits to be obtained by producing the report. B) that the benefits obtained by producing the report exceed the cost of its production. C) to minimize the cost of producing the report while maintaining minimum standards of usefulness. D) to minimize the cost of producing the report while maintaining minimum standards of reliability and accuracy. Answer: B Diff: 3 Learning Obj.: 1 143) Which of the following groups would not be considered external users of the company's information? A) Factory supervisors B) Creditors C) Investors D) Labor unions Answer: A Diff: 2 Learning Obj.: 1 144) Internal users of reports from a company's information system might include all of the following except its A) chief executive officer. B) stockholders. C) payroll department. D) lower-level managers. Answer: B Diff: 2 Learning Obj.: 1 145) A report prepared exclusively for use by this group is almost always mandatory. A) The company's labor union B) The Internal Revenue Service C) The company's main bank D) The company's main supplier of its raw materials Answer: B Diff: 2 Learning Obj.: 1

146) In the systems approach to administering a systems project, which of the following phases should be performed first? A) Creating alternatives B) Analyzing the system C) Implementing the system D) Stating the system's objectives Answer: D Diff: 2 Learning Obj.: 1 147) A way of viewing company activities that breaks the activities down into components that can be individually optimized in terms of goals and strategies is known as the A) primary business process. B) accounting information system. C) value chain. D) internal control process. Answer: C Diff: 2 Learning Obj.: 1 148) Software that integrates business processes on a company-wide basis is called A) enterprise resource planning. B) executive information systems. C) expert systems. D) manufacturing information systems. Answer: A Diff: 2 Learning Obj.: 4 149) An accounting information system plays a key role in the internal control process, thereby helping management with its major responsibility of A) managing the internal audit function. B) stewardship. C) global-level marketing. D) managing the production cycle. Answer: B Diff: 2 Learning Obj.: 1 150) Which statement regarding internal control is false? A) Documentation is not a critical component of an internal control system. B) Ideally, a task can be divided to make job functions as natural checks on each other. C) A specific person should ideally be responsible for each task or job function. D) All records should allow cross-referencing from one area of responsibility to another. Answer: A Diff: 2 Learning Obj.: 1 25 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

151) An organization's internal control process consists of how many elements? A) Six B) Four C) Five D) Seven Answer: C Diff: 2 Learning Obj.: 1 152) When viewing a typical organization chart, the individual responsible for the finances of the business is the A) controller. B) president. C) vice president. D) treasurer. Answer: D Diff: 1 Learning Obj.: 1

153) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Chief Information Officer ________ 2. Treasurer ________ 3. Transaction processing cycle ________ 4. Technical support function ________ 5. Computer-integrated manufacturing ________ 6. End user ________ 7. Controller ________ 8. Expert system ________ 9. Systems analysis ________ 10. Segregation of duties A. A common division or section within the information systems department B. The individual who supervises accounting functions C. An example of an internal control D. Individual who has overall responsibility for the information system function E. The first step in the systems development approach F. The department which has supervision over cash and credit activities G. A type of information system which requires an inference engine to make a decision for the user H. One or more applications systems consisting of logically related transactions I. An integrated approach to the use of information technology in manufacturing systems J. A department or section of an organization that uses the organization's computer data processing other than the information systems department Answer: 1. D, 2. F, 3. H, 4. A, 5. I, 6. J, 7. B, 8. G, 9. E, 10. C Diff: 2 Learning Obj.: 1

154) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. XBRL ________ 2. Telecommuting ________ 3. JIT ________ 4. Total quality management ________ 5. OA ________ 6. Primary business processes ________ 7. Value chain ________ 8. Web Trust ________ 9. DSS ________ 10. Executive information system A. A way of viewing the company's activities in a manner suited to analyzing competitive advantages B. Allows employees to work at home and still have direct interaction with the organization's information systems C. An information system tailored to the information needs of top management D. A synonym for the acronym TQP E. A universal formatting language used for exchanging business documents via the Internet F. The use of electronic technology in the office or workplace G. Data are processed into a decision-making format for the end user H. A continuous flow environment that seeks to minimize or totally eliminate inventories I. Involves inbound and outbound logistics, operations, marketing, and service J. Seal of approval from the AICPA certifying that a Web site has met certain standards Answer: 1. E, 2. B, 3. H, 4. D, 5. F, 6. I, 7. A, 8. J, 9. G, 10. C Diff: 2 Learning Obj.: 3

155) Explain what is meant by "internal control," and give two examples. Answer: Suggested answer: Internal control consists of the policies and procedures established to provide reasonable assurance that specific organizational objectives will be achieved. Examples mentioned in the chapter include: • segregation of duties • establishment of responsibilities • adequate records • periodic inventory counts • providing an internal audit function Diff: 2 Learning Obj.: 1 156) Explain the three fundamental benefits of information technology to accounting information systems. Answer: Suggested answer: The student's response should explain the benefits of automation, information organization, and communication. Automation includes replacing humans with machines; performing tasks impossible for humans without computers such as analyzing large quantities of data, producing complicated reports on demand, and moving towards real-time financial reporting. Information organization includes automated transactions plus DASDs and DB technology making it possible to record, store, and organize larger amounts of data than would otherwise be humanly possible. Communication technologies are a key component in the development of AISs. Communication technologies include developing Internet-based collaborative platforms, electronically coordinating business activities, and enhancing the effectiveness of extended enterprises. Diff: 2 Learning Obj.: 4

157) Give four components that may be found in an organization's quick-response system and briefly describe each component. Answer: Suggested answer: Possible components of a quick-response system are: • Electronic data interchange (EDI): the direct computer-to-computer exchange of business documents via a communications network. • Just-in-time (JIT) inventory system: a continuous flow environment that seeks to minimize or totally eliminate inventories. • Computer-integrated manufacturing (CIM): an integrated approach to the use of information technology in manufacturing enterprises. • Electronic funds transfer (EFT): payment systems in which processing and communications are primarily or totally electronic. Students might also mention: • Universal product code (UPC) bar code identification • Point-of-sale (POS) retail terminals • Quick-response technology is essential to total quality management/performance systems. • Radio Frequency Identification (RFID) • Web commerce, e-mail communication, and use of the Internet makes quick-response technology accessible to both organizations and individuals. Diff: 2 Learning Obj.: 3 158) Briefly describe and distinguish technical support and user support. Answer: Suggested answer: Technical support is one of the five main functions of an information systems department. It is directed toward operating systems and software, data management and database design, and communications technology. The technical support area includes systems programming and software development using the conceptual system design and user requirements as determined by the analysis function. Technical support coordinates data storage and usage. Communications technology is concerned with the means by which data are transferred among networks. User support is another of the five main functions of an information systems department. It is dedicated to the needs of end-users. An information center is a support facility in the user support area. It may provide hardware, software, and consultation to end-users. It assists users in developing and using their own computer processing applications. Diff: 2 Learning Obj.: 2

159) Discuss the internal audit function within an organization. Answer: Suggested answer: The internal audit function in an organization has evolved as a response to the need for and complexity of adequate internal control. The internal audit function is charged with monitoring and assessing compliance with organizational policies and procedures. The internal audit function can only be effective if it is treated as an independent appraisal activity within the organization. It should be placed at an organization level where it can function independently of other departments and organizational functions. In many organizations the director of internal auditing is found at the level of vice president. This placement attests to the importance of internal auditing, as well as the need for independence from other departments and functions. The internal audit function must be segregated from the accounting function, and it must not have responsibility or authority for any operating activities of the organization. Diff: 2 Learning Obj.: 1 160) Discuss the nature of systems development. Answer: Suggested answer: Most systems development projects consist of three general phases: • Systems analysis • Systems design • Systems implementation In the first phase, systems analysis involves creating and evaluating solutions to systems problems. There are three general objectives to systems analysis, summarized below: • Improvement of the quality of information • Improvement of internal control • Minimize costs when it is appropriate Within this phase, trade-offs will most likely be made among the objectives when the factors of economics, simplicity, and usefulness are considered to create, implement, and maintain a system. Systems design, as the second phase of systems development, specifies the details of the solution selected via the systems analysis process. In this phase, alternative system designs are evaluated for their effectiveness and efficiency, using the overall system requirements as a benchmark. Systems implementation, the third phase, is a process where the revised or newly designed procedures and methods are placed into operation. This phase includes testing of the system prior to its implementation, documentation, and reviewing the actual system to verify that it is working according to design specifications. Diff: 2 Learning Obj.: 3

161) Describe an enterprise resource planning system to include the pros and cons of this type of system. Answer: Suggested answer: ERPs provide a complete solution by combining various functional information systems under one software package and one database. This eliminates data redundancy, aids a company in pursuing "best practices," and provides functional areas operating with the same data elements with the ability to share information seamlessly. In an effort to implement an ERP, most companies will not pursue "best practices" as defined by the ERP software, therefore customization is typical. This dramatically increases costs, adds to implementation time, and increases the chance of failure. An enterprise application suite may provide a solution for companies not ready to commit to implementing a complete ERP. Diff: 2 Learning Obj.: 3

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 2 Systems Techniques and Documentation 1) Tools used in the analysis, design, and documentation of system and subsystem relationships are known as system techniques. Answer: TRUE Diff: 2 Learning Obj.: 1 2) The interim audit requires some type of substantive testing. Answer: FALSE Diff: 1 Learning Obj.: 1 3) Substantive testing involves direct verification of financial statement figures. Answer: TRUE Diff: 2 Learning Obj.: 1 4) When evaluating internal controls, auditors are usually not concerned with the flow of processing and distribution of documents within an application system. Answer: FALSE Diff: 2 Learning Obj.: 1, 2 5) Auditors undertake compliance testing to determine the degree of reliance of existing internal controls. Answer: TRUE Diff: 2 Learning Obj.: 1 6) It is desirable for auditors to have a basic understanding of systems techniques. Answer: TRUE Diff: 1 Learning Obj.: 1 7) The usual focus of an audit is to review an existing system rather than design a new system. Answer: TRUE Diff: 2 Learning Obj.: 1 8) Analytic and system flowcharts are seldom found in the working papers of auditors. Answer: FALSE Diff: 1 Learning Obj.: 1

9) A systems development project generally consists of three main phases. Answer: TRUE Diff: 2 Learning Obj.: 1 10) Systems techniques assist the analyst in the collection and organization of facts. Answer: TRUE Diff: 2 Learning Obj.: 1 11) Systems analysis involves formulating a blueprint for a completed system. Answer: FALSE Diff: 2 Learning Obj.: 1 12) Auditors primarily use IPO and HIPO charts. Answer: FALSE Diff: 1 Learning Obj.: 1 13) Section 404 of the Sarbanes-Oxley Act requires that annual filings of publicly traded companies include a statement of management's responsibility for establishing and maintaining adequate internal control as well as an assessment of the effectiveness of that internal control. Answer: TRUE Diff: 1 Learning Obj.: 1 14) Section 404 of the Sarbanes-Oxley Act requires that monthly filings of publicly traded companies include a statement of management's responsibility for establishing and maintaining adequate internal control as well as an assessment of the effectiveness of that internal control. Answer: FALSE Diff: 1 Learning Obj.: 1 15) Manual input/output and connector symbols are among the basic flowchart symbols. Answer: FALSE Diff: 2 Learning Obj.: 2 16) In the United States, the AICPA is responsible for establishing standard flowchart symbols. Answer: FALSE Diff: 1 Learning Obj.: 2

17) The four basic symbols corresponding to basic data processing functions are the input/output symbol, the process symbol, the flowline symbol, and the annotation or comment symbol. Answer: TRUE Diff: 2 Learning Obj.: 2 18) If no special symbol exists to depict a function, verbal descriptions are used in the flowchart. Answer: FALSE Diff: 3 Learning Obj.: 2 19) The decision symbol represents a named procedure consisting of one or more operations or program steps that are not specified within the set of flowcharts. Answer: FALSE Diff: 3 Learning Obj.: 2 20) The decision symbol represents a decision or switching type of operation that determines which of a number of alternative paths is to be followed. Answer: TRUE Diff: 3 Learning Obj.: 2 21) The normal flow direction of a flowchart is from left to right and top to bottom. Answer: TRUE Diff: 1 Learning Obj.: 2 22) The triangle is a specialized symbol representing a decision process. Answer: FALSE Diff: 3 Learning Obj.: 2 23) When the flow is bidirectional, it can only be shown by double lines. Answer: FALSE Diff: 3 Learning Obj.: 2 24) An IPO chart provides a narrative description of the inputs needed to generate desired system outputs. Answer: TRUE Diff: 2 Learning Obj.: 4

25) A HIPO chart contains two segments: a hierarchy chart and one or more IPO charts. Answer: TRUE Diff: 1 Learning Obj.: 4 26) An IPO chart can provide much detail concerning the processing function. Answer: FALSE Diff: 1 Learning Obj.: 4 27) HIPO structures a "bottom-up" strategy in structured systems analysis and design. Answer: FALSE Diff: 2 Learning Obj.: 4 28) A program flowchart is also known as a block flowchart. Answer: TRUE Diff: 1 Learning Obj.: 2 29) A systems flowchart is more detailed concerning individual processing functions than a program flowchart. Answer: FALSE Diff: 1 Learning Obj.: 2 30) The intent of using DFDs is to clearly separate the logical process of systems analysis from the physical process of systems design. Answer: TRUE Diff: 2 Learning Obj.: 2 31) A DFD may consist of either DFD or ANSI flowchart symbols. Answer: FALSE Diff: 2 Learning Obj.: 2 32) A document flowchart is similar to a systems flowchart. Answer: FALSE Diff: 3 Learning Obj.: 2 33) The forms distribution chart is closely related to the document flowchart. Answer: TRUE Diff: 1 Learning Obj.: 2 4 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

34) The sandwich rule states that every process symbol should be placed between an input and output symbol. Answer: TRUE Diff: 2 Learning Obj.: 2 35) UML is a United States standard, not yet supported by the International Standards Organization. Answer: FALSE Diff: 1 Learning Obj.: 4 36) UML is a collection of modeling tools used to model the specifics of software development including functional equivalents of data flow diagrams, document flowcharting, and analytical flowcharting. Answer: TRUE Diff: 2 Learning Obj.: 4 37) In UML, use case diagrams model the flow of activities involved in a single process. Answer: FALSE Diff: 2 Learning Obj.: 4 38) The business process diagram focuses on the sequence of activities in a business process. Answer: TRUE Diff: 2 Learning Obj.: 4 39) BPMN basic symbols include the task, sequence flow, gateway, and event symbols. Answer: TRUE Diff: 2 Learning Obj.: 4 40) BPMN basic symbols include input/output, process, flowline, and annotation symbols. Answer: FALSE Diff: 2 Learning Obj.: 4 41) All BPDs contain at least two pools. Answer: FALSE Diff: 2 Learning Obj.: 4

42) Preparing flowcharts can be viewed as more ________ than ________. Answer: art; science Diff: 2 Learning Obj.: 3 43) ________ ________ are a fact-gathering technique where persons provide written answers to general, rather than specific, questions. Answer: Open-ended questionnaires Diff: 2 Learning Obj.: 4 44) ________ ________ is based on the premise that quantitative measurement is essential to the design of efficient procedures. Answer: Work measurement Diff: 2 Learning Obj.: 4 45) The formula for capacity utilization can be expressed as Total time ________ / Total ________ time. Answer: available; task Diff: 2 Learning Obj.: 4 46) After operational characteristics of a system have been identified and selected through some form of work measurement, a work ________ ________ must be undertaken to assign specific tasks to employees. Answer: distribution analysis Diff: 2 Learning Obj.: 4 47) The basic ________ symbol represents the making available of data for processing or the recording of processed information. Answer: input/output Diff: 1 Learning Obj.: 2 48) A(n) ________ flowchart identifies the overall flow of operations in a system, and focuses on storage media and processing functions. Answer: systems Diff: 1 Learning Obj.: 2

49) ________ flowcharts are organized into columns or groups representing processing functions performed by different entities. Answer: Analytic Document Diff: 1 Learning Obj.: 3 50) When a flowchart covers more than one page, the continuation between pages is shown with a(n) ________ symbol. Answer: connector Diff: 1 Learning Obj.: 3 51) Terminator, process, data store, and data flow are the primary symbols used in the construction of ________ ________ ________ ________. Answer: logical data flow diagrams DFDs Diff: 1 Learning Obj.: 4 52) The ________ is a specialized process symbol that represents a decision process in a flowchart. Answer: diamond Diff: 2 Learning Obj.: 3 53) A branching table depicts a decision function by means of a statement of the ________ to be made, a list of ________ that can occur, and the path to be followed for each condition. Answer: decision; conditions Diff: 2 Learning Obj.: 4 54) "Work" or "spread" sheets used in accounting systems are common examples of the ________ method. Answer: matrix Diff: 2 Learning Obj.: 4 55) ________ ________ might be used in lieu of program flowcharts to analyze and document the logic of an application system. Answer: Decision tables Diff: 2 Learning Obj.: 4

56) The ________ symbol is used when additional descriptions or explanations are needed to clarify a point on the flowchart. Answer: annotation Diff: 1 Learning Obj.: 3 57) Section ________ of the Sarbanes-Oxley Act states management's responsibility for establishing and maintaining adequate internal control and procedures for financial reporting. Answer: 404 Diff: 1 Learning Obj.: 1 58) Unified ________ Language is an international standard supported by ISO that uses a variety of graphical techniques to depict the different aspects and views of software development projects at various levels of abstraction. Answer: Modeling Diff: 1 Learning Obj.: 4 59) The most basic symbols of BPMN are ________, ________, ________, and ________ symbols. Answer: task, sequence flow, gateway, event Diff: 3 Learning Obj.: 4 60) The acronym for the organization responsible for standardizing flowchart symbols is A) FASB. B) ANSI. C) AICPA. D) CMA. Answer: B Diff: 1 Learning Obj.: 2 61) Audit tests that follow compliance tests and rely on the interim audit's results are called A) substantive tests. B) follow-up tests. C) internal control tests. D) evaluation tests. Answer: A Diff: 1 Learning Obj.: 1

62) Which of the following is a procedure included in systems design? A) Computer program documentation B) Forms design C) Training personnel D) Document review Answer: B Diff: 2 Learning Obj.: 1 63) In an analytic flowchart, the symbol which could be used to indicate unclaimed payroll checks is the A) connector symbol. B) terminal symbol. C) document symbol. D) process symbol. Answer: C Diff: 2 Learning Obj.: 2 64) Which of the following symbols should not be used to specify an input/output operation? A) Decision symbol B) Document symbol C) Off-line storage symbol D) Communication link Answer: A Diff: 2 Learning Obj.: 2 65) In an analytic flowchart, the symbol which could be used to indicate the computation of gross pay is the A) connector symbol. B) terminal symbol. C) input/output symbol. D) process symbol. Answer: D Diff: 2 Learning Obj.: 3 66) In an analytic flowchart, the symbol which could be used to indicate unclaimed payroll checks is the A) connector symbol. B) terminal symbol. C) document symbol. D) process symbol. Answer: C Diff: 2 Learning Obj.: 3 9 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

67) In an analytic flowchart, the symbol which could be used to indicate the payroll data is the A) connector symbol. B) magnetic disk symbol. C) terminator symbol. D) decision symbol. Answer: B Diff: 2 Learning Obj.: 3 68) The manual input symbol could be used to represent A) the entering of data at an on-line keyboard. B) the entering of data using switch settings. C) the entering of data using touch screens. D) All of these answers are correct. Answer: D Diff: 2 Learning Obj.: 2 69) The off-line storage symbol could be used to represent data stored A) on a USB thumb drive. B) on a magnetic tape or disk. C) in paper form. D) on all of these named media. Answer: D Diff: 2 Learning Obj.: 2 70) The "hierarchy" aspect of HIPO charts refers to the fact that this technique factors a task into modules by A) using the entity's organization chart. B) utilizing a horizontal approach. C) going from the general to the specific. D) None of these answers are correct. Answer: C Diff: 2 Learning Obj.: 4 71) The charting technique which emphasizes a logical rather than a physical description of a system is a(n) A) analytic flowchart. B) forms distribution flowchart. C) data flow diagram. D) document flowchart. Answer: C Diff: 2 Learning Obj.: 2 10 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

72) In the preparation of a logical data flow diagram for a payroll system, which of the following symbols could be used to indicate the payroll data? A) Magnetic disk symbol B) Data store symbol C) Terminator symbol D) Input/output symbol Answer: B Diff: 2 Learning Obj.: 2 73) Instead of using the on-line storage symbol, a systems analyst wants to use an analytic flowcharting symbol that represents the medium that is used for the file. Which of the following would be the best symbol to use in place of the on-line analytic storage symbol? A) The display symbol B) The magnetic tape symbol C) The document symbol D) None of these answers are correct. Answer: D Diff: 3 Learning Obj.: 2 74) An internal auditor wants to flowchart a file of (hardcopy) purchase orders. Which of the following would be the best symbol to use for the file? A) The on-line storage symbol B) The off-line storage symbol C) The terminal symbol D) The auxiliary operation symbol Answer: B Diff: 3 Learning Obj.: 2 75) Which of the following analytic flowcharting symbols is most appropriate to represent the accounts receivable subsidiary records? A) The basic input/output symbol B) The basic manual operation symbol C) The document symbol D) None of these answers are correct. Answer: A Diff: 3 Learning Obj.: 2

76) In a HIPO chart of a payroll system, which of the following activities would appear higher in the chart than the other activities? A) Calculate gross pay B) Accumulate hours worked C) Find correct pay rate D) Look up authorized deductions Answer: A Diff: 3 Learning Obj.: 4 77) Which of the following would not appear in a HIPO chart of a payroll system? A) Data preparation B) Calculate gross pay C) Payroll master file D) Look up authorized deductions Answer: C Diff: 3 Learning Obj.: 4 78) In an IPO chart of a payroll system, the payroll master file would A) appear as an input. B) appear as an output. C) Answers A and B are correct. D) not be represented in the chart Answer: C Diff: 3 Learning Obj.: 4 79) In a logical data flow diagram for a payroll system, the employees would best be represented by which of the following symbols? A) The process symbol B) The terminator symbol C) The data store symbol D) The data flow symbol Answer: B Diff: 3 Learning Obj.: 4 80) In a logical data flow diagram for a payroll system, the employees' time cards would best be represented by which of the following symbols? A) The terminator symbol B) The process symbol C) The data store symbol D) The data flow symbol Answer: A Diff: 3 Learning Obj.: 4 12 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

81) Which of the following systems development activities may require the use of systems techniques? A) Systems analysis B) Systems design C) Systems implementation D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 4 82) Which of the following is not one of the basic symbols used in analytic flowcharting? A) Input/output B) Manual input C) Flowline D) Annotation Answer: B Diff: 1 Learning Obj.: 3 83) The symbol which is used to link other symbols and indicate the sequence of information and operations is the A) flowline symbol. B) annotation symbol. C) input/output symbol. D) process symbol. Answer: A Diff: 1 Learning Obj.: 2 84) Which of the following is not a specialized input/output symbol that represents a particular medium? A) The magnetic tape symbol B) The magnetic disk symbol C) The connector symbol D) The document symbol Answer: C Diff: 1 Learning Obj.: 2 85) Which of the following is not a specialized process symbol? A) The connector symbol B) The manual operation symbol C) The decision symbol D) The preparation symbol Answer: A Diff: 1 Learning Obj.: 2 13 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

86) Which of the following flow directions is(are) assumed in a flowchart? A) From top to bottom B) From left to right C) Neither answer A nor B is correct. D) Answers A and B are both correct. Answer: D Diff: 1 Learning Obj.: 2 87) The technique that is characterized by a series of charts that represent the system at increasing levels of detail is called A) analytic flowcharting. B) HIPO. C) IPO. D) logical data flow diagram. Answer: B Diff: 1 Learning Obj.: 4 88) Which of the following is not a basic symbol used in logical data flow diagrams? A) Terminator B) Data store C) Data flow D) Manual input Answer: D Diff: 1 Learning Obj.: 4 89) Which of the following would not be appropriate to head a column in an analytic flowchart? A) Remittance advice B) Production department C) Purchasing department D) Cashier Answer: A Diff: 1 Learning Obj.: 3 90) Which of the following would generally not be appropriate in preparing a document flowchart? A) Columnar headings B) Flowlines C) Process symbols D) Connector symbols Answer: C Diff: 1 Learning Obj.: 2 14 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

91) A type of resource utilization technique which is used to rationally assign work activities to particular individuals, departments, or other entities is A) work measurement. B) work distribution analysis. C) branching table. D) decision table. Answer: B Diff: 1 Learning Obj.: 4 92) Which of the following is an example of narrative techniques? A) In-depth interviews B) Open-ended questionnaires C) Document reviews D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 4 93) The decision analysis techniques that are similar because both are tabular representations of decision-making processes are A) work measurement and work distribution analysis. B) work distribution and decision tables. C) branching and decision tables. D) None of these answers are correct. Answer: C Diff: 1 Learning Obj.: 4 94) Systems techniques may be used to A) assist in designing computer programs. B) give an overall picture of transaction processing in the organization. C) assist a systems analyst in organizing facts about a system. D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 4 95) Which of the following is not true with respect to the use of systems techniques by auditors? A) Systems techniques assist the auditor in evaluating a client's internal control. B) Systems techniques replace audit working papers. C) Auditors rely on systems techniques to assist with compliance testing. D) Auditors use systems techniques as part of their documentation for their audit working papers. Answer: B Diff: 2 Learning Obj.: 1 15 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

96) Systems techniques may be used by A) internal auditors. B) external auditors. C) systems personnel. D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 1 97) The component of an audit whose objective is to establish the degree of reliance that can be placed on the organization's internal control structure is called A) the interim audit. B) the financial statement audit. C) work paper verification. D) the internal audit. Answer: A Diff: 1 Learning Obj.: 1 98) To confirm the existence and assess the effectiveness of an organization's internal controls, auditors A) create systems techniques. B) perform substantive testing. C) perform compliance testing. D) create HIPO and IPO charts. Answer: C Diff: 2 Learning Obj.: 1 99) The flowchart which is most similar to a document flowchart is the A) IPO chart. B) DFD. C) analytic flowchart. D) HIPO chart. Answer: C Diff: 2 Learning Obj.: 2 100) The first step in preparing a flowchart is to A) select the symbols to be used. B) analyze the system. C) sketch a rough draft of the system. D) consult the work papers from previous audits. Answer: B Diff: 2 Learning Obj.: 3 16 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

101) How many general guidelines should be followed when preparing a flowchart? A) Three B) Five C) Seven D) Four Answer: B Diff: 2 Learning Obj.: 3 102) The goal of work measurement is to create a benchmark or yardstick to use in measuring the efficiency of an operation. The first step taken in work measurement is to A) identify the tasks. B) analyze requirements. C) examine IPO and HIPO documentation. D) obtain time estimates for performing the tasks. Answer: A Diff: 2 Learning Obj.: 4 103) The formula used to compute total task time for work measurement purposes is A) (average time / unit + idle time / unit) × average volume. B) total time available / total task time. C) (average volume / unit + average time / unit) × average volume. D) total task time / total time available. Answer: A Diff: 2 Learning Obj.: 4 104) A branching table may be used to A) validate the degree of reliance placed on an organization's internal controls. B) document the decision logic in a computer program. C) document work measurement analysis. D) validate the computing speed of a program. Answer: B Diff: 2 Learning Obj.: 4 105) A decision table format generally uses a(n) A) "OR" premise. B) "SOME-MANY" premise. C) "IF-THEN" premise. D) "ALL-NONE" premise. Answer: C Diff: 2 Learning Obj.: 4

106) In an application control matrix, row entries are A) controls. B) processing actions. C) either controls or processing actions. D) neither controls nor processing actions. Answer: A Diff: 2 Learning Obj.: 4 107) A block flowchart is also known as a(n) A) data flow diagram. B) HIPO chart. C) analytic flowchart. D) program flowchart. Answer: D Diff: 1 Learning Obj.: 2 108) A tabular technique used to represent a decision function in a flowchart is known as a A) block flowchart. B) logical data flow diagram. C) decision table. D) branching table. Answer: D Diff: 2 Learning Obj.: 4 109) The display symbol in a flowchart represents information displayed for human use using a device such as a A) video monitor. B) plotter. C) console printer. D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 2 110) Flowchart symbols that represent the I/O function and the medium upon which the information is recorded, and/or the manner of handling such information, are known as A) basic input/output symbols. B) specialized input/output symbols. C) LDFD symbols. D) HIPO hierarchy chart modules. Answer: B Diff: 1 Learning Obj.: 2 18 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

111) The principle behind the "sandwich rule" states that A) flowcharts should leave as little white space as possible on each page to minimize waste. B) annotations should be placed between each key input and output symbol. C) every process symbol should be placed between an input and output symbol. D) flowcharts should use as many different types of symbols as possible to thoroughly document basic I/O functions. Answer: C Diff: 1 Learning Obj.: 2 112) Connector symbols may be used in place of A) comment symbols. B) long flowlines. C) data flow symbols. D) communications links. Answer: B Diff: 1 Learning Obj.: 2 113) The on-line storage symbol would be used to represent A) a deck of cards. B) a magnetic tape. C) an optical disk. D) a punched tape. Answer: C Diff: 1 Learning Obj.: 2 114) An annotation or comment may be represented in a flowchart using a A) brace. B) flowline. C) square. D) diamond. Answer: A Diff: 1 Learning Obj.: 2 115) Which part of the Sarbanes-Oxley Act requires annual filings of publicly traded companies to include a statement of management's responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting? A) ISO 404 B) ANSI X3.5 C) Section 404 D) Section X3.5 Answer: C Diff: 1 Learning Obj.: 1 19 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

116) UML is a(n) ________ standard. A) United States B) international C) ANSI D) AICPA Answer: B Diff: 1 Learning Obj.: 2 117) UML includes techniques that are the functional equivalents of A) data flow diagrams. B) document flowcharting. C) analytical flowcharting. D) All of the above are included in the UML standard. Answer: D Diff: 1 Learning Obj.: 2 118) UML version 2.4 defines ________ types of diagrams, divided into two categories. A) two B) five C) ten D) more than a dozen Answer: D Diff: 1 Learning Obj.: 2 119) The two categories of diagrams under the UML version 2.4 include ________ diagrams. A) structure and iteration B) behavior and iteration C) structure and behavior D) form and interaction Answer: C Diff: 2 Learning Obj.: 2 120) A graphical representation focusing on the sequence of activities in a business process is a(n) A) analytical flowchart. B) business process diagram. C) process flowchart. D) data flow diagram. Answer: B Diff: 2 Learning Obj.: 3

121) The basic symbols in a BPMN include A) task, sequence flow, gateway, and event symbols. B) process, flowline, input/output, and annotation. C) task, flowline, event, and comments. D) input/output, sequence flow, entities, and storage. Answer: A Diff: 2 Learning Obj.: 3 122) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. On-line storage symbol ________ 2. Off-page connector symbol ________ 3. Manual input symbol ________ 4. Basic process symbol ________ 5. Decision symbol ________ 6. Off-line storage symbol ________ 7. Terminal symbol ________ 8. Basic input/output symbol ________ 9. Connector symbol ________ 10. Manual process symbol A. To indicate that a factory employee uses a workstation on the factory floor to key in a code that means that the production run has been completed B. To indicate that the treasurer will sign the payroll checks C. To indicate that a check is being mailed outside the company D. To indicate that a document is being sent to another department E. To indicate that the bank loan officer approves or does not approve of an increase in the customer's line of credit F. To indicate that computer software will calculate the employees' gross pay deductions, and net pay G. To indicate a file of paper documents H. To indicate files stored on the hard disk I. To indicate the general ledger file J. To indicate the beginning or the end of the flowchart Answer: 1. H, 2. C, 3. A, 4. F, 5. E, 6. G, 7. J, 8. I, 9. D, 10. B Diff: 2 Learning Obj.: 2

123) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Systems techniques ________ 2. Work measurement ________ 3. Decision table ________ 4. HIPO chart ________ 5. Data flow diagram ________ 6. Program flowchart ________ 7. Systems development project ________ 8. Compliance testing ________ 9. Substantive testing ________ 10. Sandwich rule ________ 11. Business process diagram ________ 12. Unified modeling language ________ 13. Business process modeling notation ________ 14. Computer-aided software engineering ________ 15. Analytic flowchart A. Consists of systems analysis, design, and implementation B. Charting technique used to document the logical design of a system C. Every process symbol should be placed between an input symbol and an output symbol D. Techniques used to measure activities in a production framework E. Tools used in the analysis, design, and documentation of systems F. Confirms the existence and assesses the effectiveness of internal controls G. Supplements or replaces flowcharts when there are a large number of alternative decision paths H. Indicates detailed processing functions I. International standard predominately a software systems development technology J. Uses pools and lanes in swimlanes to organize activities K. Process of using computer software that supports development and maintenance L. Charts the flow of documents and processing between different entities, represented by columns M. Graphical representation of the sequence of activities of business processes N. A collection of IPO charts O. The direct verification of financial statement figures Answer: 1. E, 2. D, 3. G, 4. N, 5. B, 6. H, 7. A, 8. F, 9. O, 10. C, 11. M, 12. I, 13. J, 14. K, 15. L Diff: 2 Learning Obj.: 4

124) The following data is related to the time required to post checks drawn by the Last National Bank's depositors: Number of checks posted Total elapsed minutes Rest period minutes Interruption minutes

795 520 12 15

Required: a. Calculate the standard posting time per check. b. Calculate the combined rest and interruption time as a percentage of the standard time per check. Answer: a. Standard time/check = (520 + 12 + 15)/795 = 0.688 min./check b. Rest/interruption per check = (12 + 15)/795 = 0.033962 min./check (rounded) Rest/interruption percentage = 0.033962/0.688 = 0.049 (rounded) × 100 = 4.9% Diff: 3 Learning Obj.: 4 125) The following data is related to the time required to post Kriptonite Corporation's daily general ledger entries: Number of GL entries posted Total elapsed minutes Rest period minutes Interruption minutes

850 340 6 6.5

Required: a. Calculate the standard posting time per GL entry. b. Calculate the combined rest and interruption time as a percentage of the standard time per GL entry. Answer: a. Standard time/entry = (340 + 6 + 6.5)/860 = 0.40988 min./entry (rounded) b. Rest/interruption per entry = (6 + 6.5)/860 = 0.014535 min./entry (rounded) Rest/interruption percentage = 0.014535/0.40988 = 0.035461 (rounded) × 100 = 3.55% Diff: 3 Learning Obj.: 4 23 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

126) Complete the limited-entry decision table below to document credit card purchase authorization procedures for The Whodunit Bookshop. A purchase under $75 is approved automatically. Purchases between $75 and$500 (inclusive) are given an authorization number. For purchases over $500, a hold is placed on the customer's account as well as an authorization number being assigned. Condition/Action Purchase less than $75 Purchase between $75 and $500 Purchase over $500

Rules: 2 3

Approve with no action Assign authorization number Place hold on account Answer: Condition/Action Purchase less than $75 Purchase between $75 and $500 Purchase over $500

1 Y

Approve with no action Assign authorization number Place hold on account Diff: 2 Learning Obj.: 4

Rules: 2 3 N N Y N Y x x

127) The approval policies for sales on account at Barton Brothers Lumber Company are given below: A sale under $1,000 is automatically approved for a builder or contractor. Sales between $1,000 and $5,000 (inclusive) require the approval of the credit department. Sales over $5,000 require the approval of the credit department and the vice president of the company. Required: Create a limited-entry decision table to document the sales department approval policies for Barton Brothers Lumber Company. Answer: Rules: Condition/Action 1 2 3 Sales less than $1,000 Y N N Sales between $1,000 and $5,000 Y N Sales over $5,000 Y Automatic approval x Approval from credit dept. Approval from credit dept. & V.P. Diff: 3 Learning Obj.: 4

x x

128) Name the four basic symbols used in analytic flowcharting, and briefly define them. Answer: Suggested answer: Basic input/output symbol: Represents the making available of data for processing or the recording of processed information Basic process symbol: Represents any kind of processing function Flowline symbol: Used to link other symbols; indicates the sequence of available information and operation Annotation symbol: Represents the addition of descriptive comments or explanations Diff: 2 Learning Obj.: 2 129) Name the four basic symbols used in data flow diagrams, and briefly define them. Answer: Suggested answer: Terminator Represents sources and destinations of data Process Represents the task or function being done Data store Represents a repository (store, source) of data Data flow Represents a communication channel Diff: 2 Learning Obj.: 2 25 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

130) Discuss one major characteristic of logical data flow diagrams which may be an advantage over analytic flowcharts in some situations. Answer: Suggested answer: Logical data flow diagrams emphasize logical design rather than physical design. Some symbols used in analytic flowcharts emphasize data processing operations or physical media for inputs, storage, and outputs. Advocates of logical data flow design believe that such symbols confuse logical design with physical design. Some logical data flow diagrams emphasize processes rather than physical characteristics and are more suited to structured systems analysis. Diff: 2 Learning Obj.: 4 131) One broad type of resource utilization analysis is work measurement. a. What fundamental assumption underlies work measurement? b. What is an essential ingredient for an organization to be able to perform work measurement? Answer: Suggested answer: a. The fundamental assumption is that quantitative measurement is essential to designing efficient work procedures. b. The essential ingredient is the existence of a standard, norm, or yardstick by which the procedure can be measured. Diff: 2 Learning Obj.: 4

132) Describe the purpose and nature of the following types of flowcharts: • Systems • Program or block • Analytic • Document • Forms distribution Answer: Suggested answer: A systems flowchart identifies an organization's overall data flows. It shows the origination of inputs, processing (manual or automated), and the disposition of outputs. It emphasizes storage media and general processing rather than a detailed view of individual processes. A program flowchart is a more detailed version of a systems flowchart. Each process in the systems flowchart is further detailed in the program flowchart. Program flowcharts are also known as block flowcharts. Analytic flowcharts highlight the flow of documents in significant processes, emphasizing processing tasks that apply controls. Symbols are connected with flowlines, as in the systems flowchart. The flowchart is separated into columns representing entities. A document flowchart identifies the point of origination, distribution, and ultimate disposition of each document in the system. It does not emphasize processes, and is arranged in columns by entity as is the analytic flowchart. However, the primary (and many times only) symbol used is the document symbol. The forms distribution chart emphasizes the distribution of multiple-copy forms in an organization, and it can be used to analyze unauthorized distribution, unnecessary copies, or unnecessary filing of copies. It is arranged in columns, with the form's originating department to the left and the departments receiving copies in columns to the right. Diff: 2 Learning Obj.: 3

133) Discuss the main activities in each systems development phase: systems analysis, systems design, and systems implementation. Include two systems techniques in each phase. Answer: Suggested answer: Systems analysis includes activities to help formulate and evaluate solutions to systems problems. The systems analyst must first observe the system as it currently functions, and uses depth interviews, questionnaires, and documents reviews. The analyst organizes facts with work measurement analysis and work distribution analysis. To understand information flow, the analyst may prepare logical data flow diagrams and analytic flowcharts. Systems design includes activities to evaluate the relative effectiveness and efficiency of design alternatives compared with the overall system requirements. Input/output analysis, systems flowcharting, and data flow diagrams help the designer understand and convey the completed system's concepts. This phase uses IPO and HIPO charts, program or block flowcharts, and branching and decision tables to document the design. Systems implementation includes the activities to carry out the design plan and put it into operation. Systems techniques are used to document the completed system. The development team prepares program flowcharts and decision tables to help in training users and to assure that the systems design specifications are met. Diff: 2 Learning Obj.: 4

134) How do systems techniques help in auditing? Answer: Suggested answer: Most auditing engagements are divided into two basic components: the interim audit and the financial statement audit. In an interim audit, auditors must first establish some degree of reliance on the organization's internal control structure. This is achieved through the use of compliance testing to confirm the existence, assess the effectiveness, and check the continuity of the operation of internal controls. The auditor must understand the internal controls that are selected for testing. Controls that are part of the organization's information system require an understanding of the technology employed in the system. To understand the technology and the basics of the information system, the auditor must make use of systems techniques used to document such a system. Auditors must also document the results of the audit using working papers. Auditors document and analyze the content of working papers using various systems techniques. Internal control questionnaires, analytic flowcharts, and systems flowcharts help to provide excellent documentation for the evaluation of internal controls, and provide evidence of such audit evaluation in the working papers. The financial statement audit of financial figures cannot be relied upon without the proper compliance testing and reliance upon the internal controls of the organization. Systems techniques form "building blocks" upon which the auditor can examine, assess, and place reliance upon controls used to ultimately prepare the financial statement audit. Diff: 2 Learning Obj.: 1

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 3 eBusiness and eCommerce 1) The Internet is a global system of interconnected computer networks. Answer: TRUE Diff: 1 Learning Obj.: 1 2) eBusiness refers to the use of information technologies in some aspect of the business or organization. Answer: FALSE Diff: 1 Learning Obj.: 1 3) eBusiness and eCommerce have the same meaning. Answer: FALSE Diff: 1 Learning Obj.: 1 4) Web commerce is a type of eCommerce and eCommerce is a type of eBusiness. Answer: TRUE Diff: 1 Learning Obj.: 1 5) One reason for the worldwide popularity of the Internet is that it has brought universal standards of communication to all networks. Answer: TRUE Diff: 2 Learning Obj.: 1 6) Some computers on the Internet need an Internet Protocol address. Answer: FALSE Diff: 2 Learning Obj.: 1 7) Domain names and their corresponding IP addresses are registered in electronic "phone books" at many sites on the Internet. Answer: TRUE Diff: 2 Learning Obj.: 1 8) Software known as firewalls limits access to information on a company's servers from the rest of the world. Answer: TRUE Diff: 2 Learning Obj.: 1 1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

9) One common type of electronic mail server is known as POP server. Answer: TRUE Diff: 1 Learning Obj.: 1 10) Internet Explorer and Firefox are examples of Web servers. Answer: FALSE Diff: 2 Learning Obj.: 1 11) Under the Uniform Electronic Transaction Act, digital signatures are not legally binding in most states. Answer: FALSE Diff: 2 Learning Obj.: 4 12) File servers exist mainly as storage for electronic files. Answer: TRUE Diff: 1 Learning Obj.: 1 13) The enterprise architecture describes the joint structure and behavior of the enterprise and its information system. Answer: TRUE Diff: 2 Learning Obj.: 2 14) The enterprise architecture involves five enterprise architectural domains. Answer: FALSE Diff: 1 Learning Obj.: 2 15) Human resources is part of the application architecture of a company. Answer: FALSE Diff: 2 Learning Obj.: 2 16) The relational data model is a three-dimensional structure similar in look to that of a cube. Answer: FALSE Diff: 2 Learning Obj.: 2 17) The data model uses structured query language to perform operations on data within a database. Answer: TRUE Diff: 2 Learning Obj.: 2 2 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

18) Data modeling is a database design process that proceeds through the conceptual, logical, and implementation phases. Answer: FALSE Diff: 2 Learning Obj.: 2 19) The corporate information factory can be represented by a 3-part model including data acquisition, management, and delivery. Answer: TRUE Diff: 2 Learning Obj.: 2 20) The transactional interface is used for queries, analysis, and research whereas the decision support interface is used for access and manipulation of data in the operational database. Answer: FALSE Diff: 2 Learning Obj.: 2 21) Service-oriented architecture is an applications architecture design framework that facilitates the development of application suites that share information with each other. Answer: TRUE Diff: 2 Learning Obj.: 2 22) Database drivers connect applications to printers. Answer: FALSE Diff: 2 Learning Obj.: 2 23) The enterprise service bus (ESB) transfers data to users through a graphical user interface. Answer: FALSE Diff: 2 Learning Obj.: 2 24) A guessed plaintext attack will succeed even though the sender adds a few random numbers at the end of a message. Answer: FALSE Diff: 1 Learning Obj.: 4 25) Another name for a digital ID is a digital certificate. Answer: TRUE Diff: 1 Learning Obj.: 4

26) A digital time-stamping service can be used to securely store private keys. Answer: FALSE Diff: 2 Learning Obj.: 4 27) Digital cash and real cash are virtually identical because digital cash can only be "spent" once. Answer: FALSE Diff: 2 Learning Obj.: 5 28) Anyone can issue his or her digital notes for use in Internet transactions. Answer: TRUE Diff: 2 Learning Obj.: 5 29) A major issue in electronic transactions is privacy. Answer: TRUE Diff: 1 Learning Obj.: 4 30) Blinding permits a bank to issue digital cash so that it is unable to link the payer to the payee. Answer: TRUE Diff: 2 Learning Obj.: 5 31) Memory cards provide a high degree of security and can be used for complex financial transactions. Answer: FALSE Diff: 2 Learning Obj.: 5 32) A system such as an Internet store can be fully automated with no human intervention. Answer: TRUE Diff: 2 Learning Obj.: 5 33) Cookies prevent a merchant from viewing and analyzing a person's computer to determine any other Web sites that the person has visited. Answer: FALSE Diff: 2 Learning Obj.: 5

34) Almost all privacy statements prohibit Web merchants from sharing their customer information with other merchants. Answer: FALSE Diff: 2 Learning Obj.: 5 35) A merchant can obtain a third-party seal of approval, such as the AICPA's Web Trust, to assure its customers their privacy will be protected. Answer: TRUE Diff: 2 Learning Obj.: 5 36) ATM cards are really smart cards because they are used for both identification and payment. Answer: FALSE Diff: 2 Learning Obj.: 5 37) The ________ ________ ________ is a reference model for business models in general. Answer: Osterwalder Reference Model (ORM) Diff: 2 Learning Obj.: 3 38) The ORM defines the typical business model in terms of four major domains: ________, ________, ________, and ________. Answer: infrastructure, offering, customers, finance Diff: 3 Learning Obj.: 3 39) When the intranets of two or more companies are linked together a(n) ________ is formed. Answer: extranet Diff: 2 Learning Obj.: 1 40) A robot-type program that continually runs on a computer and exchanges information with users who request it is called a(n) ________. Answer: server Diff: 1 Learning Obj.: 1 41) A(n) ________ ________ is a collection of related documents, files, and programs that falls under the control of one individual. Answer: Web site Diff: 2 Learning Obj.: 1

42) The verification of a digital signature involves the use of a(n) ________ algorithm. Answer: hashing Diff: 3 Learning Obj.: 4 43) Whereas ________ signatures are relatively easy to forge, ________ signatures are next to impossible to forge. Answer: handwritten; digital Diff: 2 Learning Obj.: 4 44) A sufficiently long key is a useful countermeasure against a(n) ________ ________. Answer: cryptanalysis attack Diff: 3 Learning Obj.: 4 45) Digital IDs are issued by a(n) ________ ________. Answer: certifying authority Diff: 2 Learning Obj.: 4 46) The technique of ________ permits bank to issue digital cash so that it is unable to link the payer to the payee. Answer: blinding Diff: 2 Learning Obj.: 5 47) An electronic ________ is essentially a computer program that keeps track of various keys, digital certificates, and other items of information associated with electronic funds. Answer: wallet Diff: 2 Learning Obj.: 5 48) A merchant's Web site may perform important functions, such as opening an encrypted ________ session. Answer: SSL Diff: 2 Learning Obj.: 5 49) ________ is one of the adverse results of privacy problems on the Internet. Answer: Spam Unsolicited e-mail Diff: 2 Learning Obj.: 5

50) A(n) ________ ________ ________ model is a set of best practices for a given business process or group of processes. Answer: business process reference Diff: 2 Learning Obj.: 3 51) The four levels of abstraction in the value reference model are ________, ________, ________, and ________. Answer: strategic, tactical, operational, activities/actions Diff: 3 Learning Obj.: 3 52) The activities that relate to moving the product are often referred to as ________ activities. Answer: supply-chain Diff: 2 Learning Obj.: 3 53) The ________ reference model defines the typical business model in terms of infrastructure, offering, customers, and finance. Answer: Osterwalder Diff: 3 Learning Obj.: 3 54) The Act which recognizes transactions as legally binding if electronic signatures are used is the ________ ________ ________ Act. Answer: Uniform Electronic Transactions Diff: 3 Learning Obj.: 4 55) A(n) ________ is the process of linking and sequencing services in order to make them work together. Answer: orchestration Diff: 1 Learning Obj.: 2 56) A(n) ________ ________ ________ is a set of commands that a given piece of software makes available so that its functions and data can be accessed by other pieces of software. Answer: applications programming interface Diff: 1 Learning Obj.: 2

57) The Electronic Bank of America might digitally sign a message that contains which of the following information? A) The bank's name and address B) The dollar value of the bank note being created C) A unique serial number D) All of the above Answer: D Diff: 1 Learning Obj.: 5 58) Which of the following is considered a virtual electronic cash card? A) Memory card B) eBusiness card C) Signature-transporting card D) Answers A and C are correct. Answer: D Diff: 2 Learning Obj.: 5 59) Which of the following is a common approach used to describe services and the SOAP protocol for communication between services? A) SOA B) WSDL C) ESB D) HTML Answer: B Diff: 2 Learning Obj.: 2 60) A domain name is A) an alias name that can be used in place of an IP number. B) an alias name that can be used in place of an ISP. C) a series of numbers such as 207.49.159.2. D) used by a firewall to keep intruders out of a network. Answer: A Diff: 2 Learning Obj.: 1 61) One major difference between an organization's intranet and the Internet is A) the intranet may be totally unavailable to outsiders. B) the Internet may be totally unavailable to outsiders. C) an intranet user almost never can access the Internet. D) the Internet operates over a local area network. Answer: A Diff: 2 Learning Obj.: 1 8 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

62) A client is A) a robot-type program that runs on a computer and exchanges information with users. B) another name for a proxy server. C) a user program that accesses and exchanges information with servers. D) a program that holds incoming electronic mail. Answer: C Diff: 2 Learning Obj.: 1 63) One type of server which acts as an electronic post office is called a ________. A) file server B) mail server C) Web server D) commerce server Answer: B Diff: 1 Learning Obj.: 1 64) The protocol that specifies the format of all documents on the World Wide Web is ________. A) HTML B) hyperlinks C) URL D) ciphertext Answer: A Diff: 1 Learning Obj.: 1 65) SQL allows user to A) define data in a relational database. B) access data in a relational database. C) manipulate data in a relational database. D) All of these answers are correct. Answer: D Diff: 2 Learning Obj.: 2 66) Which of the following contain subsets of the data contained in the operational database and data warehouse? A) Data marts B) Data mining warehouse C) OLAP D) All of these answers are correct. Answer: A Diff: 2 Learning Obj.: 2 9 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

67) A plaintext message can be changed into a ciphertext message by using A) a password. B) a digital key. C) Answers A and B are both correct. D) Neither answer A nor B is correct. Answer: C Diff: 2 Learning Obj.: 4 68) If Company A wants to send Company B a secure message, Company A will use Company B's public key to encrypt the message. Company B must then A) use Company A's public key to decrypt the message. B) use its private key to decrypt the message. C) use Company A's private key to decrypt the message. D) use its public key to decrypt the message. Answer: B Diff: 2 Learning Obj.: 4 69) A message which contains a digital signature A) must be encrypted along with the signature. B) must be sent once as plaintext and once as ciphertext if no message digest exits. C) does not have to be encrypted when a message digest is used as a digital signature. D) Answers B and C are correct. Answer: D Diff: 2 Learning Obj.: 4 70) Which statement below regarding keys is false? A) Each user should create his or her own public and private keys. B) Using a central office authority to create and distribute keys is highly recommended. C) The longer the life of the key, the more security that must be applied to protect it. D) Sensitive keys should be themselves protected by passwords. Answer: B Diff: 2 Learning Obj.: 4 71) Privacy is a major issue in electronic transactions. Therefore, the Internet should not be used if A) a bank uses a different digital signature for each denomination of currency. B) digital signatures need to be issued for coins used in electronic transactions. C) the IP address of one of the parties to a transaction needs to remain fully confidential. D) All of these answers are correct. Answer: C Diff: 2 Learning Obj.: 4 10 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

72) The technique that permits a bank to issue digital cash so that it is unable to link the payer to the payee is called A) laundering money. B) using a blinded digital signature. C) using a generic digital signature. D) digitized recycling. Answer: B Diff: 1 Learning Obj.: 5 73) There are different types of electronic wallet-sized cards used in virtual cash transactions. ATM cards are classified as A) shared-key cards. B) signature-creating cards. C) memory cards. D) signature-transporting cards. Answer: C Diff: 2 Learning Obj.: 5 74) There are different types of electronic wallet-sized cards used in virtual cash transactions. The card that shows the most promise for wide-scale retail transaction use in the foreseeable future is the A) shared-key card. B) signature-creating card. C) memory card. D) signature-transporting card. Answer: D Diff: 2 Learning Obj.: 5 75) Which feature below would not be considered a highly convenient feature for consumers of an Internet store transaction? A) Consumers usually must wait for delivery of items purchased via delivery by third parties. B) Internet store transactions can be completed without any human intervention on the part of the vendor. C) Internet stores are "open" 24 × 7 with virtually worldwide access. D) Internet stores accept most credit cards. Answer: A Diff: 2 Learning Obj.: 5

76) Electronic commerce poses many problems with consumer's privacy. Small pieces of information that are placed on a user's computer by an electronic merchant are called A) spybots. B) cookies. C) worms. D) viruses. Answer: B Diff: 1 Learning Obj.: 5 77) The AICPA's Web Trust attestation program provides assurance that a merchant's Web site has A) some type of functioning information protection. B) business practices disclosure. C) transaction integrity. D) All of these answers are correct. Answer: D Diff: 2 Learning Obj.: 5 78) Servers that exist to support eBusiness are A) mail servers. B) file servers. C) Web servers. D) All of the above support eBusiness. Answer: D Diff: 1 Learning Obj.: 1 79) ________ servers and ________ servers make applications and data in databases available to remote clients. A) Application; database B) Application; mail C) File; database D) Web; mail Answer: A Diff: 1 Learning Obj.: 1 80) A three-tiered application architecture involves applications that contain ________ tiers. A) conceptual, logical, and physical B) conceptual, knowledge, and functional C) presentation, logic, and data D) planning, design, and implementation Answer: C Diff: 2 Learning Obj.: 2 12 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

81) The ________ describes the joint structure and behavior of the enterprise and its information system. A) relational architecture B) business architecture C) business modeling D) enterprise architecture Answer: D Diff: 2 Learning Obj.: 2 82) Enterprise architecture involves ________ enterprise architectural domains. A) 3 B) 4 C) 5 D) EA does not involve architectural domains. Answer: B Diff: 2 Learning Obj.: 2 83) The ________ architecture defines the needed data and how it is to be stored, processed, utilized, and integrated with other domains. A) business B) data C) application D) technical Answer: B Diff: 2 Learning Obj.: 2 84) The ________ architecture defines standards, principles, procedures and best practices to govern the information technology architecture. A) business B) data C) application D) technical Answer: D Diff: 2 Learning Obj.: 2 85) In a relational database model, operations on data are performed by using A) EA. B) Java. C) SQL. D) UML. Answer: C Diff: 1 Learning Obj.: 2 13 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

86) The corporate information factory model includes A) data acquisition. B) data management. C) data delivery. D) data acquisition, data management, and data delivery. Answer: D Diff: 1 Learning Obj.: 2 87) ________ store relatively current transaction data for quick access by management in support of tactical decision making. A) Data warehouses B) Operational databases C) Relational databases D) Data marts Answer: B Diff: 1 Learning Obj.: 2 88) ________ store enormous volumes of current and historical data for use in research and analysis. A) Data warehouses B) Operational databases C) Relational databases D) Data marts Answer: A Diff: 1 Learning Obj.: 2 89) ________ works better with tables that have more than two dimensions for complex analyses. A) OLTP B) ETL C) SQL D) OLAP Answer: D Diff: 2 Learning Obj.: 2 90) A ________ interface is used for access and manipulation of data in the operational database. A) decision support B) transactional C) graphical user D) relational Answer: B Diff: 2 Learning Obj.: 2 14 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

91) Service oriented architecture services are ________ software units of functionality. A) dependent B) intradependent C) independent D) multiple Answer: C Diff: 2 Learning Obj.: 2 92) ________ refers to software that serves as a go-between for two applications, enabling communication between them that would otherwise be impossible. A) Interfacing B) Bridgeware C) Middleware D) None of the above enables communication between applications. Answer: C Diff: 2 Learning Obj.: 2 93) ________ drivers connect applications to databases. A) Application interface B) Warehouse C) Middleware D) Database Answer: D Diff: 2 Learning Obj.: 2 94) The ________ serves as a central switchboard for communications between all enterprise services and applications. A) enterprise service bus (ESB) B) application interface (AI) C) enterprise architecture (EA) D) data warehouse (DW) Answer: A Diff: 2 Learning Obj.: 2 95) The ________ framework views the organization from the perspectives of the different stakeholders. A) Osterwalder B) federal enterprise C) open group D) Zachman Answer: D Diff: 2 Learning Obj.: 3 15 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

96) Primary value chain activities include all the following activities except A) inbound logistics. B) accounting. C) marketing. D) manufacturing. Answer: B Diff: 2 Learning Obj.: 3 97) The value reference model depicts the value chain at ________ levels of abstraction. A) one B) two C) three D) four Answer: D Diff: 2 Learning Obj.: 3 98) The activities related to moving a product are referred to as A) value chain activities. B) supply-chain activities. C) logistical activities. D) primary activities. Answer: B Diff: 2 Learning Obj.: 3 99) The ________ reference model defines the typical business model in terms of infrastructure, offering, customers, and finance. A) Osterwalder B) Zachman C) federal enterprise D) open group Answer: A Diff: 2 Learning Obj.: 3 100) What act recognizes electronic signatures as legally binding in commerce and businessrelated transactions? A) Sarbanes-Oxley Act B) Section 404 Act C) Uniform Electronic Transactions Act D) Contract Validation Act Answer: C Diff: 2 Learning Obj.: 4 16 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

101) What standard, developed by credit card companies, represents a security framework based on numerous control objectives? A) Payment card industry data security standard B) Credit card security interface standard C) Credit card settlement security payment standard D) Electronic bill payment security standard Answer: A Diff: 2 Learning Obj.: 4 102) ________ systems integrate all the major accounting functions, as well as the Web store, into a single software system. A) Open enterprise planning B) Application server planning C) Enterprise resource planning D) Zachman enterprise planning Answer: C Diff: 2 Learning Obj.: 3 103) Which of the following statements best describes the business architecture's relation to other architectures? A) The business architecture supports all the other architectures. B) The data and technology architectures determine business architectures. C) The business architectures determine the data and technology architectures. D) None of the above correctly describe the stated relationship. Answer: C Diff: 2 Learning Obj.: 2 104) Which of the following is a standard communications protocol in SOA? A) XML B) URL C) XBRL D) SOAP Answer: D Diff: 2 Learning Obj.: 2 105) Which of the following is not an example of middleware? A) Enterprise system bus B) Database driver C) Application programming interface D) All of the above are examples of middleware. Answer: A Diff: 2 Learning Obj.: 2 17 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

106) The label "www.google.com" is an example of a A) domain name. B) fixed IP address. C) domain name server. D) dynamic IP address. Answer: A Diff: 2 Learning Obj.: 1 107) "207.49.159.2" is an example of a(n) A) domain name. B) domain name server. C) transmission control protocol. D) Internet protocol address. Answer: D Diff: 2 Learning Obj.: 1 108) Ben Black works as an instructor at Cheyenne School, whose domain name is Chey. Ben Black's user name is bblack. Cheyenne School's e-mail system uses the POP protocol. Ben Black's e-mail address is A) bblack@chey.edu. B) bblack@chey.com. C) benblack@chey.org. D) benblack@chey.com. Answer: A Diff: 2 Learning Obj.: 1 109) An Internet merchant captured all of the cookies present on Ron's personal computer at his home A) because Ron's bank required it. B) the merchant wanted to speed its transaction with Ron. C) the merchant wanted to know all of the other sites visited by Ron. D) because the merchant's bank required it. Answer: C Diff: 1 Learning Obj.: 1

110) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. OLAP ________ 2. IP ________ 3. FTP ________ 4. SQL ________ 5. POP ________ 6. Key ________ 7. Digital cash ________ 8. Hyperlink A. The most commonly used protocol for file servers B. A processing method for very large databases and complicated reporting C. Address for an individual computer on the Internet D. The most commonly used protocol for mail servers E. An electronic "promissory note" F. A "pointer" to another document on a Web server G. Used to define, access, and manipulate data in a relational database H. Needed to decode an encrypted message Answer: 1. B, 2. C, 3. A, 4. G, 5. D, 6. H, 7. E, 8. F Diff: 2 Learning Obj.: 1

111) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. API ________ 2. Firewall ________ 3. Internet ________ 4. ESB ________ 5. ORM ________ 6. SOA ________ 7. EA ________ 8. IP ________ 9. DNS A. A set of commands that a given piece of software makes available so that its functions and data can be accessed by other pieces of software B. An applications architecture design framework that facilitates the development of application suites C. Describes the joint structure and behavior of the enterprise and its information system D. Limits access to information on the company's servers from the rest of the world E. Electronic phone book that associates domain names with IP addresses F. Defines the typical business model in terms of four major domains: infrastructure, offering, customers, and finance G. Middleware that serves as a central switchboard for communications between all enterprise services and applications H. Protocol that assigns a unique address to each computer on the Internet I. "The" electronic highway Answer: 1. A, 2. D, 3. I, 4. G, 5. F, 6. B, 7. C, 8. H, 9. E Diff: 2 Learning Obj.: 1 112) Give the e-mail address for DJ Jack (his user name is djjac) who works for radio station WXYZ (the station's domain). WXYZ is a privately held corporation. Answer: djjac@wxyz.com Diff: 2 Learning Obj.: 1 113) Give the e-mail address for Red Duke (his user name is reddu), who is an instructor at Badlands Community Technical School (whose domain is blcomtech). Answer: reddu@blcomtech.edu Diff: 2 Learning Obj.: 1

114) Name four types of smart cards that are used for electronic payments, and describe the functions of each card. Answer: Suggested answer: There are four types of smart cards. Their functions and uses are: • Memory cards, which are only capable of storing information. For example, a memory card could store a customer's prepaid account balance information. A cash register could deduct charges from the card when the card is inserted in the cash register. • Shared-key cards, which encrypt all communications between the card and the point of payment device, such as a cash register. Shared-key cards could provide more security for prepaid account balances. • Signature-transporting cards, which are similar to shared-key cards, but also allow the user to spend digital cash notes. When the customer inserts the card into the cash register, the note is transferred to the cash register. The cash register can verify on-line with the bank that the note has not previously been spent. • Signature-creating cards, which are similar to signature-transporting cards, but are capable of generating their own digital signatures, allowing the user to write electronic "checks" containing the cardholder's digital signature. Diff: 2 Learning Obj.: 5 115) Explain the difference between a "server" and a "client." List and describe the four types of servers. Answer: Suggested answer: A server is a program that constantly runs on a computer and shares (exchanges) information, files, etc., with users who request the information. A client is a user program which requests information, files, etc., which have been placed on a server. The four types of servers are: • Mail servers (such as POP servers) act like electronic mailboxes, holding incoming electronic mail until the user's client program requests it. • File servers (or FTP servers) allow clients to send and retrieve files to and from remote computers. • Web servers allow clients to access documents and run computer programs residing on remote computers via the World Wide Web. • Commerce servers are Web servers that specialize in secure financial transactions. • Application servers and database servers make applications and databases available to remote clients. Diff: 2 Learning Obj.: 1

116) Describe at least three ways in which the privacy of a company's communications may be violated by unauthorized means. Answer: Students may mention the following: • Encrypted messages may be decoded by means of guessed plaintext attacks. Senders can avoid this attack by adding random numbers to the end of a message, using sufficiently long keys, and frequently changing keys. • Encrypted keys may be the targets of factoring attacks. The attacker tries to discover the two large prime numbers that make up the public key. Then, the attacker attempts to factor the private key from the two large prime numbers. Fortunately, this is almost mathematically impossible to do. • Computers that contain sensitive key information may be compromised. This is considered the most likely attack. Once an attacker obtains a private key, he or she can decrypt any messages encrypted with the related public key. To prevent attacks, personal computers containing private keys should have limited physical access. Both the computers and the keys themselves should be accessible only through passwords. • Former employees may use keys which have not been discontinued. To prevent this attack, companies should place keys on a certificate revocation list associated with the certifying authority that originally issued the key. • Attackers may monitor messages to determine their origins and destinations. This form of attack does not have a good defense. If one party needs to remain anonymous, the Internet should not be used as a communications medium. Diff: 2 Learning Obj.: 4

117) What is an intranet and what security issues surround its use by a corporation? Answer: Suggested answer: An intranet is a self-contained, in-house network or Internet that is used by a company for its own internal communications. Employees within an organization may use an intranet in exactly the same fashion as the Internet; however, the intranet may be partially or completely unavailable to those outside of the organization. The main security problem with intranets is that such a network can potentially expose the organization's sensitive information to everyone on the Internet. To help avert such a problem, companies use combinations of hardware and software to limit access from outsiders. A firewall is a software program that filters each packet of incoming information to ensure that it has originated from an authorized source. One typical approach is to use IP filtering, which blocks out incoming packets which do not originate from preauthorized IP addresses. Such preauthorized addresses are maintained in an access control list. Unfortunately, such firewall protection can be defeated if an outsider can "spoof" an IP address (by sending incoming message requests that falsely appear to come from an authorized IP address). Firewalls are still useful, but should be considered only the first-line of defense. Another type of security device used with an intranet is a proxy server. Such servers are used "on the inside" of a company's firewall to filter all outgoing requests for information. If a request is valid (as determined by settings found in an access control list), the request passes through the proxy server; otherwise it is blocked. Proxy servers can also be used "in reverse" to filter all incoming requests, thus preventing unauthorized access to specific locations within the organization. Proxy servers which operate this way provide another type of firewall protection from outside intruders. Diff: 2 Learning Obj.: 1 118) What is the difference between electronic business and electronic commerce? Answer: eBusiness refers to the use of information technologies in any aspect of the business, whereas eCommerce is a part of eBusiness that directly involves the exchange of products and services. Diff: 1 Learning Obj.: 1

119) Describe enterprise architecture and its four architectural domains. Answer: EA describes the joint structure and behavior of the enterprise and its information system. The four architectural domains are the business architecture, the information architecture, the applications architecture, and the technical architecture. The BA defines the human resources, processes, and the infrastructure that a business needs to accomplish its business strategy. The IA or data architecture defines the needed data and how it is stored, processed, utilized, and integrated with the other main domains. The AA defines the applications needed to run the business and how the applications communicate with each other through intranets, extranets, and electronic data interchange (the focus is on the applications and how they work together to form a single composite application). The TA describes the structure and behavior of the IT infrastructure and defines standards, principles, procedures, and best practices to govern the IT architecture. Diff: 1 Learning Obj.: 2

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 4 Transaction Processing and the Internal Control Process 1) The term risk is synonymous with exposure. Answer: FALSE Diff: 1 Learning Obj.: 1 2) Selecting the best opportunities and managing uncertainties is part of Enterprise Risk Management (ERM). Answer: TRUE Diff: 1 Learning Obj.: 1 3) COBIT stands for Control Objectives for Businesses in Technology fields. Answer: FALSE Diff: 1 Learning Obj.: 2 4) ISO 27002 is a widely accepted international standard for best practices in information security. Answer: TRUE Diff: 1 Learning Obj.: 2 5) Financial accounting is concerned with the prevention and detection of fraud and white-collar crime. Answer: FALSE Diff: 1 Learning Obj.: 1 6) Recent survey results indicate that the most frequent reason frauds are discovered is due to internal controls. Answer: TRUE Diff: 2 Learning Obj.: 2 7) COSO reports contain the most authoritative framework for internal control processes. Answer: TRUE Diff: 2 Learning Obj.: 2 8) The production cycle is defined as the events related to the distribution of goods and services to other entities and the collection of related payments. Answer: FALSE Diff: 2 Learning Obj.: 2 1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

9) Typically, an organization's internal control process consists of five components. Answer: TRUE Diff: 2 Learning Obj.: 2 10) Management's consideration of the relative costs for benefits of internal controls will often be subjective in nature. Answer: TRUE Diff: 2 Learning Obj.: 2 11) For both public and privately held companies, the Sarbanes-Oxley Act of 2002 (SOA) imposes certain requirements and restrictions on management, auditors, and company audit committees. Answer: FALSE Diff: 2 Learning Obj.: 2 12) The CEO and CFO must prepare a statement to accompany the audit report to certify that the company's reported financial statements are presented fairly in all material respects. Answer: TRUE Diff: 1 Learning Obj.: 2 13) The Sarbanes-Oxley Act of 2002 (SOA) allows the purchase or sale of stock by officers and directors and other insiders during blackout periods. Answer: FALSE Diff: 1 Learning Obj.: 2 14) Many companies have adopted ethics codes of conduct which provide guidance for conducting business in an ethical manner. Answer: TRUE Diff: 2 Learning Obj.: 2 15) Some believe that every corporation has its own corporate culture, and it is such a culture that ultimately either promotes or hinders ethical behavior within the corporation. Answer: TRUE Diff: 2 Learning Obj.: 2 16) Most control processes can function irrespective of the competence of employees. Answer: FALSE Diff: 2 Learning Obj.: 2 2 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

17) The board of directors serves as an interface between the stockholders of an organization and its operating management. Answer: TRUE Diff: 1 Learning Obj.: 2 18) Audit committees are usually charged with evaluation and assessment of a corporation's internal control processes. Answer: FALSE Diff: 2 Learning Obj.: 2 19) Control is established in the budgeting process by comparing the results of activity to the budget for each activity. Answer: TRUE Diff: 2 Learning Obj.: 2 20) The third component of internal control is risk assessment. Answer: FALSE Diff: 1 Learning Obj.: 2 21) The segregation of authorization from the recording of transactions and custody of assets is an essential internal control process. Answer: TRUE Diff: 2 Learning Obj.: 2 22) Physical theft is only a minor threat to the solvency of most business organizations. Answer: FALSE Diff: 2 Learning Obj.: 2 23) Approval (authorization) limits the initiation of a transaction or performance of an activity to selected individuals. Answer: FALSE Diff: 2 Learning Obj.: 3 24) The audit trail concept is basic to the design and audit of an accounting information system. Answer: TRUE Diff: 1 Learning Obj.: 3

25) In an internal audit function, the nature of independence is different than that of an external auditor. Answer: TRUE Diff: 2 Learning Obj.: 2 26) General controls can be a substitute for application controls. Answer: FALSE Diff: 2 Learning Obj.: 3 27) The computer operations supervisor has a good attendance record, which demonstrates the general operating procedure of competency of personnel. Answer: FALSE Diff: 2 Learning Obj.: 3 28) A list of changes to on-line computer files is stored on magnetic tape to provide a transaction trail. Answer: TRUE Diff: 2 Learning Obj.: 3 29) Application controls are designed to provide assurance that processing has occurred. Answer: FALSE Diff: 2 Learning Obj.: 3 30) A hash total is a meaningless number that only is important for internal control purposes. Answer: TRUE Diff: 2 Learning Obj.: 3 31) The immediate return of input information to the sender for comparison and approval is called feedback. Answer: FALSE Diff: 2 Learning Obj.: 3 32) A trailer label is the last record of an inventory file, which contains a record count of the number of records in the file. Answer: TRUE Diff: 2 Learning Obj.: 3

33) Detective controls are not considered transaction processing controls, but rather internal audit controls. Answer: FALSE Diff: 2 Learning Obj.: 3 34) Internal control should be looked upon as part of a larger process within the organization. Answer: TRUE Diff: 2 Learning Obj.: 3 35) Collusion occurs when a white-collar individual attempts to commit fraud within an organization. Answer: FALSE Diff: 1 Learning Obj.: 4 36) A negative answer given to a question on an internal control questionnaire almost always indicates a weakness in an internal control process area. Answer: FALSE Diff: 2 Learning Obj.: 5 37) A structured form of analysis relevant to internal control reviews is an applications control matrix. Answer: TRUE Diff: 2 Learning Obj.: 5 38) Someone who has personally observed the activities under review should complete an internal control questionnaire. Answer: TRUE Diff: 2 Learning Obj.: 5 39) Ratings of the relative strength or reliability of controls may be entered in a control matrix. Answer: TRUE Diff: 2 Learning Obj.: 3 40) Corrective controls act to prevent errors and fraud before they happen. Answer: FALSE Diff: 2 Learning Obj.: 3

41) An example of a suspense file is a file of back-ordered items awaiting shipment to customers. Answer: TRUE Diff: 2 Learning Obj.: 3 42) The chief goal of an information system is productivity. Answer: TRUE Diff: 2 Learning Obj.: 4 43) Controls increase productivity and the reliability of resulting output. Answer: FALSE Diff: 2 Learning Obj.: 4 44) Informal pressure from employees does not cause collusion. Answer: FALSE Diff: 1 Learning Obj.: 4 45) COSO's next report to be published will pertain to the monitoring of internal control systems in order to keep them current and effective. Answer: FALSE Diff: 1 Learning Obj.: 2 46) ________ tend to reduce ________, but they rarely affect the causes. Answer: Controls; exposures Diff: 2 Learning Obj.: 1 47) An exposure is a(n) ________ times its ________ consequences. Answer: risk; financial Diff: 3 Learning Obj.: 1 48) Deficient revenues and excessive costs reduce ________. Answer: profits Diff: 1 Learning Obj.: 1 49) The diversion or misrepresentation of assets from either employees or third parties is known as ________ ________. Answer: management fraud Diff: 2 Learning Obj.: 1 6 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

50) Fraud examination draws on the fields of ________, ________, and ________. Answer: accounting; law; criminology Diff: 3 Learning Obj.: 1 51) White-collar crime that benefits an organization rather than individuals is ________ crime. Answer: corporate Diff: 2 Learning Obj.: 1 52) The ________ cycle involves events related to the acquisition and management of capital funds, including ________. Answer: finance; cash Diff: 3 Learning Obj.: 1 53) The concept of internal control is based on ________ major premises: ________ and reasonable ________. Answer: two; responsibility; assurance Diff: 3 Learning Obj.: 2 54) Commitment and competence are factors included in the ________ environment. Answer: control Diff: 2 Learning Obj.: 2 55) All companies whose stock is traded on the New York Stock Exchange are required to have a(n) ________ ________ composed of outside directors. Answer: audit committee Diff: 2 Learning Obj.: 2 56) The ________ budget is the budget for the entire organization. Answer: master Diff: 1 Learning Obj.: 3 57) ________ bonding is common for employees who are directly responsible for the custody of assets. Answer: Fidelity Diff: 1 Learning Obj.: 3

58) Employees can check and verify the operations of other employees when the employees are forced to take a(n) ________. Answer: vacation Diff: 2 Learning Obj.: 2 59) Closely related to direct supervision is the concept of ________ ________— the assignment of two individuals to perform the same work task in unison. Answer: dual control Diff: 1 Learning Obj.: 2 60) ________ controls affect all transaction processing, while ________ controls are specific to individual applications. Answer: General; application Diff: 2 Learning Obj.: 3 61) In cases of ________, "the procedures did not fail, the people did." Answer: defalcations Diff: 2 Learning Obj.: 2 62) ERM is defined by ________ as a process applied in strategy setting and across the enterprise, to manage risk. Answer: COSO Diff: 2 Learning Obj.: 1 63) ISO 27002 aids companies with Section ________ compliance. Answer: 404 Diff: 2 Learning Obj.: 1 64) Businesses without an IT department or IT expertise can rely on outside ________ ________ ________ for their accounting, software and IT needs. Answer: application service providers Diff: 3 Learning Obj.: 1

65) Which of the items below would not be considered a possible common exposure for a corporation? A) Excessive prices are paid for goods for use in the organization. B) The corporation never was billed for a sale of merchandise shipped to a customer. C) A flash flood destroys the merchandise contained in a warehouse. D) Certain equipment was accidentally misplaced and not depreciated. Answer: C Diff: 1 Learning Obj.: 1 66) Intentional or reckless conduct, whether intentional or not, and which results in materially misleading financial statements, is called A) fraudulent financial reporting. B) corporate crime. C) management fraud. D) None of these answers are correct. Answer: A Diff: 2 Learning Obj.: 1 67) DWB Corporation suffered a loss due to the spoilage of certain raw materials used in the manufacturing of its products. The business transaction cycle in which this loss occurred is the A) revenue cycle. B) expenditure cycle. C) finance cycle. D) production cycle. Answer: D Diff: 1 Learning Obj.: 1 68) Which of the objectives listed below is not considered part of the internal control process? A) Compliance with applicable laws and regulations B) The prevention of fraud and embezzlement C) Effectiveness and efficiency of operations D) Reliability of financial reporting Answer: B Diff: 2 Learning Obj.: 2

69) "Amounts due to vendors should be accurately and promptly classified, summarized, and reported" is a representative control objective of the A) revenue cycle. B) finance cycle. C) production cycle. D) expenditure cycle. Answer: A Diff: 2 Learning Obj.: 1 70) The internal control premise that concerns the relative costs and benefits of controls is known as A) responsibility. B) risk. C) reasonable assurance. D) exposure. Answer: C Diff: 2 Learning Obj.: 2 71) Section 102 of the Federal Foreign Corrupt Practices Act of 1977 (FCPA) applies to A) all public and privately held U.S.-based companies. B) all companies subject to the Securities Exchange Act of 1934. C) any publicly held company, whether it is a for-profit or non-profit entity. D) all foreign-owned companies currently operating in the United States. Answer: B Diff: 2 Learning Obj.: 2 72) The Omnibus Trade and Competitiveness Act of 1988 (OTCA) amends the A) Securities Exchange Act of 1934. B) accounting provisions of the FCPA. C) antibribery provisions of the FCPA. D) accounting and antibribery provisions of the FCPA. Answer: D Diff: 2 Learning Obj.: 2 73) The Sarbanes-Oxley Act of 2002 imposes certain requirements and restrictions on A) management. B) auditors. C) audit committees. D) All of these answers are correct. Answer: A Diff: 2 Learning Obj.: 2 10 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

74) The Sarbanes-Oxley Act of 2002 explicitly deals with the non-audit services which auditors can provide to their audit clients. Certain non-audit services may be permissible, without prior approval of a company's audit committee, if the non-audit services A) constitute less than 5% of the audit fees for the corporation. B) constitute less than 5% of the audit fees for the corporation and are not specifically identified as being barred by SOA 2002. C) constitute less than 20% of the audit fees for the corporation. D) Auditors are barred from any and all non-audit services for their audit clients according to SOA 2002. Answer: B Diff: 3 Learning Obj.: 2 75) The component of internal control that is the foundation for all other components is A) risk assessment. B) information and communication. C) control activities. D) control environment. Answer: D Diff: 2 Learning Obj.: 2 76) One way in which a company can produce a corporate culture that supports ethical behavior is through A) emphasis on sales quotas and deadlines. B) emphasis on short-run goals and objectives. C) a cultural audit to bring to light the corporation's true culture and ethical behavior. D) All of these answers are correct. Answer: C Diff: 2 Learning Obj.: 2 77) The formal communications patterns within an organization can be communicated using A) a specific, precise management philosophy. B) an organizational chart. C) a cultural audit. D) an ethical code of conduct. Answer: B Diff: 2 Learning Obj.: 2

78) Assets fraudulently appropriated for one's own use from an organization is considered A) fraud. B) theft. C) embezzlement. D) a corporate loan. Answer: C Diff: 1 Learning Obj.: 1 79) An interesting aspect of white-collar crime is that A) it often seems to be victimless. B) it usually amounts to less than $1,000 per organization per year on average. C) internal controls almost never reveal the perpetrators of such crimes. D) None of these answers are correct. Answer: A Diff: 2 Learning Obj.: 1 80) Many aspects of computer processing tend to significantly A) decrease an organization's exposure to undesirable events. B) strengthen the corporate culture's ethical behavior in the long-term analysis. C) increase employee productivity through the use of monitoring software. D) increase an organization's exposure to undesirable events. Answer: D Diff: 2 Learning Obj.: 3 81) The department or division of larger organizations which is responsible for monitoring and evaluating controls on an ongoing basis is A) internal auditing. B) external auditing. C) internal affairs. D) division monitoring. Answer: A Diff: 1 Learning Obj.: 3 82) The two broad categories of transaction control are A) general controls and specific controls. B) general controls and application controls. C) general controls and basic controls. D) basic controls and application controls. Answer: B Diff: 1 Learning Obj.: 3

83) Application controls are often classified as A) general, processing, and specific. B) basic, specific, and accounting. C) general, application, and output. D) input, processing, and output. Answer: D Diff: 1 Learning Obj.: 3 84) An agreement or conspiracy among two or more people to commit fraud is known as A) embezzlement. B) misappropriation. C) collusion. D) misrepresentation. Answer: C Diff: 1 Learning Obj.: 4 85) An analytical technique commonly used to analyze and examine an internal control process is known as a(n) A) control flowchart. B) internal control questionnaire. C) exposure checklist. D) segregation of duties. Answer: B Diff: 1 Learning Obj.: 5 86) An exposure is A) synonymous with risk. B) equal to risk multiplied by the likelihood of detection. C) equal to risk multiplied by the financial consequences. D) not possible with a good system of internal controls in place. Answer: C Diff: 2 Learning Obj.: 1 87) Fraudulent financial reporting A) involves intentional or reckless conduct. B) may be due to an act of omission or commission. C) results in misleading financial statements. D) All of these answers are correct. Answer: D Diff: 2 Learning Obj.: 1

88) Internal control is affected by an organization's A) board of directors, management, and other personnel. B) management and internal auditors. C) management and external auditors. D) board of directors, management, and shareholders. Answer: A Diff: 2 Learning Obj.: 2 89) Management's philosophy and operating style are part of which component of internal control? A) Control activities B) Control environment C) Information and communication D) Monitoring Answer: B Diff: 2 Learning Obj.: 2 90) Organizational structure is part of which component of internal control? A) Control activities B) Control environment C) Information and communication D) Monitoring Answer: B Diff: 2 Learning Obj.: 2 91) An audit committee is required by A) the AICPA. B) the Securities and Exchange Commission. C) generally accepted accounting principles. D) both the New York Stock Exchange and the Sarbanes-Oxley Act of 2002. Answer: D Diff: 2 Learning Obj.: 2 92) Which of the following are examples of risks that are relevant to the financial reporting process? A) Changes in the operating environment B) Changes in personnel C) Changes in the information system D) All of these answers are correct. Answer: D Diff: 2 Learning Obj.: 1 14 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

93) The three types of functions that normally should be segregated to promote internal control are A) recording transactions, authorizing transactions, and approval. B) authorizing transactions, approving transactions, and custody of assets. C) authorizing transactions, recording transactions, and custody of assets. D) authorizing transactions, inputting data, and outputting data. Answer: C Diff: 2 Learning Obj.: 3 94) A computer-produced document that is intended for resubmission into the system, such as the part of the utility bill that the customer returns with payment, is a(n) A) invoice. B) dual-submit document. C) turnaround document. D) automated input document. Answer: C Diff: 2 Learning Obj.: 3 95) The marking of a form or document to direct or restrict its further processing is called A) an endorsement. B) a restriction. C) blocking. D) a cancellation. Answer: A Diff: 2 Learning Obj.: 3 96) Identifying transaction documents to prevent their further or repeated use after they have performed their function is known as A) cancellation. B) restriction. C) blocking. D) endorsement. Answer: A Diff: 2 Learning Obj.: 3

97) The general term for any type of control total or count applied to a number of transaction documents is A) amount control total. B) line control total. C) hash total. D) batch control total. Answer: D Diff: 2 Learning Obj.: 3 98) Totals of homogeneous amounts for a group of transactions or records, usually expressed in dollars or quantities, is known as a(n) A) batch control total. B) hash total. C) amount control total. D) line total. Answer: C Diff: 2 Learning Obj.: 3 99) The reentry of transaction data with machine comparison of the initial entry to the second entry to detect errors is called A) batch balancing. B) key verification. C) validity checking. D) a run-to-run comparison. Answer: B Diff: 2 Learning Obj.: 3 100) A repetition of processing and an accompanying comparison of individual results for equality is called A) redundant processing. B) matching. C) run-to-run comparison. D) readback. Answer: A Diff: 2 Learning Obj.: 3

101) The identification and analysis of differences between the values contained in two substantially identical files or between a detail file and a control file is A) validity checking. B) verification. C) reconciliation. D) clearing. Answer: C Diff: 2 Learning Obj.: 3 102) The identification of unprocessed or retained items in files according to their date, usually the transaction date, is A) clearing. B) aging. C) periodic auditing. D) summary processing. Answer: B Diff: 2 Learning Obj.: 3 103) Research indicates that the most frequent type of fraud is A) misappropriation of funds. B) check forgery. C) false invoices. D) credit card fraud. Answer: A Diff: 3 Learning Obj.: 1 104) Research indicates that the most expensive type of fraud is A) patent infringement. B) false financial statements. C) credit card fraud. D) All of these types of fraud are equally expensive. Answer: D Diff: 3 Learning Obj.: 1 105) An audit committee A) is composed only of an organization's shareholders. B) should be primarily composed of only external board members (a NYSE requirement). C) ideally should be composed only of members who are also high-level executives in the organization. D) ideally should report directly to the controller. Answer: B Diff: 3 Learning Obj.: 1 17 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

106) The FCPA requires that a system of internal accounting controls A) guarantee that profits are correctly stated in a firm's audited financial statements. B) provide absolute assurance that transactions are executed only in accordance with management's authorization. C) provide reasonable assurance that access to assets is permitted only in accordance with management's authorization. D) ensure the long-run profitability of an organization. Answer: C Diff: 3 Learning Obj.: 1 107) If the treasury and controller functions are independent, which of the following should be assigned to the controller to maintain effective control? A) Approval of disbursements B) Responsibility for check signing C) Custody of short-term investment securities D) Authorization of write-offs of accounts receivable Answer: A Diff: 3 Learning Obj.: 2 108) A clerk accidentally posts a prenumbered sales invoice of $625 as $265 to a customer's account. What control would detect this error? A) A hash total of the invoice numbers B) A sequence check of the numbers of the invoices which are to be posted C) A document count of the invoices D) A control total of the amounts to be posted Answer: D Diff: 3 Learning Obj.: 3 109) Which of the following would impair the effectiveness of the separation of incompatible functions in an organization? A) The personnel director reports to the vice president for administration. B) The controller reports to the vice president of sales. C) The cashier reports to the treasurer. D) The director of budgeting reports to the controller. Answer: B Diff: 3 Learning Obj.: 3

110) A well planned system of internal accounting control normally would include procedures that are designed to provide reasonable assurance that A) employees act with integrity when performing their assigned tasks. B) decisions leading to management's authorization of transactions are sound. C) collusive activities would be detected by segregation of employee duties. D) transactions are executed in accordance with management's general or specific authorization. Answer: D Diff: 3 Learning Obj.: 3 111) Monitoring, the fifth component of internal control, involves A) assessing the quality of internal controls over time and taking corrective actions if necessary. B) studying the methods used and records established to identify, assemble, analyze, classify, record, and report the organization's transactions. C) maintaining accountability for the financial structure (i.e., assets and liabilities) of the organization. D) assessing and managing the risks that affect the organization's objectives. Answer: A Diff: 3 Learning Obj.: 2 112) ERM contains eight components. Which one of the following is not a component of ERM? A) Internal environment B) Risk assessment C) Risk response D) Risk elimination Answer: D Diff: 2 Learning Obj.: 1 113) Which one of the following is not an element of the internal control process? A) Control environment B) Risk assessment C) Risk response D) Monitoring Answer: C Diff: 2 Learning Obj.: 2 114) Guidance for Section 404 compliance can be found in A) COSO reports. B) ISO 27002. C) the United States Federal Sentencing Guidelines. D) Guidance can be found in all of the above. Answer: D Diff: 2 Learning Obj.: 1 19 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

115) COSO's Guidance on Monitoring Internal Control Systems includes the following phases except A) establishing a foundation for monitoring. B) designing and executing monitoring procedures that are based on risk. C) developing the objectives for the level of risk that can be tolerated by management. D) assessing and reporting the results. Answer: C Diff: 2 Learning Obj.: 1 116) The problems small businesses encounter with internal control that are addressed by COSO include the following except A) effective boards of directors. B) limited segregation of duties and increased focus on monitoring. C) compensating for limitations in information technology. D) outsourcing increased reporting requirements. Answer: D Diff: 2 Learning Obj.: 1 117) Small and large companies can gain cost efficiencies in internal control by A) focusing financial items that have changed the most from period to period. B) managing reporting objectives. C) effectively managing the amount and types of documentation on adequate controls. D) All of the above will enable small companies to gain cost efficiencies. Answer: D Diff: 2 Learning Obj.: 5

118) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Fidelity bond ________ 2. Tickler file ________ 3. Suspense account ________ 4. Anticipation ________ 5. Corrective controls ________ 6. Input controls ________ 7. Authorization ________ 8. Batch sequence ________ 9. Forensic accounting ________ 10. Managerial audit A. A synonym for batch serial numbers B. The expectation of a given transaction or event at a particular time C. A contract with an insurance company that provides a financial guarantee of the honesty of the individual who is named in the bond contract D. A synonym for a managerial audit E. A control total for items awaiting further processing F. Designed to prevent or detect errors in the beginning stage of processing G. An activity concerned with preventing and detecting fraud H. A control file consisting of items sequenced by age used for processing or follow-up purposes I. These act to correct errors J. Limits the initiation of a transaction or performance of an activity to selected individuals Answer: 1. C, 2. H, 3. E, 4. B, 5. I, 6. F, 7. J, 8. A, 9. G, 10. D Diff: 2 Learning Obj.: 3

119) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. FCPA ________ 2. Audit committee ________ 3. Collusion ________ 4. Application controls matrix ________ 5. Internal auditing ________ 6. Control environment ________ 7. Cancellation ________ 8. Statutory sanction ________ 9. Format check ________ 10. Endorsement A. Has responsibility for reviewing the reports of the company's external auditors B. The identification of documents to prevent their repeated use C. A type of exposure D. A law which requires publicly held companies to maintain adequate accounting systems E. One of the main components of internal control F. Agreement or conspiracy among two or more people to commit fraud G. An example of this procedure is: all characters in the vendor number field are numeric H. A technique for internal control analysis I. Marking a form or document to restrict its further processing J. An example of the monitoring component Answer: 1. D, 2. A, 3. F, 4. H, 5. J, 6. E, 7. B, 8. C, 9. G, 10. I Diff: 2 Learning Obj.: 3

120) Listed below is a list of terms relating to internal control processes, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Check digit ________ 2. Upstream resubmission ________ 3. Exposure ________ 4. Control register ________ 5. Hash total ________ 6. Internal control questionnaire ________ 7. Physical controls ________ 8. Preventive controls ________ 9. Run-to-run totals ________ 10. General controls A. These affect all transaction processing B. An internal control analysis technique C. A detective control used to determine if input is correct D. A log indicating the disposition and control values of batches or transactions E. A detective control use to determine if processing is complete F. The sum of a batch's preprinted check numbers is an example G. Segregation of duties is an example H. A limited access area, for example I. Business interruption is an example J. This is an example of a corrective control Answer: 1. C, 2. J, 3. I, 4. D, 5. F, 6. B, 7. H, 8. G, 9. E, 10. A Diff: 2 Learning Obj.: 3

121) Listed below are various controls found in a system of internal control. Required: Label each of the following controls as preventive (P), detective (D), or corrective (C). ________ 1. Transaction trail ________ 2. Rotation of duties ________ 3. Reconciliation ________ 4. Visual verification ________ 5. Batch controls ________ 6. Endorsement ________ 7. Redundant processing ________ 8. Training of Personnel ________ 9. Batch balancing ________ 10. Automatic error correction Answer: 1. C, 2. P, 3. D, 4. D, 5. D, 6. P, 7. D, 8. P, 9. D, 10. C Diff: 2 Learning Obj.: 3

122) Presented below are ten control features, followed by ten statements describing either the achievement of a control feature (i.e., a system success) or a system deficiency. Required: On the answer line to the left of each control feature, insert the capital letter from the list of the most closely related system success or deficiency. Each letter will be used only once. ________ 1. Backup and recovery ________ 2. Check digit ________ 3. Batch balancing ________ 4. Format check ________ 5. Suspense file ________ 6. Hash total ________ 7. Password ________ 8. Turnaround document ________ 9. Forms design ________ 10. Reasonableness test A. This helps control input accuracy by ensuring that dates are properly entered using the format MM/DD/YYYY. B. Many customer account numbers entered into the billing transaction file are invalid. C. This could help prevent the entry of inconsistent data elements, such as entering a tax code for a customer for whom sales should be nontaxable. D. In entering a batch of invoices into the computer, an operator made several errors in keying the invoice numbers. As a result, the computer program updated computer accounts with incorrect invoice information. E. A new field salesperson omitted several data elements when completing the sales order forms. F. The vendor master file was damaged in yesterday's update, and cannot be used for today's update. G. A former employee gained access to the computer system and damaged the customer master file. H. A computer operator discovered that he had not input all items in a batch. I. This feature speeds up data entry because some of the input data is prerecorded on the source document and can be scanned. J. A supervisor reviews this document frequently to dispose of partially processed transactions. Answer: 1. F, 2. B, 3. H, 4. A, 5. J, 6. D, 7. G, 8. I, 9. E, 10. C Diff: 2 Learning Obj.: 3

123) Listed below are several examples of internal control procedures. Required: For the following internal control procedures, give the reason or objective of the control: a. Checks are mailed by someone other than the person who prepares and signs a check. b. The accounting department matches invoices received to receiving reports prior to recording the payable. c. The cashier deposits cash and mails checks to vendors, but does not record any information in the accounting system. d. The employee performing the bank reconciliation does not perform any cash handling or recording activities. Answer: a. This prevents an employee from processing phony payables and diverting the signed check to himself/herself. b. This prevents the company from recording and subsequently paying for goods and services not actually received. c. The cashier cannot conceal cash thefts with accounting entries. d. The employee performing the reconciliation cannot perpetrate a theft by stealing cash, and cannot conceal a theft by recording it. The employee's reconciliation serves as a check on the activities of others. Diff: 2 Learning Obj.: 2 124) Listed below are examples of several internal control procedures. Required: For the following internal control procedures, give the objective of the control: a. The stock of unused checks is kept under lock and key. b. "Surprise" counts of cash funds are conducted periodically. c. All purchases must be made by the purchasing department. d. The accounting department matches invoices to copies of purchase orders. Answer: a. This prevents checks from being stolen and forged. b. This prevents a theft of cash. c. This prevents unauthorized parties from purchasing goods. d. This prevents the company from paying for unauthorized purchases. Diff: 2 Learning Obj.: 2

125) Listed below are four examples of possible exposures found in the various business cycles of a certain business. Required: For each example, identify the transaction cycle control objective and give a solution which will help to reduce the possible exposure found in each example. a. There is no written policy regarding access to the securities the company purchases as an investment. The securities are in a file in the bottom drawer of a file cabinet in the office. b. The office supervisor makes "spur of the moment" decisions regarding the hiring and use of vendors for office supplies and maintenance of the office and warehouse building. c. A sales representative sent out a shipment of merchandise to a customer on Friday afternoon, telling the warehouse supervisor that he would write up the paperwork the following Monday morning. d. The clerk who prepares and sends statements to customers was hurt in an auto accident and is on sick leave. As a result, the sales representative now prepares and sends out customer statements when he has some free time. Answer: a. Finance cycle. "Access to cash and securities should be permitted only in accordance with management's criteria." Management of the company should create a policy regarding access to securities or cash, and then implement the policy by training employees and limiting physical access to securities (probably by using a safe or a safety deposit box at a bank). b. Expenditure cycle. "Vendors should be authorized in accordance with management's criteria." Management of the company should create and implement a policy regarding the use of vendors. Management should authorize vendors before they are hired or used by the company. The office manager may be given some authorization to buy office supplies and necessary items under a certain dollar amount. c. Revenue cycle. "All shipments of goods should result in a billing to the customer." The problem here is that the shipment may not be billed if the sales representative and warehouse manager fail to prepare the paperwork. Paperwork should be prepared prior to the shipment of any merchandise sold to customers. d. Revenue cycle. "Billings to customers should be accurately and promptly classified, summarized, and reported." Since it appears that the designated employee who handles customer billing will be off work in the foreseeable future, a temporary employee should be hired and trained. The sales representative should not be sending out customer statements when he has "some free time." The temporary employee must be held accountable for preparing and sending out statements, which need to be properly recorded in a timely manner. Diff: 2 Learning Obj.: 1

126) Metaluna, Inc., is a new software company that recently began operations in 2003. Metaluna's stock is publicly traded. Listed below are several statements made recently by the CEO and Chairman of the Board of Metaluna at a directors meeting. Required: Please comment on each statement in light of the requirements imposed by the Sarbanes-Oxley Act (SOA) of 2002. a. "I would like our external auditors to have a major role in our financial systems design and implementation in the future. They seem like a good group of knowledgeable individuals who I believe can help us in this area." b. "As you know, our controller resigned from her position this week. I would like to see if someone from the auditing firm who worked on our most recent audit would be interested in coming 'on board' with us." c. "I am ready to approve a $20,000 company loan to our CIO to help him send his daughter to Stanford in the fall." d. "The audit committee has suggested that a new auditing firm be hired after completion of our current audit. I would like the board to make a resolution giving me sole discretion and authorization in this matter, since I believe I am better qualified to make such a decision." Answer: The CEO and Chairman of Metaluna, Inc., has made several statements, which if acted upon by the board and company, are serious violations of the Sarbanes-Oxley Act of 2002. a. The SOA severely restricts the non-audit services that auditors can provide to their clients. In the case of Metaluna, the auditing firm is expressly barred from offering its services in the area of financial systems design and implementation. Metaluna should find a competent third-party consultant with a high degree of expertise in this area. b. Metaluna cannot hire someone from the auditing firm as controller if the individual has worked on the audit of the company during a one-year period preceding the audit. SOA prohibits such hiring as a conflict of interest. Metaluna should hire a controller either from another company in the same industry, or seek someone from another auditing firm who has no connection with Metaluna's current external auditor. c. The SOA specifically prohibits Metaluna from making a personal loan to its CIO (an executive officer of the company). d. Under SOA, the audit committee is given the sole responsibility for selecting, hiring, and overseeing the auditor of a company. In this situation, if the board votes to give the CEO "sole discretion and authorization in this matter," it will be violating the law, and undermining the role of the audit committee of Metaluna, Inc. Diff: 3 Learning Obj.: 1

127) The following three questions on an internal control questionnaire relate to comparisons of one amount to a second amount. Required: What is the purpose of each of these comparisons? a. Does the company compare budgeted amounts with actual expenditures? b. Does the company mail monthly statements of account to all customers? c. Does the company adjust inventory records to physical counts at least once a year? Answer: a. Comparing actual with planned expenditures and investigating any significant differences helps the company determine if there are errors or irregularities in the accounting records, and sheds some light on whether the company is operating in an efficient and effective manner. b. In addition to reminding customers of the amounts due, monthly statements allow the company to use the customer to determine the validity of invoice amounts. The company compares its records with the customers' records. c. Periodically, recorded amounts should be compared with actual physical amounts. These amounts may be different because of inaccurate recordkeeping or spoiled or stolen inventory. Diff: 3 Learning Obj.: 3 128) Briefly describe five types of common business exposures and their related causes. Answer: Suggested answer: The text lists eight exposures, as follows: • Excessive costs potentially result from every business expenditure. • Deficient revenues result from decreases in sales, failure to record sales, and uncollected balances from customers. • Loss of assets may result from theft, acts of violence, or natural disaster. The loss may be intentional or unintentional. • Inaccurate accounting results from errors or intentional misstatements in records and financial statements. • Business interruption is a temporary or permanent cessation of operations resulting from natural disasters, physical acts of violence, or other business exposures. • Statutory sanctions result from a company's noncompliance with laws and regulations. • Competitive disadvantage is the inability of an organization to remain viable in the marketplace and results from ineffective management decisions or business exposures. • Fraud and embezzlement may result from actions of those inside or outside of the organization to divert the organization's assets or to mislead investors. Diff: 2 Learning Obj.: 1

129) Discuss three behavioral issues that should be considered when implementing an internal control plan. Answer: Suggested answer: Students may mention: • Internal controls may conflict with productivity. For example, an employee may omit a control in the interest of productivity. • Segregation of duties assumes that employees will not collude with each other. • Many controls are based on the assumption that employees will report irregularities committed by other employees. • The position/power of an individual in the organization who commits an irregularity may influence whether or not the irregularity gets reported. • Informal pressures, such as peer pressure, may lead to an irregularity not being reported. Diff: 2 Learning Obj.: 4 130) Give five examples of ways a company may be exposed to excessive costs. Answer: Suggested answer: Students may mention any of the following problems with expenditures: • paying higher prices than necessary for purchases of goods or services • paying employees for work that was not effective • paying employees for inefficient work • buying and using too much raw materials because of inefficient production • incurring excessive advertising, travel, or other expenses • paying penalties due to late payment of taxes • paying penalties or finance charges due to late payment of bills Diff: 2 Learning Obj.: 1 131) Discuss why a fraud examiner needs to be educated in the fields of accounting, law, and criminology to properly perform a fraud investigation. Answer: Suggested answer: Fraud examination can be termed a multi-disciplinary activity, since it attempts to find fraud committed by employees or outside individuals. An examiner needs to understand and know about accounting transactions to understand the nature of fraudulent accounting. Since fraud is a violation of any number of local, state, and federal laws, the examiner must have an essential understanding of the related laws that apply to such crimes. An examiner must also possess some understanding of the nature of criminals and their actions, so a basic knowledge of criminology is essential. A fraud examiner must also know legal procedures and the rules of evidence to properly (and legally) conduct an investigation and gather appropriate evidence for later use in a court of law. Diff: 2 Learning Obj.: 1

132) What is corporate culture? Why might someone argue that the corporate culture has more influence over ethical behavior in a firm than the corporate ethics code of conduct? Answer: Suggested answer: Corporate culture includes the general beliefs, practices, and attitudes of employees. If the general belief of the company is that complying with safety practices is important, for example, employees will probably operate safely despite what the code of conduct states about safety. If management has made it clear that being honest in dealing with customers and suppliers is important, employees will probably practice honesty. The code of conduct may be more useful in disciplining inappropriate behavior than it is in encouraging good behavior. Diff: 2 Learning Obj.: 2 133) Enterprise risk management contains eight components. Identify at least six and explain its importance to managing risk within a company. Answer: Suggested answer: 1. Internal Environment - the overall culture, atmosphere, and tone of the organization. 2. Objective Setting - management's process for setting objectives in a way that is consistent with their tolerance for risk. 3. Event identification - the process of identifying internal and external events that affect the entity's opportunities and risks as they relate to achieving management objectives. 4. Risk assessment - the process of analyzing risks, the likelihood of identified events, and their potential impact. 5. Risk response - the process of responding to risks and identified events. 6. Control activities - the policies and procedures that are implemented to effect risk responses. 7. Information and communication - the overall flow of information as it's applied to managing risks in support of the other ERM components. 8. Monitoring - the process of monitoring the entire ERM process. Diff: 2 Learning Obj.: 1

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 5 Fraud Examination and Fraud Management 1) Fraud examination and fraud investigation both refer to the application of accounting and other specialized skills to the prevention, detection, investigation, correction, and reporting of fraud. Answer: TRUE Diff: 1 Learning Obj.: 1 2) Fraud prevention requires implementing control checklists that contain items such as firewalls and anti-virus software. Answer: FALSE Diff: 1 Learning Obj.: 1 3) The ISO 27000 family of standards has over 5,000 controls. Answer: TRUE Diff: 1 Learning Obj.: 1 4) COBIT standard is based on 16 high-level objectives that are broken down into 318 detailed control objectives. Answer: FALSE Diff: 2 Learning Obj.: 1 5) Fraud detection includes several standalone processes such as fraud prevention, investigation, correction, reporting, and recovery. Answer: FALSE Diff: 2 Learning Obj.: 1 6) Fraud detection involves identifying indicators of fraud that suggest a need for further investigation. Answer: TRUE Diff: 1 Learning Obj.: 1 7) Data-driven fraud detection involves the formal analysis of small sets of data in search for fraud indicators. Answer: FALSE Diff: 2 Learning Obj.: 1

8) Fraud detection software and services often use sophisticated statistical techniques. Answer: TRUE Diff: 2 Learning Obj.: 1 9) Benford analysis exploits the pattern relating to the first digit of numbers appearing in a random data set. Answer: TRUE Diff: 2 Learning Obj.: 1 10) The external auditor is a good candidate to receive tips. Answer: FALSE Diff: 2 Learning Obj.: 1 11) Fraud detection is often an imperfect process. Answer: TRUE Diff: 2 Learning Obj.: 1 12) Type 1 error occurs when a fraud indicator fails to signal fraud. Answer: FALSE Diff: 2 Learning Obj.: 1 13) Type 2 errors result in unnecessary fraud investigations. Answer: FALSE Diff: 2 Learning Obj.: 1 14) Total fraud cost is defined as the summation of costs of prevention, costs of investigations, costs of detections, and costs of losses. Answer: TRUE Diff: 2 Learning Obj.: 1 15) The fraud engagement process includes various steps in which evidence is collected in support of the scope and objectives of the investigation. Answer: FALSE Diff: 3 Learning Obj.: 1

16) A fraud incident report can be anything from a red flag to a formal report written by a responsible person. Answer: TRUE Diff: 1 Learning Obj.: 1 17) A company-generated incident report may serve as the basis of a probable-cause justification that would be required to obtain subpoenas, search warrants, and even arrest warrants. Answer: FALSE Diff: 2 Learning Obj.: 1 18) CEO/owner, legal counsel, and the internal auditors are among the possible candidates to receive notifications regarding a fraud investigation. Answer: TRUE Diff: 2 Learning Obj.: 1 19) Evidence is anything that relates to the truth or falsity of an assertion made in an investigation or legal proceeding. Answer: TRUE Diff: 2 Learning Obj.: 2 20) The first question a fraud investigator should always ask is "why." Answer: FALSE Diff: 2 Learning Obj.: 2 21) A fraud theory provides answers to the basic question regarding who, what, when, where, how, and why. Answer: TRUE Diff: 2 Learning Obj.: 2 22) Physical and document evidence include things such as fingerprints, trace evidence, and forged or incriminating documents. Answer: TRUE Diff: 2 Learning Obj.: 2 23) Physical and document evidence include audio or video recordings of suspects' activities. Answer: FALSE Diff: 2 Learning Obj.: 2

24) Evidence should be collected in a specific order. Answer: TRUE Diff: 2 Learning Obj.: 2 25) A subpoena is an order from a government agency or officer of a court that compels the recipient, under penalty, to produce physical evidence, documents, or testimony. Answer: TRUE Diff: 2 Learning Obj.: 2 26) A search warrant is an order from a government agency or officer of a court that compels the recipient, under penalty, to produce physical evidence, documents, or testimony. Answer: FALSE Diff: 2 Learning Obj.: 2 27) Tracing involves beginning with a source document and following the related transaction through the entire accounting cycle. Answer: TRUE Diff: 2 Learning Obj.: 2 28) Vouching begins with numbers in accounts and follows them backward to the source documents. Answer: TRUE Diff: 2 Learning Obj.: 3 29) It is common for fraud investigators to question the authenticity or authorship of documents. Answer: TRUE Diff: 2 Learning Obj.: 2 30) Observational evidence can be the most powerful form of evidence. Answer: TRUE Diff: 2 Learning Obj.: 2 31) Invigilation is a technique used by fraud investigators to authenticate documentation. Answer: FALSE Diff: 2 Learning Obj.: 2

32) A well-prepared interview conducted by a skilled interviewer can sometimes result in a confession that completely unwinds a complicated case. Answer: TRUE Diff: 2 Learning Obj.: 3 33) Calibration is part of the fraud triangle. Answer: FALSE Diff: 3 Learning Obj.: 3 34) Polygraphs may sometimes be used to detect dishonesty in fraud investigations. Answer: TRUE Diff: 2 Learning Obj.: 3 35) Individuals who respond more to audio stimuli typically look down and to the right, or simply vertically to the right, when recalling information. Answer: FALSE Diff: 3 Learning Obj.: 3 36) Fraud investigator should immediately present the suspect with a written confession to sign once an oral confession is obtained. Answer: TRUE Diff: 2 Learning Obj.: 3 37) The fraud report presents conclusions regarding a suspect's guilt. Answer: FALSE Diff: 2 Learning Obj.: 4 38) Loss recovery options include accepting the loss, collecting insurance if available, and pursuing the perpetrator in court. Answer: TRUE Diff: 2 Learning Obj.: 4 39) Expert consultants provide expert opinions and analyses to attorneys. Answer: TRUE Diff: 2 Learning Obj.: 5

40) Discovery is a process in which opposing parties can require each other and relevant parties to produce out-of-court evidence Answer: TRUE Diff: 1 Learning Obj.: 5 41) Expert qualifications include things such as race, gender, and social status. Answer: FALSE Diff: 1 Learning Obj.: 5 42) Earnings management is always illegal and can never be justified by GAAP. Answer: FALSE Diff: 2 Learning Obj.: 6 43) Managers can legally manipulate or manage reported financial statement figures within GAAP. Answer: TRUE Diff: 2 Learning Obj.: 6 44) Stock option is an executive mechanism to prevent financial statement fraud. Answer: FALSE Diff: 1 Learning Obj.: 6 45) Internal auditors should report directly to the audit committee and operate completely independent of the CEO, the CFO, and top management. Answer: TRUE Diff: 1 Learning Obj.: 6 46) Half of all financial statement frauds involve overstating inventory. Answer: FALSE Diff: 2 Learning Obj.: 6 47) In the United States, employee fraud represents a small percentage of loss for most organizations. Answer: FALSE Diff: 1 Learning Obj.: 7

48) The corporate culture plays a key role in fostering employee dishonesty. Answer: TRUE Diff: 2 Learning Obj.: 7 49) Swapping checks for cash is a cash-register fraud that involves removing cash from the cash register and replacing it with bogus checks. Answer: TRUE Diff: 2 Learning Obj.: 7 50) Computer forensics is the application of computer science to computer-related matters that might come before a court. Answer: TRUE Diff: 2 Learning Obj.: 8 51) It is not possible for fraudsters to crack any passwords or encryption keys. Answer: FALSE Diff: 2 Learning Obj.: 8 52) IP tracing is not a foolproof method. Answer: TRUE Diff: 2 Learning Obj.: 8 53) ________ ________ ________ typically involves an employee pocketing cash but not recording its collection. Answer: Sales skimming schemes Diff: 1 Learning Obj.: 7 54) The solution in preventing lapping of accounts receivable is ________ ________ ________ ________. Answer: segregation of accounting duties Diff: 1 Learning Obj.: 7 55) ________ ________ typically involves using a stolen customer check to make a payment on account. Answer: Check laundering Diff: 1 Learning Obj.: 7

56) ________ ________ ________ ________ may occur when cash register receipts are not reconciled with sales receipts per each individual cash register. Answer: Robbing the cash register Diff: 2 Learning Obj.: 7 57) The solution to prevent employees from stealing cash in the mailroom is to have ________ employees work together. Answer: two Diff: 2 Learning Obj.: 7 58) ________ ________ ________ ________ requires that the bookkeeper for accounts receivable also handle incoming payments for customer accounts. Answer: Lapping of accounts receivable Diff: 2 Learning Obj.: 7 59) ________ ________ involves using chemicals to remove a check's payment details and then adding new details for the payee, date, or amount of payment. Answer: Check washing Diff: 2 Learning Obj.: 7 60) ________ ________ ________ occur when a dishonest purchasing agent purchases from a friend even though to do so is not in the best interest of the company. Answer: Bid rigging frauds Diff: 3 Learning Obj.: 7 61) ________ ________ may involve improper hiring, improper changes to employee personnel files and pay rates. Answer: Payroll fraud Diff: 2 Learning Obj.: 7 62) ________ ________ ________ can involve misappropriation of waste, scrap, and spoiled goods. Answer: Production cycle fraud Diff: 2 Learning Obj.: 7 63) Content analysis determines the ________ of computer files and electronic communications. Answer: content Diff: 1 Learning Obj.: 8 8 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

64) Locating and extracting data of interest from computer-storage devices is known as a(n) ________ ________. Answer: data extraction Diff: 2 Learning Obj.: 8 65) ________ ________ represents the gaining of access to files or communications that are encrypted or protected by passwords. Answer: Password recovery Diff: 2 Learning Obj.: 8 66) Pulling the plug can defeat certain ________ techniques sometimes used by sophisticated fraudsters. Answer: anti-tampering Diff: 1 Learning Obj.: 8 67) In many cases, the investigator will seek to find the ________ location associated with a computer device that is used to communicate over the Internet. Answer: physical Diff: 2 Learning Obj.: 8 68) ________ ________ are normally issued to individuals and organizations through Internet service. Answer: IP addresses Diff: 2 Learning Obj.: 8 69) Some hackers would connect through ________ server chains in order to hide their IP addresses Answer: proxy Diff: 2 Learning Obj.: 8 70) The widely accepted principle of ________ requires that investigations be started or continue only when there is a reasonable basis to do so. Answer: predication Diff: 2 Learning Obj.: 2 71) Evidence is collected in a specific order. First, ________ evidence is collected, then ________ are conducted, and finally the ________ are conducted. Answer: physical and document, observations, interviews Diff: 3 Learning Obj.: 2 9 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

72) A(n) ________ ________ is a court order that authorizes law enforcement to search for and seize evidence. Answer: search warrant Diff: 2 Learning Obj.: 2 73) The method that involves beginning with a source document and following the related transaction through the entire accounting cycle is called ________. Answer: tracing Diff: 2 Learning Obj.: 2 74) The method that begins with numbers in accounts and follows them backward to the source documents is called ________. Answer: vouching Diff: 2 Learning Obj.: 2 75) ________ ________ are individuals who specialize in analyzing questioned documents. They can detect document alterations by analysis of things such as the paper, the ink, and typefaces. Answer: Document examiners Diff: 2 Learning Obj.: 2 76) The observation technique that involves observing a suspect's behavior before, during, and after an announced investigation is called ________. Answer: invigilation Diff: 2 Learning Obj.: 2 77) The three sides of the fraud triangle are: ________, ________, and ________. Answer: opportunity, pressure, and rationalization Diff: 2 Learning Obj.: 3 78) ________ ________ options include accepting the loss, collecting insurance if available, and pursuing the perpetrator in court. Answer: Loss recovery Diff: 2 Learning Obj.: 4 79) Fraud investigators would prepare a(n) ________ ________ at the conclusion of an investigation. Answer: fraud report Diff: 2 Learning Obj.: 4 10 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

80) Individuals who provide expert opinions and analyses to attorneys under the umbrella of attorney-client privilege are called ________ ________. Answer: expert witnesses Diff: 2 Learning Obj.: 5 81) Before an expert can be permitted to testify, he or she must first demonstrate ________ ________. Answer: expert qualifications Diff: 2 Learning Obj.: 5 82) The U.S. federal court system is governed by Rule ________ which permits those qualified as experts to present expert testimony in court. Answer: 702 Diff: 2 Learning Obj.: 5 83) In order for an expert witness be permitted to present his or her testimony in court, his or her testimony needs to be based upon ________ ________. Answer: sufficient facts or data Diff: 3 Learning Obj.: 5 84) Financial statement fraud is the ________ ________ of any information included as part of a financial statement or report. Answer: intentional misrepresentation Diff: 2 Learning Obj.: 6 85) Roughly half of all financial statement frauds involve overstating ________. Answer: revenue Diff: 2 Learning Obj.: 6 86) Information security management systems (ISMS) have which of the following objectives? A) Confidentiality B) Integrity C) Availability D) All of the above are correct. Answer: D Diff: 2 Learning Obj.: 1

87) A well-known standard for information security management systems development is A) SOX. B) ISO 27000. C) COBIT. D) both B and C Answer: D Diff: 1 Learning Obj.: 1 88) An example of fraud indicators is A) mismatch in an inventory count. B) a cash register that doesn't balance. C) a suspicious invoice. D) All of the above are correct. Answer: D Diff: 1 Learning Obj.: 1 89) The method used to exploit an interesting pattern relating to the first digit of numbers appearing in a random data set is called A) the Benford analysis. B) the regression analysis. C) the vulnerability analysis. D) the pattern analysis. Answer: A Diff: 2 Learning Obj.: 1 90) Type 1 errors occur when A) a fraud indicator fails to signal fraud. B) a fraud indicator falsely signals fraud. C) a fraud indicator turns out not to be a fraud indicator. D) all of the above Answer: B Diff: 3 Learning Obj.: 1 91) Type 2 errors occur when A) a fraud indicator fails to signal fraud. B) a fraud indicator falsely signals fraud. C) a fraud indicator turns out not to be a fraud indicator. D) all of the above Answer: A Diff: 2 Learning Obj.: 1

92) Total fraud costs are computed by adding A) costs of prevention and costs of investigations. B) costs of prevention, costs of investigations, and costs of detections. C) costs of prevention, costs of investigations, costs of detections, and costs of losses. D) costs of prevention, costs of investigations, costs of detections, costs of losses, and costs of reputations. Answer: C Diff: 2 Learning Obj.: 1 93) Which of the following is part of the fraud investigation process? A) Conducting the initial notifications and evaluation B) Considering legal issues C) Defining the scope, objectives, and costs of the investigation D) Engaging a fraud indicator Answer: D Diff: 2 Learning Obj.: 1 94) In many fraud cases, the best approach is to A) immediately stop a recurring fraud. B) allow the fraud to continue. C) hire forensic specialists. D) both A and B Answer: D Diff: 2 Learning Obj.: 1 95) Evidence may include A) tangible objects. B) documents. C) testimony. D) all of the above Answer: D Diff: 2 Learning Obj.: 2 96) Physical and document evidence include A) fingerprints. B) trace evidence. C) forged document. D) all of the above Answer: D Diff: 1 Learning Obj.: 2

97) A signed confession is A) a court-admissible evidence. B) protected under the umbrella of attorney-client privilege. C) a physical evidence. D) not admissible in court. Answer: A Diff: 2 Learning Obj.: 2 98) Evidence is collected in the following order: A) Observations, physical and document evidence, and interviews. B) Observations, interviews, and physical and document evidence. C) Physical and document evidence, observations, and interviews. D) Physical and document evidence, interviews, and observations. Answer: C Diff: 2 Learning Obj.: 2 99) An order from a government agency or officer of a court that compels the recipient, under penalty, to produce physical evidence, documents, or testimony is called A) a search warrant. B) a subpoena. C) a notification. D) an interview. Answer: B Diff: 1 Learning Obj.: 2 100) Working with numbers in accounts and following them backward to the source document is known as A) tracing. B) vouching. C) rediscovery. D) approximation. Answer: B Diff: 2 Learning Obj.: 2 101) In law enforcement circles, surreptitious observation is called A) clandestine observation. B) invigilation. C) surveillance. D) all of the above Answer: C Diff: 2 Learning Obj.: 2 14 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

102) Calibration is the process of carefully observing a suspect's behavior A) during introductory questioning. B) throughout the entire questioning. C) after questioning. D) all of the above Answer: A Diff: 2 Learning Obj.: 3 103) After the informational questioning, which type of questions will the interviewer ask the suspect as a means to assess his or her honesty? A) Concluding questions B) Assessment questions C) Admission seeking questions D) None of these answers are correct. Answer: B Diff: 2 Learning Obj.: 3 104) After the introductory and informational questions, non-suspects will be presented with A) additional informational questions. B) admission seeking questions. C) assessment questions. D) concluding questions. Answer: D Diff: 2 Learning Obj.: 3 105) After the introductory and informational questions, suspects will be presented with A) additional informational questions. B) admission seeking questions. C) assessment questions. D) concluding questions. Answer: B Diff: 2 Learning Obj.: 3 106) Individuals who respond more to audio stimuli typically A) look down and to the left when recalling information. B) look up and to the left when recalling information. C) look down and to the right when recalling information. D) look up and to the right when recalling information. Answer: A Diff: 3 Learning Obj.: 3

107) How many written confessions should be prepared if the suspect has committed five crimes? A) One B) Three C) Five D) It depends on the crime committed. Answer: C Diff: 1 Learning Obj.: 4 108) Discovery is the process in which A) opposing parties cannot require each other and relevant parties to produce out-of-court evidence. B) opposing parties can prohibit each other and relevant parties to produce out-of-court evidence. C) opposing parties can require each other and relevant parties to reproduce previously courtadmissible evidence. D) opposing parties can require each other and relevant parties to produce out-of-court evidence. Answer: D Diff: 2 Learning Obj.: 5 109) Rule 702 permits those qualified as experts to present expert testimony in court if A) the testimony is based upon sufficient facts or data. B) the testimony is the product of reliable principles and methods. C) the witness has applied the principles and methods reliably to the facts of the case. D) all of the above Answer: D Diff: 2 Learning Obj.: 5 110) Financial statement fraud differs from earnings management in terms of A) legality. B) terminology. C) procedures. D) the parties involved. Answer: A Diff: 2 Learning Obj.: 6 111) Example of financial statement fraud red flags include A) weak internal control. B) inadequate personnel-related practices. C) irregular accounting practices. D) all of the above Answer: D Diff: 2 Learning Obj.: 6 16 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

112) A company may overstate its reported assets by A) avoiding depreciation. B) inflating asset valuations. C) understating bad-debt allowances. D) all of the above Answer: D Diff: 2 Learning Obj.: 6 113) Which of the following is an example of revenue cycle fraud? A) Earnings management B) Writing off large depreciable or amortizable assets C) Pocketing cash but not recording its collection D) all of the above Answer: C Diff: 2 Learning Obj.: 7 114) Which of the following best describe the fraud scheme that involves removing cash from the cash register and replacing it with bogus checks? A) Sales skimming B) Robbing the cash register C) Swapping checks for cash D) Shortchanging the customer Answer: C Diff: 2 Learning Obj.: 7 115) Which of the following best describes the fraud scheme that involves an employee pocketing cash but not recording its collection? A) Sales skimming B) Robbing the cash register C) Swapping checks for cash D) Shortchanging the customer Answer: A Diff: 2 Learning Obj.: 7 116) Which of the following procedures would deter the lapping of accounts receivable? A) Segregation of accounting duties B) Training cashiers to follow strict procedures for making change C) Performing reconciliations on a register-by-register basis and separately for each cashier shift D) Limiting employee after-hours access to company resources Answer: A Diff: 2 Learning Obj.: 7 17 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

117) The fraud scheme that involves using a stolen customer check to make a payment on account is called A) stealing cash in transmission. B) shorting bank deposits. C) lapping of accounts receivable. D) check laundering. Answer: D Diff: 2 Learning Obj.: 7 118) Bid rigging frauds is an example of A) revenue cycle fraud. B) account receivable fraud. C) expenditure cycle fraud. D) fraudulent financial reporting. Answer: C Diff: 2 Learning Obj.: 7 119) Which of the following procedures can be used to detect "phantom" employees? A) Maintaining personnel files in an independent personnel department B) Requiring management and personnel review and approval for all personnel-related activities C) Implementing a multi-review and approval process within the purchasing department D) both A and B Answer: D Diff: 1 Learning Obj.: 7 120) An imprest fund accounting system can be used to minimize A) theft of petty cash. B) fraudulent financial reporting. C) theft of company checks. D) fraudulent returns. Answer: A Diff: 2 Learning Obj.: 7 121) The primary objectives of computer forensics include studying computers and computer networks in order to A) identify perpetrators of crimes or undesirable behavior. B) locate existing data. C) deconstruct databases D) identify alternate site centers. Answer: A Diff: 2 Learning Obj.: 8 18 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

122) Content analysis involves the process of A) comparing the content of computer files in order to determine any differences between them. B) determining the content of files and electronic communications. C) locating and extracting data of interest from computer-storage devices. D) converting data from one format to another. Answer: B Diff: 2 Learning Obj.: 8 123) Comparison analysis involves the process of A) comparing the content of computer files in order to determine any differences between them. B) determining the content of files and electronic communications. C) locating and extracting data of interest from computer-storage devices. D) converting data from one format to another. Answer: A Diff: 2 Learning Obj.: 8 124) One of the major disadvantages to pulling the plug is that A) it is ineffective. B) it is inefficient. C) it leads to the loss of the computer's volatile memory. D) none of the above Answer: C Diff: 1 Learning Obj.: 8 125) ________ is the only IP that is visible on the Internet. A) LAN IP B) WAN IP C) Dynamic IP D) ISP IP Answer: B Diff: 3 Learning Obj.: 8 126) Hackers can hide their real IP addresses by using A) LAN IP. B) WAN IP. C) proxy server chains. D) ISP IP. Answer: C Diff: 2 Learning Obj.: 8

127) At the conclusion of an investigation, the investigator prepares a report that would typically contain A) concluding comments indicating a suspect's guilt. B) the scope and objectives of the investigation. C) privileged attorney-client comments. D) all of the above Answer: B Diff: 3 Learning Obj.: 3 128) Presented below is a list of terms relating to the different types of evidence and the evidence collection process, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Observation ________ 2. Invigilation ________ 3. Surveillance ________ 4. Document examiners ________ 5. Search warrant ________ 6. Subpoena ________ 7. Predication ________ 8. Tracing ________ 9. Questioned document ________ 10. Vouching A. A widely accepted principle that requires that investigations be started or continued only when there is a reasonable basis to do so B. Following a source document that evidences a transaction through the entire accounting cycle C. The use of the senses to assess the behavior of persons and other activities such as business processes D. A court order that authorizes law enforcement to search for and seize evidence E. Surreptitious observation F. Document evidence whose authenticity or authorship is in question G. An order from a government agency or officer of a court that compels the recipient, under penalty, to produce physical evidence, documents, or testimony H. People who specialize in analyzing questioned documents I. Selecting numbers in accounts and following them backward in the accounting cycle to the source documents J. An observation technique that involves observing a suspect's behavior before, during, and after an announced investigation Answer: 1. C, 2. J, 3. E, 4. H, 5. D, 6. G, 7. A, 8. B, 9. F, 10. I Diff: 2 Learning Obj.: 2

129) Presented below is a list of terms relating to fraud schemes, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Sales skimming ________ 2. Bid rigging frauds ________ 3. Payroll fraud ________ 4. Fraudulent cost-plus billing ________ 5. Swapping checks for cash ________ 6. Short shipments ________ 7. Shortchanging the customer ________ 8. Check washing ________ 9. Kickback frauds ________ 10. Robbing the cash register A. Involves removing cash from the cash register and replacing it with bogus checks B. Scheme that typically involves an employee pocketing cash but not recording its collection C. The involvement of using chemicals to remove a check's payment details and then adding new details for the payee, date, or amount of payment D. In situations where cash register receipts are not reconciled with sales receipts per each individual cash register, the employee is free to rob the cash register with impunity E. A dishonest purchasing agent might purchase from a friend or relative even though to do so is not in the best interest of the company F. A fraud scheme in which a cashier uses distraction or deception in order to pocket part of the change due to the customer G. Vendors bill customers for the vendor's costs plus a fictitious markup H. A dishonest purchasing agent might accept secret payments or favors in exchange for favoring a particular vendor I. Involves improper hiring, improper changes to employee personnel files and pay rates, and improper work-related reporting J. Vendors ship fewer than the ordered amount of goods but bill for the amount ordered Answer: 1. B, 2. E, 3. I, 4. G, 5. A, 6. J, 7. F, 8. C, 9. H, 10. D Diff: 2 Learning Obj.: 7

130) Describe the similarities and differences between financial statement fraud and financial statement manipulation. Answer: Suggested answer: Both financial statement fraud and earnings management are considered by many as unethical. The primary difference between the two is that financial statement fraud is the intentional misrepresentation, either by commission or omission, of any information included as part of a financial statement or report. It is also illegal. Financial statement manipulation is allowed and is justified by GAAP. Diff: 2 Learning Obj.: 6 131) Describe procedures or activities that a company can implement to minimize financial statement fraud. Answer: Suggested answer: A company should consider implementing good internal control and information security. Additionally, the company should invest in good corporate governance. The audit committee should be composed of individuals who are committed to actively supervise and be in communication with the company's internal auditors as well as working closely with its external auditors. The external auditors should be independent of the company and its top management including the board of directors. The company CEO and CFO should take seriously the company's internal control processes. Diff: 2 Learning Obj.: 6 132) You have been hired by your client to investigate an alleged fraud case. Due to the complex nature of your client's transactions, you determined that it is necessary for you to obtain expert opinions and analyses to aid your investigation. Required: a. Identify the qualifications that your expert will need to possess in order to serve as your expert consultant. b. Describe the conditions under which your expert will be permitted to testify based on Rule 702. Answer: a. Your expert must have such things as degrees, certifications, publications, training, and experience to demonstrate he or she has the necessary qualifications to serve as an expert consultant. b. According to Rule 702, your expert would be permitted to testify if he or she satisfied the following conditions: 1) the testimony is based upon sufficient facts or data; 2) the testimony is the product of reliable principles and methods; and 3) the witness has applied the principles and methods reliably to the facts of the case. Diff: 2 Learning Obj.: 5 22 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 6 Information Systems Security 1) An information security system has the basic elements of any information system: hardware, software, databases, procedures, and reports. Answer: TRUE Diff: 1 Learning Obj.: 1 2) The objective of the first phase of the security system life cycle is to design risk control measures such as various security measures and contingency plans. Answer: FALSE Diff: 2 Learning Obj.: 1 3) One of the duties of the CSO is to present reports to the board of directors for approval. Answer: TRUE Diff: 1 Learning Obj.: 1 4) The CSO should report directly to the president of the organization. Answer: FALSE Diff: 1 Learning Obj.: 1 5) Using the qualitative approach to risk assessment, each loss exposure is computed as the product of the cost of an individual loss times the likelihood of its occurrence. Answer: FALSE Diff: 2 Learning Obj.: 1 6) An information security threat is a potential exploitation of a vulnerability. Answer: TRUE Diff: 2 Learning Obj.: 1 7) Computer security and information security mean the same thing. Answer: FALSE Diff: 2 Learning Obj.: 1 8) Information security is broader in concept than computer security and deals with all information, not just computerized information. Answer: TRUE Diff: 2 Learning Obj.: 1 1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

9) Information security management system is an internal control process and manages risk. Answer: TRUE Diff: 2 Learning Obj.: 1 10) The ERM process is part of the information security management system. Answer: FALSE Diff: 2 Learning Obj.: 1 11) ISO 27000 family of standards defines standards for building, operating, and maintaining ISMSs. Answer: TRUE Diff: 2 Learning Obj.: 1 12) ISO27001 includes 132 general security controls, organized under 11 topics and further broken down into over 5000 detailed controls. Answer: FALSE Diff: 2 Learning Obj.: 1 13) Passive threats include information systems fraud and computer sabotage. Answer: FALSE Diff: 2 Learning Obj.: 2 14) System faults represent component equipment failures such as disk failures and power outages. Answer: TRUE Diff: 2 Learning Obj.: 2 15) All hackers are malicious. Answer: FALSE Diff: 2 Learning Obj.: 2 16) White hat hackers legitimately probe systems for weaknesses in order to help with security control procedures. Answer: TRUE Diff: 2 Learning Obj.: 2

17) Black hat hackers formally probe systems for legitimate purposes in order to help with security control procedures. Answer: FALSE Diff: 2 Learning Obj.: 2 18) Social engineering is a form of manipulation of people in order to trick them into divulging privileged information. Answer: TRUE Diff: 2 Learning Obj.: 2 19) Pretexting and phishing are forms of social engineering. Answer: TRUE Diff: 2 Learning Obj.: 2 20) Malware is short for malicious hardware that compromises the security of the victim's computer. Answer: FALSE Diff: 2 Learning Obj.: 2 21) Malware can be hidden in email, downloaded software, disk or Web browser. Answer: TRUE Diff: 2 Learning Obj.: 2 22) Hacker methods include social engineering, direct observation, electronic interception, and exploits. Answer: TRUE Diff: 2 Learning Obj.: 2 23) Direct observation includes shoulder surfing and piggybacking. Answer: FALSE Diff: 2 Learning Obj.: 2 24) Direct observation includes shoulder surfing and dumpster diving. Answer: TRUE Diff: 2 Learning Obj.: 2

25) In general, vulnerabilities arise from improperly installed or configured software and from unforeseen defects or deficiencies in the software. Answer: TRUE Diff: 2 Learning Obj.: 2 26) Three major groups of individuals that may attack information systems include information personnel, users, and employees. Answer: FALSE Diff: 2 Learning Obj.: 2 27) Three major groups of individuals that may attack information systems include information personnel, users, and hackers. Answer: TRUE Diff: 2 Learning Obj.: 2 28) Virtualization involves running multiple operating systems, or multiple copies of the same operating system, all on the same machine. Answer: TRUE Diff: 2 Learning Obj.: 3 29) Using cloud-based services and data storage is referred to as cloud computing. Answer: TRUE Diff: 2 Learning Obj.: 4 30) Business continuity planning and disaster recovery, in general, mean the same thing. Answer: TRUE Diff: 2 Learning Obj.: 4 31) In the health insurance sector, the Gramm-Leach-Bliley Act, requires federal agencies that oversee the health insurance sector to implement regulatory standards aimed at protecting the security of critical information resources. Answer: FALSE Diff: 2 Learning Obj.: 4 32) GASB statement #34 requires utility companies to maintain business continuity plans. Answer: TRUE Diff: 2 Learning Obj.: 4

33) Criminal Code 301.2(1) makes it a federal crime in the United States to knowingly and with intent fraudulently gain unauthorized access to data stored in financial institution computers. Answer: FALSE Diff: 3 Learning Obj.: 1 34) Intruders who attack information systems for fun and challenge are known as hackers. Answer: TRUE Diff: 2 Learning Obj.: 2 35) Input manipulation is the least-used method in most cases of computer fraud. Answer: FALSE Diff: 1 Learning Obj.: 2 36) A serious business problem today is the theft of data. Answer: TRUE Diff: 1 Learning Obj.: 2 37) A trapdoor is a portion of a computer program that, upon detecting an intruder, "traps" the intruder by activating a firewall to prevent unauthorized access to critical data. Answer: FALSE Diff: 2 Learning Obj.: 2 38) Logic bombs are dormant pieces of code placed in programs for activation at a later date by a specific event. Answer: TRUE Diff: 2 Learning Obj.: 2 39) A worm is any type of Trojan that silently spreads from one computer to another over a network, without the intervention of any individual or server. Answer: TRUE Diff: 2 Learning Obj.: 2 40) Implementing security measures and contingency plans help to control computer information threats. Answer: TRUE Diff: 1 Learning Obj.: 3

41) In a denial of service attack, an intruder is denied access to an organization's Web site after the intruder attempts to break through its firewalls and proxy server countermeasures. Answer: FALSE Diff: 2 Learning Obj.: 2 42) In most organizations, accounting, computing, and data processing are all organized under the controller. Answer: FALSE Diff: 2 Learning Obj.: 3 43) Employees should be laid off or terminated with the greatest care because terminated employees account for a significant portion of all sabotage incidents. Answer: TRUE Diff: 2 Learning Obj.: 3 44) With today's excellent computer security software, it is no longer necessary to physically separate unauthorized individuals from computer resources. Answer: FALSE Diff: 1 Learning Obj.: 3 45) Software should not be installed on any computer without prior approval of security. Answer: TRUE Diff: 1 Learning Obj.: 3 46) System-access controls prevent unauthorized individuals from physically accessing computer resources. Answer: FALSE Diff: 2 Learning Obj.: 3 47) The ideal password should consist of easy-to-remember names such as banana, kitty, IBM, password, or Friday. Answer: FALSE Diff: 1 Learning Obj.: 3 48) No password system is of much value unless the passwords themselves are protected. Answer: TRUE Diff: 2 Learning Obj.: 3

49) A program kept in a locked file is one which can be run but not looked at (i.e., code) or altered in anyway. Answer: TRUE Diff: 2 Learning Obj.: 3 50) Fault tolerance can be applied at any of three levels: input, processing, or output. Answer: FALSE Diff: 2 Learning Obj.: 3 51) An incremental backup backs up all files whose archive bit is set to 0 before termination of the session. Answer: FALSE Diff: 2 Learning Obj.: 3 52) The problem with Web server attacks is that the Web server is essentially an extension of the operating system. Answer: TRUE Diff: 2 Learning Obj.: 3 53) Studies have shown that 45% of all disasters are due to human error. Answer: FALSE Diff: 2 Learning Obj.: 4 54) Escalation procedures state the conditions under which a disaster should be declared, who should declare it, and whom that person should notify when executing the declaration. Answer: TRUE Diff: 2 Learning Obj.: 4 55) The information security management system is an organizational ________ ________ ________ that controls special risks associated with computer-based information systems. Answer: internal control process Diff: 1 Learning Obj.: 4 56) The method of risk assessment for computer systems where system vulnerabilities and threats are listed and subjectively ranked is known as the ________ approach. Answer: qualitative Diff: 2 Learning Obj.: 4

57) The Treadway Commission has linked ________ ________ to computer crime. Answer: management fraud Diff: 2 Learning Obj.: 1 58) The most sophisticated type of wire tapping is called ________. Answer: piggybacking Diff: 2 Learning Obj.: 2 59) The least common method used to commit computer fraud is ________ ________. Answer: program alteration Diff: 2 Learning Obj.: 2 60) A defrauder may use ________ to cover up ________. Answer: sabotage; fraud Diff: 3 Learning Obj.: 2 61) In computer environments, ________ control is especially important as there is often a tendency to either overspend or spend on the wrong things. Answer: budgetary Diff: 2 Learning Obj.: 3 62) ________ authentication systems identify individuals based on their fingerprints, hand sizes, retina patterns, or voice patterns. Answer: Biometric Diff: 2 Learning Obj.: 3 63) The distribution of ________ should be controlled by a formal, secure delivery system. Answer: output Diff: 2 Learning Obj.: 3 64) A security system where the user enters an identification number and the system responds with a sign (i.e., code word) is known as a(n) ________ system. Answer: sign-countersign Diff: 2 Learning Obj.: 3

65) ________ can be digitally signed in the same way that electronic messages are signed to authenticate the identity of the source of the program. Answer: Programs Diff: 2 Learning Obj.: 3 66) Backing up files is not the same thing as ________ them. Answer: archiving Diff: 1 Learning Obj.: 3 67) A weakness in the ________ system is also likely to create a related weakness in ________ server security. Answer: operating; Web Diff: 2 Learning Obj.: 3 68) The best security ________ will not help if the system ________ do not enforce the policies. Answer: software; administrators Diff: 2 Learning Obj.: 3 69) An alternate site that contains the wiring, equipment, and very up-to-date back-up data and software is a(n) ________ site. Answer: flying-start Diff: 2 Learning Obj.: 4 70) The three objectives of information security are ________, ________, and ________. Answer: confidentiality, integrity, availability Diff: 2 Learning Obj.: 1 71) Information security management system is an internal control process and manages ________. Answer: risk Diff: 2 Learning Obj.: 1 72) Information security management system is part of the larger ________ risk management process. Answer: enterprise Diff: 2 Learning Obj.: 1

73) Instead of using the terms systems analysis, design, implementation, operation, evaluation, and control, ISO 27001 uses the terms ________, ________, ________, and ________. Answer: planning, doing, checking, acting Diff: 2 Learning Obj.: 1 74) ________ ________ involves manipulating victims in order to trick them into divulging privileged information. Answer: Social engineering Diff: 2 Learning Obj.: 2 75) ________ is a form of social engineering in which one impersonates another typically in a phone call or electronic communication. Answer: Pretexting Diff: 2 Learning Obj.: 2 76) ________ is a form of social engineering which is aimed directly at tricking victims into giving information, money, or other valuable assets to perpetrators. Answer: Phishing Diff: 2 Learning Obj.: 2 77) ________ ________ includes unnoticed intruders, wiretrappers, piggybackers, impersonating intruders, and eavesdroppers. Answer: Direct observation Diff: 2 Learning Obj.: 2 78) A(n) ________ cell phone is an exact and illegitimate copy of another cell phone, including a copy of the internal SIM in order to intercept text and voice messages. Answer: cloned Diff: 2 Learning Obj.: 2 79) In general, ________ arise from improperly installed or configured software and from unforeseen defects or deficiencies in the software. Answer: vulnerabilities Diff: 2 Learning Obj.: 2 80) ________ is the best defense against electronic interception. Answer: Encryption Diff: 2 Learning Obj.: 2 10 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

81) Most financial institutions use ________ ________ layer encryption to communicate with their clients through Web browsers. Answer: secure socket Diff: 2 Learning Obj.: 2 82) ________ involves running multiple operating systems or multiple copies of the same operating system on the same machine. Answer: Virtualization Diff: 2 Learning Obj.: 3 83) In virtualization, the individual operating system instances run under the control of a "master program" called a(n) ________. Answer: hypervisor Diff: 2 Learning Obj.: 3 84) Within the health-care sector the ________ ________ Portability and Accountability Act requires that health-care providers, insurance companies, and payment clearinghouses adopt standardized processes for electronic payments and claims. Answer: Health Insurance Diff: 2 Learning Obj.: 4 85) GASB statement number ________ requires utility companies to maintain business continuity plans. Answer: 34 Diff: 2 Learning Obj.: 4 86) A significant benefit of the quantitative approach to risk assessment is that A) often the most likely threat to occur is not the one with the largest exposure. B) the relevant cost of the loss's occurrence is an estimate. C) the likelihood of a given failure requires predicting the future. D) the approach estimates the costs and benefits to the perpetrators of attacks. Answer: A Diff: 2 Learning Obj.: 1

87) When the qualitative approach to risk assessment is used, costs might be estimated using A) replacement costs. B) service denial costs. C) business interruption costs. D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 1 88) An extremely risk-seeking perpetrator A) will offer his or her services to the "highest bidder." B) will take very large risks for a small reward. C) is almost always a terminated employee of the organization he or she attacks. D) will take small risks for small rewards. Answer: B Diff: 1 Learning Obj.: 1 89) A weakness in an information security system is A) a threat. B) computer sabotage. C) a vulnerability. D) a system fault. Answer: C Diff: 2 Learning Obj.: 1 90) Information security is an international problem. Which countries below have set criminal penalties of up to 10 years for fraudulent use of computer services or the intentional changing of a data processing record with the intent of enrichment? A) Canada and Finland B) Switzerland and Canada C) Denmark and Finland D) France and Germany Answer: B Diff: 3 Learning Obj.: 1 91) Which group of people listed below would not pose a high degree of threat to an organization's information system? A) Systems personnel B) Users C) Intruders D) External auditors Answer: D Diff: 2 Learning Obj.: 1 12 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

92) Which individual listed below is placed in a position of great trust, normally having access to security secrets, files and programs? A) Systems supervisor B) Programmer C) Computer maintenance person D) Data control clerk Answer: A Diff: 2 Learning Obj.: 1 93) An intruder who intercepts legitimate information and replaces it with fraudulent information is known as a A) hacker. B) wiretapper. C) piggybacker. D) spy. Answer: C Diff: 2 Learning Obj.: 2 94) The method used in most cases of computer fraud is A) program alteration. B) input manipulation. C) data theft. D) sabotage. Answer: B Diff: 2 Learning Obj.: 2 95) A defrauder substitutes his own version of a company's master file for the real one. This method of computer fraud is known as A) direct file alteration. B) data theft. C) misappropriation of information resources. D) Answers B and C above are both correct. Answer: A Diff: 1 Learning Obj.: 2

96) Sometimes computer programs are used to commit acts of sabotage. A destructive program masquerading as a legitimate one is called a A) logic bomb. B) worm. C) virus. D) Trojan horse. Answer: D Diff: 2 Learning Obj.: 2 97) Sometimes computer programs are used to commit acts of sabotage. A computer program that actually grows in size as it infects more and more computers in a network is known as a A) Trojan horse. B) logic bomb. C) virus. D) worm. Answer: D Diff: 2 Learning Obj.: 2 98) In an information security system, security measures focus on A) correcting the effects of threats. B) preventing and detecting threats. C) management philosophy and operating style. D) the internal audit function. Answer: B Diff: 1 Learning Obj.: 2 99) A form of sabotage in which very large numbers of requests flood a Web server within a short time interval is known as a A) denial of service attack. B) logic bomb. C) macro virus. D) grid overload. Answer: A Diff: 2 Learning Obj.: 2

100) The most important personnel policy and practice regarding information systems security is that A) there should be adequate supervision of personnel at all times. B) employees should be required to rotate jobs. C) the duties of computer users and computer systems personnel should be segregated. D) employees should be required to take vacations. Answer: C Diff: 2 Learning Obj.: 3 101) The primary way to prevent active threats concerning fraud and sabotage is to implement successive layers of access controls. The second step behind the layered approach to access control is to A) prevent unauthorized access to both data and program files. B) physically separate unauthorized individuals from computer resources. C) classify all data and equipment according to their importance and vulnerability. D) keep unauthorized users from using the system. Answer: D Diff: 2 Learning Obj.: 3 102) The primary way to prevent active threats concerning fraud and sabotage is to implement successive layers of access controls. Withholding administrative rights from individual PC users is an example of a A) file access control. B) system access control. C) site access control. D) None of these answers are correct. Answer: B Diff: 2 Learning Obj.: 3 103) The primary way to prevent active threats concerning fraud and sabotage is to implement successive layers of access controls. Such an approach involves erecting multiple layers of controls that separate the would-be perpetrator from his or her potential targets. One file-access control system that will prevent unauthorized access is (are) A) a password management system. B) biometric hardware authentication. C) locked files. D) a firewall. Answer: C Diff: 1 Learning Obj.: 3

104) Controls can be designed to provide a defense from both active and passive threats. An example of a passive threat is A) a rolling blackout. B) a Trojan horse. C) an unhappy employee. D) a password which has been compromised. Answer: A Diff: 1 Learning Obj.: 3 105) What is an example of fault tolerance applied at the transaction level? A) Consensus-based protocols B) Read-after-write checks C) Database shadowing D) Flagging Answer: C Diff: 2 Learning Obj.: 3 106) Disk shadowing is an example of a fault tolerance applied at what level? A) Network communications B) DASD C) Transaction D) CPU processor Answer: B Diff: 2 Learning Obj.: 3 107) An example of a fault tolerance at the network communications level is A) a watchdog processor. B) disk mirroring. C) rollback processing. D) an uninterruptable power supply. Answer: A Diff: 2 Learning Obj.: 3 108) Since many personal computer users do not properly back up their files, a system that centralizes the backup process is essential. A backup of all files on a given disk is known as a(n) A) full backup. B) differential backup. C) incremental backup. D) emergency backup. Answer: A Diff: 2 Learning Obj.: 3 16 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

109) The type of backup which avoids the problems which arise from restoring incremental backups is a(n) A) full backup. B) partial backup. C) archive restoration. D) differential backup. Answer: D Diff: 2 Learning Obj.: 3 110) One Internet security problem arises from configuration problems in the area of configuring permissions for directories. This is an example of A) an operating system vulnerability. B) a Web server vulnerability. C) a private network vulnerability. D) server program vulnerability. Answer: B Diff: 2 Learning Obj.: 3 111) A Trojan horse program placed on one computer with the objective of attacking another computer is an example of which Internet security vulnerability? A) A Web server and its configuration B) An operating system and its configuration C) A private network and its configuration D) A general security procedure Answer: C Diff: 2 Learning Obj.: 3 112) The primary way to prevent active threats concerning fraud and sabotage is to implement successive layers of access controls. However, the widespread adoption and use of the Internet has made it impossible to completely implement which layer of the layered-access approach to security? A) Site-access B) System-access C) File-access D) None of these answers is correct. Answer: A Diff: 2 Learning Obj.: 3

113) The best general security procedure is A) to use advanced information security system software. B) for system administrators to enforce system security policies that already exist. C) to isolate computer facilities from the rest of the company. D) to eliminate access privileges to all remote users. Answer: B Diff: 2 Learning Obj.: 3 114) General security procedures are essential in Internet security. One especially important weakness that hackers may attempt to exploit in this area is to A) guess at passwords. B) rewrite computer source code. C) alter log files to "cover their tracks." D) steal the hard drives of personal computers used as Web servers. Answer: C Diff: 2 Learning Obj.: 3 115) Which item listed below is a weakness of using a firewall for Internet security? A) IP addresses can be spoofed. B) Firewalls can block incoming access on computer networks. C) Firewalls can block outgoing access on computer networks. D) Firewalls can be set to only allow limited outgoing access to particular programs or servers. Answer: A Diff: 2 Learning Obj.: 3 116) Disaster risk management is concerned with A) the prevention of disasters. B) the layered-access approach to security. C) contingency planning. D) Answers A and C are both correct. Answer: D Diff: 2 Learning Obj.: 4 117) The first step in managing disaster risk is A) to obtain business interruption insurance. B) disaster prevention. C) contingency planning. D) to analyze and list recovery priorities. Answer: B Diff: 2 Learning Obj.: 4

118) Which of the following causes of disasters occurs less than any other cause? A) Natural disasters B) Human errors C) Deliberate actions D) Passive threats Answer: B Diff: 1 Learning Obj.: 4 119) A disaster recovery plan should include A) a list of priorities for recovery. B) an evaluation of a company's needs in the event of a disaster. C) a set of recovery strategies and procedures. D) All of these answers are correct. Answer: D Diff: 2 Learning Obj.: 4 120) One recovery strategy in the event of a disaster is an alternative processing arrangement. An arrangement between two companies in which each company agrees to help the other if the need arises is a(n) A) commercial vendor arrangement. B) computer service bureau agreement. C) shared contingency arrangement. D) alternate site center. Answer: C Diff: 2 Learning Obj.: 4 121) A company which specializes in processing the data of other companies, but not its own, is a(n) A) computer service bureau. B) commercial vendor of disaster services. C) emergency response center. D) flying-start site. Answer: A Diff: 2 Learning Obj.: 4 122) The possibility of losing employees to a disaster should be addressed in A) a salvage plan. B) an alternative processing arrangement. C) the personnel replacement plan. D) the personnel relocation plan. Answer: C Diff: 1 Learning Obj.: 4 19 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

123) One recovery strategy in the event of a disaster is an alternative processing arrangement using a backup site. A site which contains the wiring for computers and also having the equipment is a A) cold site. B) hot site. C) flying-start site. D) service bureau. Answer: B Diff: 1 Learning Obj.: 4 124) Which of the following is an ideal password? A) ABC123 B) DOG&bone C) sky&CAT D) 2s&Ytc8x Answer: D Diff: 3 Learning Obj.: 1 125) If users are permitted to choose their own passwords, the best procedure is to A) forbid users from choosing certain "easy-to-guess" passwords. B) forbid users to change their passwords later. C) allow users to choose passwords they can easily remember. D) allow users to choose the appropriate expiration date for their passwords. Answer: A Diff: 2 Learning Obj.: 1 126) A flying-start site A) is the most commonly adopted option for companies with disaster recovery plans. B) usually cannot be made operational within 24 hours. C) involves mirroring of transactions at the primary site, followed by transmission of data to the backup site. D) is arranged through a service bureau. Answer: C Diff: 3 Learning Obj.: 4

127) After a planning committee has been appointed and the support of senior management has been obtained, the first step in designing a disaster recovery plan is A) determining what computer-related resources are critical. B) naming an emergency response team. C) finding a suitable alternative processing site to use in an emergency. D) listing the company's recovery priorities. Answer: A Diff: 2 Learning Obj.: 4 128) Sandra Johnson is her company's chief security officer. She is interested in obtaining fault tolerance at the direct-access storage device level. Which of the following methods would be of most interest to her? A) Rollback processing B) Disk mirroring C) Consensus-based protocols D) Database shadowing Answer: B Diff: 3 Learning Obj.: 3 129) The best way to test the integrity of a computer system is to A) review all system output thoroughly. B) review all system input thoroughly. C) sample the system's actual transactions. D) process hypothetical transactions through the system. Answer: D Diff: 2 Learning Obj.: 2 130) To detect unauthorized direct changes to master files, the auditor traces these changes back to the underlying A) transaction files. B) source documents. C) hypothetical transactions. D) control account balances. Answer: B Diff: 2 Learning Obj.: 2

131) A type of processing that writes a transaction to disk only if it has been completed successfully is A) rollback processing. B) disk mirroring. C) fault-tolerant processing. D) read-after-write checking. Answer: A Diff: 1 Learning Obj.: 3 132) The most basic security procedure in system-access controls is the A) sign-countersign system. B) identification of the user's ID, time, and date of each entry. C) user's responsibility to protect his or her password. D) system's assignment of the user ID and password. Answer: C Diff: 3 Learning Obj.: 3 133) Jennifer Nguyen is interested in archiving several data files. She should A) use a full backup for each file. B) use an incremental backup for each file. C) store the data files on media suitable for long-term storage. D) use a differential backup for each file and restore each file. Answer: C Diff: 3 Learning Obj.: 4 134) The ________ makes it a federal felony for anyone other than law enforcement or intelligence officers to pretext phone records. A) Computer Fraud and Abuse Act of 1986 B) Telephone Records and Privacy Protection Act of 2006 C) Gramm-Leach-Bliley Act D) Health Insurance Portability and Accountability Act Answer: B Diff: 3 Learning Obj.: 2 135) The three objectives of information security include A) confidentiality, integrity, and availability. B) protection, responsibility, and continuity. C) confidentiality, protection, and continuity. D) responsibility, integrity, and availability. Answer: A Diff: 3 Learning Obj.: 1 22 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

136) The information security management system life cycle includes analysis, design, implementation, and A) operation, evaluation, and management. B) operation, evaluation, and control. C) operation, management, and continuity. D) operation, control, and continuity. Answer: B Diff: 3 Learning Obj.: 1 137) Guidelines and standards that are important to Information Security Management Systems include all the following except A) COSO. B) COBIT. C) ERM. D) ISO 27000 series. Answer: C Diff: 2 Learning Obj.: 1 138) The ISO series number that defines a code of best practices for ISMSs is A) 27000. B) 27001. C) 27002. D) 27003. Answer: C Diff: 2 Learning Obj.: 1 139) The ISO series numbers that define implementation, measuring performance, and risk management for ISMSs include A) 27000-27002. B) 27003-27005. C) 27006-27008. D) 27001-27008. Answer: B Diff: 2 Learning Obj.: 1 140) Hackers can be categorized as white, black, or ________ hat hackers. A) gray B) green C) top D) None of these answers is correct. Answer: A Diff: 2 Learning Obj.: 2 23 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

141) Hacker methods include all of the following except A) social engineering. B) direct observation. C) electronic interception. D) continuity prevention. Answer: D Diff: 1 Learning Obj.: 2 142) Examples of social engineering include A) pretexting and phishing. B) pretexting and direct observation. C) phishing and direct observation. D) pretexting, phishing, and direct observation. Answer: A Diff: 2 Learning Obj.: 2 143) Viruses and denial of service attacks are examples of A) electronic interception. B) spyware. C) malware. D) exploits. Answer: C Diff: 2 Learning Obj.: 2 144) The ________ makes it a federal crime, with a mandatory prison sentence, to pretext any kind of information that relates to a relationship between a consumer and a financial institution. A) Computer Fraud and Abuse Act of 1986 B) Telephone Records and Privacy Protection Act of 2006 C) Gramm-Leach-Bliley Act D) Health Insurance Portability and Accountability Act Answer: C Diff: 2 Learning Obj.: 2 145) When a hacker takes advantage of a vulnerability to access the software, hardware, or data in an unauthorized manner a(n) ________ has occurred. A) exploit B) vector C) exposure D) virtualization Answer: A Diff: 2 Learning Obj.: 2 24 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

146) In general, ________ arise from improperly installed or configured software and from unforeseen defects or deficiencies in the software. A) exploits B) virtualizations C) vulnerabilities D) exposures Answer: C Diff: 2 Learning Obj.: 2 147) Sabotage is a(n) ________ threat. A) active B) passive C) direct D) second layer Answer: A Diff: 2 Learning Obj.: 2 148) Input ________ is an example of a system attack method. A) vector B) manipulation C) hacking D) buffer Answer: B Diff: 2 Learning Obj.: 2 149) ________ involves running multiple operating systems, or multiple copies of the same operating system, all on the same machine. A) Hypervisor B) Business continuity planning C) Virtualization D) Subscriber Identity Module (SIM) Answer: C Diff: 2 Learning Obj.: 3 150) All software and data is stored by the SaaS provider in the A) hypervisor. B) cloud. C) stars. D) grid. Answer: B Diff: 2 Learning Obj.: 3 25 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

151) ________ computing involves clusters of interlinked computers that share common workloads. A) Grid B) Cloud C) Networked D) Malware Answer: A Diff: 2 Learning Obj.: 3 152) Which of the following forms of social engineering involves impersonation? A) Contexting B) Phishing C) Hypervising D) Pretexting Answer: D Diff: 2 Learning Obj.: 2 153) Botnets are normally used for which of the following? A) Grid computing B) Denial of service attacks C) Continuity planning D) Cloud computing Answer: B Diff: 2 Learning Obj.: 2 154) Adware is a type of A) virus. B) logic bomb. C) spyware. D) Trojan horse. Answer: C Diff: 2 Learning Obj.: 2 155) On the local workstation, cloud computing A) complicates security considerations. B) simplifies security considerations. C) is not involved with security considerations. D) affects security minimally but still must be considered under ISO 27000. Answer: B Diff: 2 Learning Obj.: 3

156) In the following, which source of information security frameworks or standards targets managers rather than IP professionals? A) COSO B) ISMS C) COBIT D) ISO Answer: A Diff: 2 Learning Obj.: 3 157) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Biometric hardware authentication ________ 2. Archive bit ________ 3. Trapdoor ________ 4. Consensus-based protocol ________ 5. Hacker ________ 6. Fault tolerance ________ 7. Locked files ________ 8. Service bureau ________ 9. System fault A. The concept that if one part of the computer fails, a redundant part is available to take over B. This generally cannot be prevented by appropriate wall shielding C. Systems that automatically identify individuals based on their fingerprints, hand sizes, retina patterns, voice patterns, and other personal features D. This type of system requires an odd number of processors E. A program can be run but not looked at or altered F. A company that provides data processing services to other companies for a fee G. A type of intruder or attacker H. A portion of the computer program that allows someone to access a system while bypassing normal security procedures I. This would include hard disk crashes, power failures, or printer jams J. Commonly used in backup systems to indicate whether a file has been altered Answer: 1. C, 2. J, 3. H, 4. D, 5. G, 6. A, 7. E, 8. F, 9. I Diff: 2 Learning Obj.: 1, 2, 3

158) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Database shadowing ________ 2. Logic bomb ________ 3. Information security system ________ 4. Risk management ________ 5. File-access controls ________ 6. Site-access controls ________ 7. Piracy ________ 8. Incremental backup ________ 9. Piggybacking ________ 10. Risk-seeking perpetrator A. Prevents unauthorized access to both data and program controls B. A duplicate of all transactions is automatically recorded C. All files whose archive bit is set to 1 are backed up D. One who will take risks "just because," without significant monetary gain E. A dormant piece of code placed in a computer program for later activation by a later event F. The copying and distributing of copyrighted software or files without permission G. The process of assessing and controlling computer system risks H. The interception of legitimate information and substitution of fraudulent information in its place I. The subsystem of the organization that controls these risks J. These separate unauthorized individuals from computer resources Answer: 1. B, 2. E, 3. I, 4. G, 5. A, 6. J, 7. F, 8. C, 9. H, 10. D Diff: 2 Learning Obj.: 1, 2, 3

159) Your company has been rapidly growing and increasing in profitability for the past five years. Suddenly, a new, smaller company has appeared, and it seems to have an uncanny ability to win away your previously loyal customers. You know that the owner of the new company is your company's former employee. You suspect the former employee has continued to access your databases. Required: a. Identify and briefly discuss the method that the former employee is likely using to access the system. b. Recommend three controls your company could employ to address this problem. Answer: a. This situation indicates that the former employee is probably engaging in data theft. The new company probably has your company's customer information. If the theft is being perpetrated through the computer, the former employee may be using his or her old user identification and password. Alternatively, the former employee may be using a different current employee's ID and password (perhaps without their knowledge), or simply guessing a password. The former employee may also be using direct file alteration to delete information from customer records. Direct file alteration occurs when an attacker bypasses normal data entry procedures to access a file. It is also possible that the former employee has had physical access to the company's facilities and its customer information. The former employee may be entering the company and using a computer already logged onto the system to steal the information. b. Some suggested corrective and preventive controls are: • Reprogram locks on buildings and rooms containing computer devices or storage media. • Verify that the former employee's user account has been (and still is) terminated and disabled. • Use a password management system to assign new passwords to all current employees. The system should reassign passwords periodically. • Implement and enforce a strict policy regarding passwords: each employee should keep passwords secret; do not give out passwords over the phone; do not allow easily guessed passwords to be used; do not post passwords near computers; do not throw paper containing passwords in the trash. • Review operating system records to find the time, date, and user ID numbers associated with access to customer files. Diff: 2 Learning Obj.: 3

160) You've been hired as the chief security officer of your company. Before long, you learn that one of the operators has been making changes to the accounts receivable database. Upon this discovery, the employee is immediately terminated. Required: List three procedures that you should implement to prevent this problem from happening in the future. Answer: Some preventive measures are: • Management should provide education in security to computer operators and other employees with the objective of creating a security-conscious environment. • Rotate operator shifts so the same operator is not always processing the accounts receivable database. • Require mandatory vacations for operators and all other systems-related personnel having access to sensitive files. Many frauds are disrupted when the perpetrator is away from his or her duties. • Monitor operations via closed-circuit television and videotaping employees at random intervals. • Provide personal supervision when appropriate. • Review master file entries for the user ID and time of all transactions to determine when the operator has accessed the accounts receivable database. Diff: 2 Learning Obj.: 2 161) You are the chief security officer for the Astra Corporation. You have decided that the risk of viruses is too great to allow employees to install and run games on the company's computer system. Required: a. What types of controls are required, and what is the objective of the required controls? b. List three procedures that you can implement to guard against the unauthorized installation of software (and the inadvertent installation of viruses) on company computers. Answer: a. Site-access controls are appropriate. The objective of site-access controls is to physically separate unauthorized individuals and programs from computer viruses. b. Some procedures that will help prevent the installation of unauthorized software are: • Require security authorization for software installed on any computer. • Require all software purchases come through central purchasing and receiving. • Inspect or destroy programs that come to the company from unsolicited sources. • Randomly audit computers to check for any software programs that have not been approved for installation. Diff: 2 Learning Obj.: 2

162) New Millennium Company is concerned about the security of its information system. It hosts a company Web site that is accessible through the Internet. Certain employees can access New Millennium's private network through the Internet as well. Employees can also access the Internet through the private network. The chief security officer for the company is worried about hackers and intruder attacks on both its Web site as well as the private network. Required: a. What Internet-related vulnerabilities may be present in New Millennium's information system? b. What procedures or steps might be implemented to strengthen system security? Answer: a. Since New Millennium's system is accessible via the Internet, vulnerabilities may arise from weaknesses in any of five major areas: • The operating system or its configuration • The Web server or its configuration • The private network or its configuration • Various server programs • Lack of adherence to established general security procedures b. The following procedures may help to strengthen system security: • The chief security officer needs to be aware of advisory bulletins for security updates and new information on configuration issues, and take appropriate action when necessary to secure the operating system. • The company should have in operation a firewall that restricts incoming traffic on network computers. The firewall can also be configured to limit outgoing traffic or block access to certain IP addresses on the Internet. • The company should use a proxy server to monitor and route traffic to and from its private network and restrict access only to authorized users. • All servers should have the latest anti-virus software installed to continually monitor for the possibility of viruses entering into or migrating within the system. • The FTP server should be equipped with the encryption-based software that prevents "clear" transmission of passwords and computer files of a highly sensitive nature. • Web usage and all network traffic should be monitored to ensure that unauthorized activity is not occurring. The chief security officer should hold employee-training sessions on software/hardware security policies and enforce those policies. • Passwords should be routinely changed and employees should not be allowed to choose "easyto-remember" passwords. • The chief security officer should routinely review log files for unusual network traffic and file transfers. Diff: 2 Learning Obj.: 2

163) Describe the similarities and differences between a quantitative and a qualitative approach to computer risk assessment. Answer: Suggested answer: Both the quantitative and qualitative approaches require the company to identify vulnerabilities and threats, consider the monetary losses the company could suffer and the probability that the loss will be realized, and rank the exposures. The primary difference between the two approaches is that the quantitative approach requires that the company quantify both the amount of the loss and the probability of occurrence. The qualitative approach, on the other hand, is based on a subjective, non-quantitative consideration of potential losses and likelihoods, and the resulting ranking of exposures is subjective. Diff: 2 Learning Obj.: 1 164) Give four factors that are important to a company's control environment in the area of computer security, and illustrate each with an example. Answer: Suggested answer: Students might answer as follows (the chapter identifies seven factors, and several examples are given of each; only two examples are listed below): • Management philosophy and operating style Examples: maintaining an overall atmosphere of security consciousness; maintaining high morale and good communication with employees • Organization structure Examples: clearly designating who is responsible for decisions relating to accounting software and accounting procedures; designating one individual to be in charge of the computer security system • Board of directors and its committees Examples: having an audit committee, which appoints or approves the internal auditor(s); having an internal auditor who is knowledgeable about computer security and serves as chief security officer • Management control activities Examples: establishing controls over the use of computer resources; using budgets • Internal audit function Examples: constantly monitoring the system; requiring all modifications to the system to be approved in writing • Personnel policies and practices Examples: separating the duties of users and computer system personnel; separating duties regarding access to key accounting files; job rotation • External influences Examples: providing security measures to ensure that the company complies with laws regarding customer privacy, government-classified records, privacy of employees; having a company policy regarding software piracy by employees Diff: 2 Learning Obj.: 3 32 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

165) When devising its disaster recovery plan, a company should have a detailed set of recovery strategies and procedures. What are five considerations that should be covered by the company's recovery strategies and procedures? Answer: Suggested answer: (Note: The chapter lists seven considerations; the question asks for five.) • An emergency response center (including a director, a response team, and a site) • Escalation procedures • Alternate processing arrangements (sites) • A personnel relocation plan • A personnel replacement plan • A salvage plan • A plan for testing and maintaining the system Diff: 2 Learning Obj.: 4 166) Discuss how U.S. law has addressed the issue of information systems fraud. Answer: Suggested answer: Computer-based crimes such as information systems fraud are part of the general problem of white-collar crime. The United States is now addressing this issue in both federal and state courts. Most states have enacted specific criminal statutes directed against computer crimes. The federal Computer Fraud and Abuse Act of 1986 makes it a federal crime to knowingly and with intent to fraudulently gain unauthorized access to data stored in the computers of financial institutions, computers owned or used by the federal government, or computers operating in interstate commerce. Trafficking in computer access passwords is also illegal under the Act. Violations under the Act are treated as felonies with both monetary damages as well as jail sentences given to anyone convicted under the Act. Diff: 2 Learning Obj.: 1

167) Discuss the information security system life cycle. Answer: Suggested answer: Because the electronic security system is an information system, the life-cycle approach should be used in its development. Such systems are modeled by applying the established methods of system analysis, design, implementation; and operation, evaluation, and control. The objectives of the phases of the life-cycle approach are: • System analysis: Analyze system vulnerabilities in terms of threats and exposures • System design: Design security measures and contingency plans based on the exposures identified in the analysis • System implementation: Implement the security measures as designed • System operation, evaluation, and control: Test the system under normal conditions to assess its effectiveness and efficiency, making any necessary changes The chief security officer should also report on information system security to the company's board of directors on a regular basis. Such reports should cover the four phases of the life-cycle, and include a discussion of loss exposures, plans for exposure management, specifics on security system performance, and a summary of activities including actual losses, security breaches, and the associated costs. Diff: 2 Learning Obj.: 1

168) The main group of international standards for information security is ISO/IEC 27000 series published by the International Organization for Standardization (ISO). ISO/IEC 27002 addresses over 5,000 controls categorized under 12 categories. Discuss 10 of the 12 categories that should be used as a general guide by any company considering information security. Answer: Suggested answer: 1. Risk assessment - threat and vulnerability analysis. 2. Security policies - requires organized security policies. 3. Organization and governance of information security - requires formal organization structure relating to security policies. 4. Asset management - classify information assets as to importance and identify related threats and vulnerabilities. 5. Human resources - issues relating to employees joining, leaving, and transferring within an organization; to employee security training; and to hiring practices. 6. Physical and environmental security - physical protection and physical access restrictions. 7. Communications and operations management - management of technical security controls in systems and networks. 8. Access control - layered approach to access. 9. Information systems acquisition, development ,and maintenance - controls over software purchases and outsourcing, controls over changes, and controls over IT projects. 10. Information security incident management - monitoring, reporting, and responding to security breaches. 11. Business continuity management - implement a complete business continuity management system using the PDCS approach, maintain adequate insurance. 12. Compliance - ensure compliance with relevant laws, regulations, and standards. Diff: 2 Learning Obj.: 1 169) COBIT is a framework that defines a set, or code, of best practices. Discuss the 4 domains within the COBIT standard. Answer: Suggested answer: 1. Plan and organize - focuses on IT organization and how IT can effectively be used in the organization. 2. Acquire and implement - focuses on developing, acquiring, and maintaining IT process. 3. Deliver and support - focuses on delivery, implementation, managing, and configuring IT processes. 4. Monitor and evaluate - focuses on assessing IT processes according to their stated goals and objectives. Diff: 2 Learning Obj.: 3

170) Describe the security advantage of virtualization. Answer: Suggested answer: The security advantage of virtualization is that each operating system instance is isolated from all other operating system instances running on the same computer. This means that each virtual machine has access only to data, software, and memory allocated to it by the hypervisor. The result is that if a hacker compromises one virtual machine he will not have access to the data, software, and memory of other virtual machines running on the same computer. Diff: 2 Learning Obj.: 3

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 7 Electronic Data Processing Systems 1) A sales order is an example of a source document that may be prepared manually. Answer: TRUE Diff: 1 Learning Obj.: 1 2) The absence of control procedures over data transmitted between user departments and the data processing department could represent a serious weakness in the system. Answer: TRUE Diff: 2 Learning Obj.: 1 3) The use of input control documents is not necessary when forwarding data to the data entry group for input into the system. Answer: FALSE Diff: 2 Learning Obj.: 1 4) A batch control form should require the preparer's signature or name. Answer: TRUE Diff: 2 Learning Obj.: 1 5) When key-verification software is used, the software automatically corrects any mismatches to ensure smooth and uninterrupted processing. Answer: FALSE Diff: 2 Learning Obj.: 1 6) Visual verification is another highly effective method used to detect data-entry errors. Answer: FALSE Diff: 2 Learning Obj.: 1 7) Program data editing is often used in place of verification. Answer: FALSE Diff: 2 Learning Obj.: 1 8) Data editing routines may be applied to each of the basic data structures. Answer: TRUE Diff: 2 Learning Obj.: 1

9) An edit program performs a table lookup when it compares the actual value of a field to acceptable values found in a table. Answer: TRUE Diff: 2 Learning Obj.: 1 10) A check digit is a value found in an input field that is visually compared, or "checked." Answer: FALSE Diff: 2 Learning Obj.: 1 11) Accounting data entered into an Accounting Information System must be in the form of debits and credits. Answer: FALSE Diff: 2 Learning Obj.: 1 12) Sophisticated information systems can capture system events and their attributes. Answer: TRUE Diff: 2 Learning Obj.: 1 13) Bar coding is a manual identification technique used in a real-time system. Answer: FALSE Diff: 2 Learning Obj.: 2 14) Bar coding is an automatic identification technique used in a real-time system. Answer: TRUE Diff: 2 Learning Obj.: 2 15) The Internet has enhanced the real-time sales system by extending it to customers who are off-site. Answer: TRUE Diff: 2 Learning Obj.: 2 16) A company can use bar coding technology to achieve maximum benefit without code standardization. Answer: FALSE Diff: 2 Learning Obj.: 2

17) Sending an electronic catalog has the same advantages as sending it in paper form. Answer: FALSE Diff: 3 Learning Obj.: 2 18) A company will often analyze its customers' sales trends and predict future needs. Answer: TRUE Diff: 2 Learning Obj.: 2 19) There are two major EDI phases. Answer: FALSE Diff: 2 Learning Obj.: 2 20) The essential EDI phases include the physical receipt of the order, validation and authentication, and decryption and translation. Answer: TRUE Diff: 2 Learning Obj.: 2 21) A transmission acknowledgment reports in detail the items in the received message. Answer: FALSE Diff: 2 Learning Obj.: 2 22) A functional acknowledgment acknowledges receipt of the message and reports in detail the items in the received message. Answer: TRUE Diff: 2 Learning Obj.: 2 23) An input document control form documents real-time totals of input data transmitted between user departments and the data processing department. Answer: FALSE Diff: 2 Learning Obj.: 1 24) An output distribution register is maintained to control the disposition of reports. Answer: TRUE Diff: 2 Learning Obj.: 1 25) All electronic input systems are referred to as on-line input systems. Answer: TRUE Diff: 1 Learning Obj.: 1 3 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

26) Matching a vendor code to a table file of valid vendor codes is an example of a valid code check. Answer: TRUE Diff: 2 Learning Obj.: 1 27) Using an electronic input system helps ensure the segregation of duties and provides a solid audit trail. Answer: FALSE Diff: 2 Learning Obj.: 1 28) Tagging occurs when additional, audit-oriented information is included with original transaction data. Answer: TRUE Diff: 2 Learning Obj.: 1 29) A common example of an automated identification system is an automated Point-of-Sale system used in most retail, grocery, and discount stores. Answer: TRUE Diff: 1 Learning Obj.: 2 30) All electronic input systems require no human intervention. Answer: FALSE Diff: 1 Learning Obj.: 2 31) Few manual processing systems are batch oriented. Answer: FALSE Diff: 2 Learning Obj.: 2 32) Batch processing is economical when large numbers of transactions must be processed. Answer: TRUE Diff: 2 Learning Obj.: 2 33) Batch processing can only be performed using random-accessed (i.e., direct or indexed) file updating. Answer: FALSE Diff: 2 Learning Obj.: 2

34) A sequentially organized master file commonly resides on a direct-access storage device. Answer: TRUE Diff: 3 Learning Obj.: 2 35) When preparing the transaction file, occasional data editing of source documents prior to input is suggested. Answer: FALSE Diff: 2 Learning Obj.: 2 36) Editing as a function may be placed between the input and process functions in a processing flow diagram. Answer: TRUE Diff: 2 Learning Obj.: 2 37) There are three major aspects to the operation of a computerized general ledger system. Answer: FALSE Diff: 2 Learning Obj.: 3 38) All entries into the general ledger should be documented with journal vouchers. Answer: TRUE Diff: 2 Learning Obj.: 3 39) Line coding is the process that links general ledger accounts and the reports in which they appear. Answer: TRUE Diff: 2 Learning Obj.: 2 40) Line codes should never be stored within the general ledger file itself. Answer: FALSE Diff: 2 Learning Obj.: 2 41) Sequential-access file updating is simpler than random-access file updating. Answer: FALSE Diff: 2 Learning Obj.: 2

42) An accounts receivable control file is a summary of the accounts receivable by type of account, such as "installment" or "net 30 days." Answer: TRUE Diff: 2 Learning Obj.: 2 43) The last step in the cash remittance processing of customer payments by check is to restrictively endorse the checks. Answer: FALSE Diff: 2 Learning Obj.: 3 44) Paid customer invoice records are retained on-line for a year and are available for inquiries. Answer: TRUE Diff: 2 Learning Obj.: 2 45) Comparing the activity file and the bank summary file does not ensure that all cash has been deposited and has been applied and recorded on the activity file. Answer: FALSE Diff: 2 Learning Obj.: 2 46) Using an OLRS, master files are always up-to-date because they are updated as soon as transaction data is input. Answer: TRUE Diff: 2 Learning Obj.: 2 47) Control of transaction process is far less involved in OLRS than it is in batch-oriented systems. Answer: FALSE Diff: 2 Learning Obj.: 2 48) A significant degree of cooperation among trading partners is required to implement realtime sales systems. Answer: TRUE Diff: 2 Learning Obj.: 2 49) Batch-processing systems rely almost exclusively on wands and scanners for UPC bar code recognition. Answer: FALSE Diff: 2 Learning Obj.: 2 6 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

50) Point-of-sale systems provide a variety of timely and detailed reports concerning operations, which is of great benefit to the management of a retail firm. Answer: TRUE Diff: 2 Learning Obj.: 2 51) EDI documents typically contain three control numbers, two at the beginning of the message and one at the end. Answer: FALSE Diff: 3 Learning Obj.: 1 52) Because real-time sales systems pose certain internal control problems, good computer security and careful program data edit checks are essential. Answer: TRUE Diff: 2 Learning Obj.: 1 53) On-line, real-time electronic systems produce significant amounts of output. Answer: FALSE Diff: 1 Learning Obj.: 2 54) The use of ________ control over the entire data processing input-process-output sequence is fundamental to organizational independence. Answer: batch Diff: 2 Learning Obj.: 1 55) The use of programmed edit checks to discriminate among acceptable data is called ________ ________ auditing. Answer: continuous operational Diff: 3 Learning Obj.: 1 56) Using ________ ________ can compensate for the loss of manual internal controls. Answer: transaction logs or transaction registers Diff: 2 Learning Obj.: 1 57) ________ ________ input sales data into the computer system for processing immediately at the time and point of sale. Answer: Point-of-Sale Systems Diff: 2 Learning Obj.: 2

58) Many manual, batch-oriented systems use ________ file processing. Answer: sequential Diff: 2 Learning Obj.: 2 59) Using son-father-grandfather retention, if the old master file is the ________, the backup master file must be the ________. Answer: father; grandfather Diff: 2 Learning Obj.: 1 60) Computer processing of accounting data is typically a(n) ________ procedure. Answer: two-step Diff: 1 Learning Obj.: 3 61) The summary of the current month's general ledger activity is the general ledger by ________. Answer: account Diff: 2 Learning Obj.: 3 62) Each month ________ ________ should be reconciled to reports prepared from the bank summary file. Answer: bank statements Diff: 1 Learning Obj.: 2 63) Users interactively input data in ________ ________ systems. Answer: data entry Diff: 2 Learning Obj.: 1 64) The technologies that make real-time sales systems feasible are the ________ system; bar coding for automatic identification, and the ________ ordering system. Answer: POS; EDI Diff: 2 Learning Obj.: 2 65) The ________ has enhanced the real-time sales system by extending it to customers who are off-site. Answer: Internet Diff: 2 Learning Obj.: 2

66) In a real-time sales system, ________ can be used to transmit retail sales data captured from the retail store to vendors. Answer: EDI Diff: 2 Learning Obj.: 2 67) A group that is often part of the internal audit function that is charged with monitoring EDP operations is the ________ ________ group. Answer: EDP control Diff: 2 Learning Obj.: 3 68) Fundamental controls over data transfer between user departments and data processing include A) batch control totals. B) data transfer registers. C) activity file totals. D) Answers A and B are both correct. Answer: D Diff: 1 Learning Obj.: 1 69) Input data should be accompanied by the completion of a(n) A) data transfer log. B) input document control form. C) data transfer register. D) key verification control procedure. Answer: B Diff: 1 Learning Obj.: 1 70) Errors in the keying operation can be detected using A) a key verification control procedure. B) a data transfer control register. C) program data editing. D) None of these is correct. Answer: A Diff: 2 Learning Obj.: 1

71) In a manual input system, batch controls are prepared initially by the A) EDP department. B) computer software. C) user department. D) general ledger department. Answer: C Diff: 1 Learning Obj.: 1 72) A software-based control procedure that checks for some errors as they are being input is called A) input verification. B) key verification. C) input control testing. D) transcription checking. Answer: B Diff: 1 Learning Obj.: 1 73) Key verification is often used A) to verify only selected essential fields. B) to verify essential and nonessential numeric fields. C) to verify all input fields, both alpha and numeric. D) when two or more people key input data in unison. Answer: A Diff: 2 Learning Obj.: 1 74) As a control procedure, key verification requires that A) user departments key all of their own data. B) input fields are visually verified. C) key mismatches are electronically corrected. D) each source document is key-transcribed a second time. Answer: D Diff: 2 Learning Obj.: 1 75) Key verification control procedures A) edit data. B) do not use batch totals. C) do not edit data. D) electronically replace incorrect data with data from an existing database. Answer: C Diff: 2 Learning Obj.: 1

76) Program data editing is a software technique that should A) be used in addition to verification. B) be used in place of verification. C) be applied only to characters within input fields. D) only be used after visual verification has detected errors in the input. Answer: A Diff: 2 Learning Obj.: 1 77) Program data editing techniques may be applied to A) fields. B) records. C) files. D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 1 78) A data editing routine that compares data with acceptable values is a A) limit test. B) table lookup. C) financial total check. D) valid code check. Answer: B Diff: 1 Learning Obj.: 1 79) A data editing routine that compares numeric data input within a range is a(n) A) table lookup. B) hash total check. C) limit test. D) internal label test. Answer: C Diff: 1 Learning Obj.: 1 80) An extra digit added to a code number verified by applying mathematical calculations to the individual code number characters is a A) control digit. B) hash digit. C) check digit. D) verification digit. Answer: C Diff: 1 Learning Obj.: 1

81) Check digits are especially effective at detecting A) transposition errors. B) accidental keying mistakes. C) incorrect account numbers. D) customer accounts that were never assigned. Answer: A Diff: 2 Learning Obj.: 1 82) The use of check digits A) is highly unusual in today's EDP environment. B) is very common because of the high reliability of this procedure. C) eliminates using key verification as a control procedures. D) eliminates using data editing routines as a method to detect errors. Answer: B Diff: 2 Learning Obj.: 1 83) Electronic data entry A) requires no human intervention. B) is sequentially processed. C) is always manually entered. D) is on-line. Answer: D Diff: 2 Learning Obj.: 1 84) An essential input field that should contain data is empty. The data edit control that would detect this error is a A) limit check. B) completeness check. C) sequence check. D) hash total check. Answer: B Diff: 2 Learning Obj.: 1 85) The "amount due" field of a bill is checked to ensure that the sign is positive. This is an example of a field A) sign check. B) length check. C) format check. D) type check. Answer: A Diff: 1 Learning Obj.: 1 12 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

86) During input, a data entry clerk incorrectly keyed product codes "ABXY" as "BAXY." Both ABXY and BAXY are valid codes. Which of the following controls would prevent this situation? A) A table-lookup procedure B) A check digit test C) Key verification D) Limit test Answer: C Diff: 2 Learning Obj.: 1 87) The compensating control for the loss of segregation of duties in an electronic input system is A) supervision and review. B) input document control forms. C) prenumbered documents. D) transaction logs. Answer: D Diff: 2 Learning Obj.: 1 88) Three technologies make extended supply-chain systems feasible. Which of the below is not one? A) XML-type data generation B) POS system C) Bar coding for automatic identification D) EDI ordering system Answer: A Diff: 2 Learning Obj.: 2 89) A transaction log that is "tagged" means that A) it has been catalogued in the EDP library. B) it is full and cannot hold any more information. C) it has been key verified and data edited. D) additional, audit-oriented information is included with original transaction data. Answer: D Diff: 2 Learning Obj.: 1

90) Sue Pang enters sales data directly into the computer-input program using a keyboard. The type of system Sue is using is a(n) A) automatic identification system. B) manual data entry system. C) point-of-sale system. D) electronic data interchange system. Answer: B Diff: 2 Learning Obj.: 2 91) In an electronic input system requiring human intervention, the main processing phases and their proper sequence are A) (1) data input and (2) data editing. B) (1) data editing and (2) data input. C) (1) data input and editing, and (2) transfer to the host application system. D) (1) data input, (2) transfer to the host application system, and (3) data editing. Answer: C Diff: 2 Learning Obj.: 1 92) A customer pumps gas at a local convenience store. The customer pays for the gasoline by inserting a credit card into the gasoline pump. This is an example of a(n) A) networked vending machine. B) point-of-sale system. C) automatic identification system. D) electronic data interface system. Answer: A Diff: 2 Learning Obj.: 2 93) A batch processing system would work best when processing A) inventory. B) payroll. C) accounts receivable. D) accounts payable. Answer: B Diff: 2 Learning Obj.: 2 94) The first step in a batch-processing environment using sequential file updating is A) preparing general ledger reports. B) updating the master file. C) preparing the transaction file. D) updating the general ledger. Answer: C Diff: 2 Learning Obj.: 2 14 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

95) In a system using batch processing with sequential file updating, at what point is the general ledger updated? A) After all master files are updated B) After each transaction batch is entered C) After all transactions are entered D) After each transaction batch is edited Answer: A Diff: 2 Learning Obj.: 1 96) When preparing the transaction file in a batch processing with sequential file system, the edit program A) builds a transaction file from processed batch input. B) performs batch balancing procedures. C) ensures all documents are accounted for prior to processing. D) accumulates revised batch-control totals for the input data. Answer: D Diff: 2 Learning Obj.: 1 97) When a system sorts edited data immediately before a master file update in a batch-oriented system, the operation sequence for editing and sorting is called A) sort and edit. B) edit and sort. C) sort and update. D) edit and update. Answer: B Diff: 1 Learning Obj.: 2 98) Alberta Products Company updates their accounts receivable master file each day. The EDP department uses the son-father-grandfather retention of master files. A computer operator accidentally destroyed the most recent accounts receivable master file by using the purchase transaction file to update it. The operator now has today's correct transaction file. How can the operator reconstruct the accounts receivable master file for the update? A) Process yesterday's son against today's transaction file. B) Process yesterday's grandfather against yesterday's transaction file. C) Process yesterday's father against yesterday's transaction file. D) Process yesterday's son against yesterday's transaction file. Answer: C Diff: 3 Learning Obj.: 1

99) The master file in a computer system is equivalent to which one of the following manual system features? A) Subsidiary ledger B) Journal C) Register D) Log Answer: A Diff: 1 Learning Obj.: 3 100) For a general ledger accounting system to be properly maintained, data must be A) collected. B) recorded. C) properly classified and entered into appropriate records for further summations. D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 3 101) In a general ledger file update, all entries into the general ledger are A) first documented using a journal voucher. B) updated by each user department as necessary. C) dumped and not processed if any invalid data is found in any entry. D) first documented using a journal voucher, then are used to build a journal voucher file. Answer: D Diff: 2 Learning Obj.: 3 102) Computer processing of accounting data is typically composed of A) producing preliminary reports and then final listings after submission of corrections. B) five steps which occur in four separate and distinct cycles. C) seven steps (following the typical accounting cycle). D) a series of mathematical algorithms. Answer: A Diff: 2 Learning Obj.: 3 103) In a general ledger accounting system, the link created between the general ledger accounts and the report(s) in which they appear is called A) a line locator. B) line coding. C) soft coding. D) hard coding. Answer: B Diff: 2 Learning Obj.: 3 16 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

104) The type of file updating which should be used in a DBMS system using batch processing is A) random-access. B) sequential-access. C) automatic. D) peer-to-peer. Answer: C Diff: 1 Learning Obj.: 2 105) In a cash remittance processing, the open-items accounts receivable file serves as the A) billing data. B) credit sales journal. C) accounts receivable control account. D) subsidiary accounts receivable ledger. Answer: D Diff: 1 Learning Obj.: 3 106) An electronic processing system can be used A) only in a batch environment. B) with real-time, on-line processing. C) in either a batch or real-time, on-line processing environment. D) in situations where documentation is not a priority. Answer: C Diff: 2 Learning Obj.: 2 107) The type of OLRS system in which users do not input, but only request information, is a(n) A) data entry system. B) inquiry/response system. C) file processing system. D) transaction processing system. Answer: B Diff: 2 Learning Obj.: 2 108) Which application would not be ideally suited to processing by an OLRS system? A) Payroll B) On-line reservations C) Inventory control D) Customer accounts Answer: A Diff: 2 Learning Obj.: 2

109) A technology that is not typically used in a real-time sales system is A) bar coding. B) sequential file processing. C) a POS system. D) an EDI ordering system. Answer: B Diff: 2 Learning Obj.: 2 110) A retail sales Point-of-Sale terminal A) records cash and charge sales. B) updates inventory records. C) provides data for posting to daily sales records. D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 2 111) Automatic identification of products is greatly enhanced by A) using UPC as a base. B) employing JIT processing. C) manually prepared price tags affixed by receiving personnel upon delivery. D) transaction tagging using each manufacturer's unique inventory control numbers. Answer: A Diff: 1 Learning Obj.: 2 112) In a real-time sales system, which transaction-processing step below would not be performed entirely by using EDI? A) Receiving and translating an incoming customer order B) Sending an acknowledgement of the incoming order C) Sending the customer a three-ring bound catalogue using the U.S. mail D) Transmitting an advanced shipping notice to the customer Answer: C Diff: 3 Learning Obj.: 2 113) Output systems can be manual, electronic, or something in between. Irrespective of the media used in an output system, output distribution should be controlled using a A) distribution register. B) transaction register. C) check register. D) POS terminal. Answer: A Diff: 1 Learning Obj.: 1 18 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

114) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Key verification ________ 2. Valid code check ________ 3. OLRS ________ 4. Output distribution register ________ 5. Tagging ________ 6. Check digit ________ 7. Output controls ________ 8. Son-father-grandfather retention ________ 9. Table lookup ________ 10. Batch processing A. Designed to check that processing results in valid output and that outputs are distributed properly to users B. On-line real-time system C. Source documents are accumulated into groups for periodic processing D. A table-lookup procedure in which the table file consists of valid data codes E. Audit-oriented information that is included with original transaction data when they are recorded F. A control procedure to ensure the accuracy of the key-transcribed input data G. A log maintained to control the disposition of outputs and reports H. An extra digit added to a code number which is verified by applying mathematical calculations to the individual digits in the code number I. An edit program that compares the value of a field to the acceptable values contained in a table file J. Retaining the old master and the transaction file for backup over the new master file Answer: 1. F, 2. D, 3. B, 4. G, 5. E, 6. H, 7. A, 8. J, 9. I, 10. C Diff: 2 Learning Obj.: 1

115) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Key verification ________ 2. Real-time ________ 3. On-line, real time computing ________ 4. Input document control form ________ 5. Tagging ________ 6. Program data editing ________ 7. Valid code check ________ 8. Transaction processing system ________ 9. Table lookup ________ 10. POS system A. A table-lookup procedure in which the table file consists of valid data codes B. A system that processes input data immediately after they are input and can provide immediate output to users C. Technology that enhances the traditional cash register to allow it to function as a source dataentry device for sales transactions D. A computer environment where immediate or fast-response processing occurs E. Audit-oriented information that is included with original transaction data when they are recorded. F. A control procedure to ensure the accuracy of the key-transcribed input data G. Documents batch control totals for batches of input data transmitted between user departments and the data processing department H. A software technique used to screen data prior to computer processing I. An edit program that compares the value of a field to the acceptable values contained in a table file J. A system that collects and processes transactions and provides immediate output concerning processing Answer: 1. F, 2. D, 3. B, 4. G, 5. E, 6. H, 7. A, 8. J, 9. I, 10. C Diff: 2 Learning Obj.: 1, 2

116) Base your answer using the following version of the Modulus 11-check digit found in Chapter 6. For a four-digit account number: 1. Multiply each digit separately by the corresponding digit in the sequence: 5, 4, 3, 2. 2. Add results of digit multiplication in Step 1, digit-by-digit. 3. Subtract Step 2 results from the next highest multiple of 11. 4. The Step 3 result is the check digit. Required: Calculate the check digit for each of the following account numbers: a. 8369 b. 2386 Answer: a. The check digit is 8, as follows: 8 × 5 = 40 4 + 0 + 1 + 2 + 1 + 8 + 1 + 8 = 25; 33 - 25 = 8 3 × 4 = 12 6 × 3 = 18 9 × 2 = 18 b. The check digit is 9, as follows: 2 × 5 = 10 1 + 0 + 1 + 2 + 2 + 4 + 1 + 2 = 13; 3 × 4 = 12 8 × 3 = 24 6 × 2 = 12 Diff: 2 Learning Obj.: 1

22 - 13 = 9

117) Base your answer using the following version of Modulus 11-check digit found in Chapter 6. For a four-digit account number: 1. Multiply each digit separately by the corresponding digit in the sequence: 5, 4, 3, 2. 2. Add results of digit multiplication in Step 1, digit-by-digit. 3. Subtract Step 2 results from the next highest multiple of 11. 4. The Step 3 result is the check digit. Required: Calculate the check digit for each of the following account numbers: a. 2596 b. 7428 Answer: a. The check digit is 7, as follows: 2 × 5 = 10 1 + 0 + 2 + 0 + 2 + 7 + 1 + 2 = 15; 22 - 15 = 7 5 × 4 = 20 9 × 3 = 27 6 × 2 = 12 b. The check digit is 5, as follows: 7 × 5 = 35 3 + 5 + 1 + 6 + 6 +1 + 6 = 28; 4 × 4 = 16 2×3=6 8 × 2 = 16 Diff: 2 Learning Obj.: 1

33 - 28 = 5

118) The following input is in an accounts receivable application: Account number

Gross amount

5864 1438 2289 9822 2877

8362 7866 6483 8968 5214

Required: Calculate the appropriate (a) record count; (b) financial total; and (c) hash total. Answer: a. 5 b. 36,893 c. 22,290 Diff: 2 Learning Obj.: 1

119) The following input is in an accounts payable application: Account number

Gross amount

6289 3276 1280 9764 1283

9482 4860 7298 9062 5775

Required: Calculate the appropriate (a) record count; (b) financial total; and (c) hash total. Answer: a. 5 b. 36,477 c. 21,892 Diff: 2 Learning Obj.: 1 120) For each of the following situations, indicate the program data editing technique that is appropriate to detect the error: a. A system user transposed digits when entering a customer's account number. b. An input clerk input the wrong sales territory number for employee number 35 in a sales commissions payable program. c. The data processing department failed to process all the items in a batch. Answer: a. check digit b. combination field check c. record count or financial total or hash total Diff: 2 Learning Obj.: 1

121) For each of the following situations, indicate the program data editing technique that is appropriate to detect the error: a. Calgary Mountain Equipment Company uses prenumbered sales orders. The company is not sure that it can account for all sales orders for the week of October 21, 200X. b. The amount of a check in a vouchers payable program was negative. c. A data entry clerk failed to complete customer address information in a batch of sales orders. Answer: a. sequence check b. limit check c. completeness check Diff: 2 Learning Obj.: 1 122) Describe how random-access file updating differs from sequential file updating. Answer: Suggested answer: Random-access file updating does not require that transactions be sorted before the master file update. Also, random-access file updating changes the records on the master file without creating a new master file. Sequential-access transactions are sorted before updating the master file, and process the transaction file against the previous run's master file to create a new master file. Diff: 2 Learning Obj.: 1 123) Describe how a son-father-grandfather master file retention system works. Describe how a master file destroyed in an update can be restored using this retention system. Answer: Suggested answer: In an SFG system, the transaction file is processed against the current master file. After processing, the old (outdated) master file, the new master file, and the transaction file are retained as backups. As many generations of the old master files and related transaction files can be retained as desired. The current master file is the "son, " the next oldest master is the "father," and so on. If the "son" is destroyed in the next master file update, it can be restored by processing the previous run's transaction file against the "father." The new "son" can then be used in the next processing run. Diff: 2 Learning Obj.: 1

124) Discuss the components necessary to operate a real-time sales system. Answer: Suggested answer: There are a minimum of three modern technologies required to make a real-time sales system work and feasible for a retailer: • a POS (point-of-sale) system • bar coding for automatic identification of inventory • an EDI ordering system When inventory items are uniformly coded (using UPC bar codes), a POS system can easily scan items purchased by customers. This automatically allows critical records (such as inventory and sales receipts) to be updated and kept current in a convenient electronic format. It also allows the real-time sales system to initiate orders for additional items when order quantity reaches its "safety stock" reorder point. This is why almost all real-time retail systems use the UPC coding system (which is practically universal). For other types of sales systems other coding schemes may be used (such as the EAN Bookland bar code system used by most publishers, bookstores and chain book retailers such as Borders and Barnes & Noble). Since the POS system has captured and generated inventory and sales information in an electronic format, the electronic data interface (EDI) ordering system can almost instantly place orders with vendors. Sales information can also be transmitted from retail stores to vendors to help them with inventory planning and control. One unique benefit of such a real-time sales system is that it can be adapted to a Web site and accessed by customers over the Internet. Such a system operates without any human intervention, thus significantly cutting costs, and with Internet access virtually worldwide, customers can "order without borders." Also, the "Internet store" is open 24 × 7, 365 days per year. Diff: 2 Learning Obj.: 2 125) What are the benefits of program data editing? Answer: Suggested answer: Input data should be thoroughly edited after entry to ensure valid content. Program data editing is a software technique used to screen data for errors prior to processing. Such software should be used in addition to verification, not in place of it. Data editing routines may be applied to any of the basic data structures: characters, fields, records, and files. Data editing checks for validity, completeness, format, sign assignment, length, and reasonableness among other criteria. Data editing techniques use hash totals, record count totals, and financial totals to ensure the integrity of the input data. Diff: 2 Learning Obj.: 1

126) Discuss how batch totals are prepared and used. Explain how the use of batch totals and data transfer logs helps to establish segregation of duties between user departments and the data processing department. Answer: Suggested answer: User departments prepare batch totals when submitting documents to data processing. A user includes batch totals on an input document control form that accompanies the documents when they are sent to data processing. Data processing records the control form information, including the batch totals, in a data transfer log. Data processing reconciles the batch output, which includes calculations of batch totals, to the amounts on the control form. Data processing sends the output to the user, who reconciles the batch totals to the previously prepared totals. The user department's establishment of the control total prevents data processing from inserting, deleting, or changing transactions in the batch. Diff: 2 Learning Obj.: 1

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 8 Revenue Cycle Processes 1) Inquiry is an essential activity in the customer order business management process. Answer: FALSE Diff: 1 Learning Obj.: 1 2) The primary function of the customer order business management process is order fulfillment. Answer: TRUE Diff: 1 Learning Obj.: 1 3) Inquiries contain delivery information; quotations do not. Answer: FALSE Diff: 2 Learning Obj.: 1 4) A legal agreement, prepared before selling to customers as a matter of company policy, is a contract. Answer: TRUE Diff: 1 Learning Obj.: 1 5) After a sales order has been placed, the next step in the customer order business management process is to ship the goods or perform the requested services. Answer: FALSE Diff: 2 Learning Obj.: 1 6) In the shipping step of the customer order business management process, the ERP may recheck the availability of goods to ensure that delivery is immediately possible. Answer: TRUE Diff: 2 Learning Obj.: 1 7) The complexity of picking and packing differs significantly for different products. Answer: TRUE Diff: 1 Learning Obj.: 1 8) Customer master records should be unique in a SAP ERP system. Answer: TRUE Diff: 2 Learning Obj.: 1

9) A customer's hierarchy assignment must be known prior to the creation of the master record in SAP ERP. Answer: TRUE Diff: 2 Learning Obj.: 1 10) Most input used in creating a customer master record in the SAP ERP system is displayed as text and coded as alpha characters by the system. Answer: FALSE Diff: 2 Learning Obj.: 1 11) In the SAP ERP system, the "contact person" screen is used to indicate the specific days and times the customer will accept deliveries. Answer: FALSE Diff: 1 Learning Obj.: 1 12) The SAP ERP "sales" screen is used to code a customer's currency exchange rate. Answer: TRUE Diff: 2 Learning Obj.: 1 13) The transmission medium used for preparing and sending an invoice to a customer can be found in the "create customer" partner functions screen. Answer: FALSE Diff: 2 Learning Obj.: 1 14) The Incoterms field is found in the "create customer" taxes screen. Answer: FALSE Diff: 2 Learning Obj.: 1 15) In the "create sales order" screen, the date input into the "PO Date" field is always the same as the order date. Answer: FALSE Diff: 1 Learning Obj.: 1 16) As item data are entered into the "create sales order" screen in SAP ERP, the system automatically checks the availability status of the item. Answer: TRUE Diff: 2 Learning Obj.: 1

17) In the SAP ERP system, a "Delivery Block" field is used to prevent the further processing of an order. Answer: TRUE Diff: 2 Learning Obj.: 1 18) Transaction cycle controls are based on a separation of functions within a business process. Answer: TRUE Diff: 1 Learning Obj.: 2 19) A credit check is only necessary when selling to new customers. Answer: FALSE Diff: 1 Learning Obj.: 2 20) A goods-issued notice is the documentation exchanged between a shipper and a carrier such as a trucking company. Answer: FALSE Diff: 2 Learning Obj.: 2 21) Accounts receivable often represents the majority of an organization's working capital. Answer: TRUE Diff: 2 Learning Obj.: 3 22) Selling accounts receivable at a discount to a collection agency is part of a company's cycle billing plan. Answer: FALSE Diff: 2 Learning Obj.: 3 23) The approval of sales returns and allowances is a function of the credit department. Answer: TRUE Diff: 1 Learning Obj.: 4 24) After an allowance has been authorized and approved, the credit department issues a credit memo to document the reduction in the customer's account. Answer: FALSE Diff: 1 Learning Obj.: 4

25) It is important for the internal audit department to contact a customer directly regarding a past-due invoice. Answer: FALSE Diff: 2 Learning Obj.: 4 26) The acknowledgement of customer payments using a receipt or monthly statement is optional. Answer: FALSE Diff: 2 Learning Obj.: 4 27) The recorded receivable that exists prior to the payment by a customer enhances control over payments received. Answer: TRUE Diff: 2 Learning Obj.: 4 28) The remittance list is posted to the accounts receivable ledger. Answer: FALSE Diff: 2 Learning Obj.: 4 29) The validated deposit slip from a bank should be returned to the cash receipts department. Answer: FALSE Diff: 2 Learning Obj.: 4 30) The control of actual cash (as opposed to checks) received in the mail relies largely on direct supervision. Answer: TRUE Diff: 2 Learning Obj.: 4 31) The party best suited to reconciling a company's bank account is the internal auditor. Answer: TRUE Diff: 2 Learning Obj.: 4 32) Cash sales should be recorded in a cash register or other secure device that can provide immediate documentation of the sales. Answer: TRUE Diff: 2 Learning Obj.: 4

33) The focal point of the cash sales business process is the quick generation of cash sales. Answer: FALSE Diff: 2 Learning Obj.: 4 34) Cash sales are only subject to accounting control if a record of the sale has been created. Answer: TRUE Diff: 2 Learning Obj.: 4 35) Imprest techniques control cash receipts with far greater accuracy than cash payments. Answer: FALSE Diff: 2 Learning Obj.: 4 36) Sarbanes-Oxley compliance requires companies maintain an adequate internal control structure over the business processes that support financial reporting. Answer: TRUE Diff: 2 Learning Obj.: 2 37) The SEC Interpretive Guidance "Management's Report on Internal Control Over Financial Reporting" approved in 2007, focuses management on preventing and uncovering fraud. Answer: FALSE Diff: 2 Learning Obj.: 2 38) The SEC Interpretive Guidance "Management's Report on Internal Control Over Financial Reporting" approved in 2007, focuses management on internal controls that best protect against risk of material misstatements in financial statements. Answer: TRUE Diff: 2 Learning Obj.: 2 39) Auditing standard No. 5 describes a bottom-up approach to selecting controls to be tested. Answer: FALSE Diff: 2 Learning Obj.: 2 40) Risk assessment of the sales business process is NOT necessary under SOX if internal control is considered adequate. Answer: FALSE Diff: 2 Learning Obj.: 2

41) Risk assessment of the sales business process is necessary for compliance with SOX. Answer: TRUE Diff: 2 Learning Obj.: 2 42) Risk assessment should evaluate whether a company's controls will sufficiently address identified risks of material misstatement due to fraud. Answer: TRUE Diff: 2 Learning Obj.: 2 43) The accounts receivable business process generates asset amounts that are significant to a company's balance sheet and cash flow statement, therefore, risk assessment of the accounts receivable process will be necessary for compliance with SOX. Answer: TRUE Diff: 2 Learning Obj.: 2 44) Unlike the sales business process, the accounts receivable business process does not generate cash, therefore, risk assessment of the accounts receivable process is optional under SOX as long as internal control is adequate. Answer: FALSE Diff: 2 Learning Obj.: 2 45) Risk assessment should evaluate identified risks of material misstatement due to fraud and controls intended to address the risk of management override of these controls. Answer: TRUE Diff: 2 Learning Obj.: 2 46) A well-designed customer order business management process captures ________ ________ as early as possible and reuses it in subsequent activities. Answer: customer information Diff: 2 Learning Obj.: 1 47) A contract to provide goods or services over a period of time is sometimes called a(n) ________ ________. Answer: blanket order Diff: 2 Learning Obj.: 1

48) ________ is an information system that enables the implementation of sophisticated and flexible customer-specific and material-specific pricing procedures. Answer: ERP Enterprise resource planning Diff: 2 Learning Obj.: 1 49) The ________ contains much of the information found in a sales order. Answer: delivery Diff: 2 Learning Obj.: 1 50) In the SAP ERP system, all of the information that pertains to a customer is stored in a(n) ________ ________ record. Answer: customer master Diff: 1 Learning Obj.: 1 51) In the SAP ERP system, a code indicating the ________ to be used must be entered in the communications section of the customer address screen. Answer: language Diff: 3 Learning Obj.: 1 52) In the SAP ERP system, the screen used to specify account reconciliation data is the ________ ________ screen. Answer: account management Diff: 2 Learning Obj.: 1 53) SAP ERP features powerful database ________ capabilities. Answer: query Diff: 2 Learning Obj.: 1 54) The SAP ERP system database allows the user to ________ ________ to obtain more detailed information concerning a line item in an order. Answer: drill down Diff: 2 Learning Obj.: 1 55) The distinction between ________ and ________ ________ is important to maintain separation of functions. Answer: billing; accounts receivable Diff: 2 Learning Obj.: 2 7 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

56) In ________ processing, a separate record is maintained in the accounts receivable system for each of the customer's unpaid invoices. Answer: open-items Diff: 2 Learning Obj.: 3 57) The mail room prepares a(n) ________ ________ that documents payments received. Answer: remittance list Diff: 1 Learning Obj.: 4 58) An objective of managing accounts receivable is to reduce the ________, because in collecting accounts receivable, "time is money." Answer: float Diff: 2 Learning Obj.: 4 59) A customer ________ is a term used to describe procedures in which the customer acts as a control over the initial documentation of a transaction. Answer: audit Diff: 2 Learning Obj.: 4 60) An example of a(n) ________ technique is a clerk who is given a precounted number of tickets and held responsible for either the retail value of the tickets or the tickets themselves. Answer: imprest Diff: 2 Learning Obj.: 4 61) Sarbanes-Oxley Act of 2002 requires companies maintain a(n) ________ internal control structure over the business processes that support financial reporting. Answer: adequate Diff: 2 Learning Obj.: 2 62) Effective internal control provides ________ assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. Answer: reasonable Diff: 2 Learning Obj.: 2 63) ________ assessment of the sales business process will be necessary for compliance with Sarbanes-Oxley. Answer: Risk Diff: 2 Learning Obj.: 2 8 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

64) Risk assessment should evaluate identified risks of material misstatement due to fraud and controls intended to address the risk of ________ override of these controls. Answer: management Diff: 2 Learning Obj.: 2 65) Which of the following activities is optional in the customer order business management process? A) Order entry B) Contract creation C) Shipping D) Billing Answer: B Diff: 1 Learning Obj.: 1 66) The customer order business management process begins when a A) customer order is entered into the system. B) customer order is shipped. C) customer invoice is generated and sent to the customer. D) potential customer makes an inquiry or requests a quotation. Answer: D Diff: 1 Learning Obj.: 1 67) A document sent to an outside firm to inform them of product prices, availability, and delivery information is known as a(n) A) inquiry. B) blanket order. C) quotation. D) sales order. Answer: C Diff: 2 Learning Obj.: 1 68) An outline detailing the goods or services to be provided to a customer is a(n) A) contract. B) inquiry. C) quotation. D) sales order. Answer: A Diff: 2 Learning Obj.: 1

69) The document prepared when a customer is requesting the delivery of goods that are detailed in a contract is called a A) sales order. B) release order. C) call-off. D) Answers B and C are both correct. Answer: D Diff: 2 Learning Obj.: 1 70) A customer has placed an order. The customer's credit has been checked and is satisfactory. When the availability of the goods is checked, it is found that some items are in stock and the vendor has backordered other items. At this point the customer A) may cancel the order. B) may request the order be held until all goods can be shipped. C) may request partial shipment of the goods currently in. D) All of these answers are correct. Answer: D Diff: 2 Learning Obj.: 1 71) A warehouse employee uses a document to fulfill a customer order. The employee is most likely using a A) picking list. B) packing list. C) bill of lading. D) shipping advice. Answer: A Diff: 1 Learning Obj.: 1 72) In the billing stage of the customer order business management process, the ERP uses much of the data from a customer's sales order to create the A) goods issued notice. B) invoice. C) delivery. D) packing list. Answer: B Diff: 2 Learning Obj.: 1

73) In the SAP ERP system, how many types of customer records must be created and maintained? A) Four B) One C) Six D) Two Answer: A Diff: 2 Learning Obj.: 1 74) In the SAP ERP system, all of the different master records are created when the A) payee customer record is created. B) ship-to-customer record is created. C) sold-to-customer record is created. D) bill-to-customer record is created. Answer: C Diff: 2 Learning Obj.: 1 75) Hierarchy assignment includes a customer's A) distribution channel. B) geographical location. C) credit approval. D) All of these answers are correct. Answer: D Diff: 2 Learning Obj.: 1 76) The first screen used to create a customer in a SAP ERP system is A) control data. B) contact person. C) initial. D) account management. Answer: C Diff: 1 Learning Obj.: 1 77) In the SAP ERP system, the "create customer" screen, which is used to input statistical and demographic data, is A) control data. B) marketing. C) unloading points. D) initial. Answer: B Diff: 2 Learning Obj.: 1 11 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

78) In the SAP ERP system, if a company wishes to initiate a dunning procedure against a customer, input will be made in the A) account management screen. B) payment transactions screen. C) correspondence screen. D) control data screen. Answer: C Diff: 2 Learning Obj.: 1 79) A company that uses the SAP ERP system wants to identify the areas within their company that have responsibility to a certain customer. The screen that should be used to enter this information is A) correspondence. B) sales. C) billing. D) initial. Answer: B Diff: 2 Learning Obj.: 1 80) Input concerning whether manual invoicing is required or if a customer is entitled to rebates in the SAP ERP system can be found in the A) billing screen. B) sales screen. C) payment transactions screen. D) account management screen. Answer: A Diff: 2 Learning Obj.: 1 81) The final input screen in the "create customer" function of the SAP ERP system is the A) billing screen. B) taxes screen. C) partner functions screen. D) output screen. Answer: C Diff: 2 Learning Obj.: 1

82) The SAP ERP system requires a customer master record for each customer. A one-time customer of the company A) can be passed through the system by using a "dummy" customer master record. B) should be manually billed using a 30-day account, thus bypassing the SAP ERP system. C) must pay cash and pick up the goods from the company's shipping dock. D) must be set up using detailed records in the SAP ERP system like any other customer. Answer: A Diff: 2 Learning Obj.: 1 83) When a "sold-to" customer record is created in the SAP ERP system, other master records are automatically created using the same information. The input screen in which these records are associated with each other is the A) output screen. B) billing screen. C) account management screen. D) partner functions screen. Answer: D Diff: 2 Learning Obj.: 1 84) Which input field listed below is not mandatory when creating a sales order in the "initial" screen of the SAP ERP system? A) Sales organization field B) Sales group C) Distribution channel field D) Division code field Answer: B Diff: 3 Learning Obj.: 1 85) Which of the screens listed below in SAP ERP system is not optional when a company records information relating to a sale? A) Pricing B) Create sales order C) Business data header D) Scheduling Answer: B Diff: 1 Learning Obj.: 1

86) The prices entered on sales orders should be independent of the sales order function. To achieve this transaction cycle control, the company's ordering system should use A) an independently prepared master price list authorized by management. B) prices found in the order database. C) prices listed by the sales representative who initiated the order. D) All of these answers are correct. Answer: A Diff: 2 Learning Obj.: 2 87) A sales order is A) the same as the purchase order. B) an external use document. C) an internal use document. D) optional when selling to established customers. Answer: C Diff: 1 Learning Obj.: 2 88) As part of adequate transaction cycle controls in order processing, after the finished goods department has picked a customer's order according to a delivery document, the records which should be updated to reflect actual quantities picked are found in the A) order database. B) credit files. C) master price list. D) inventory database. Answer: D Diff: 2 Learning Obj.: 2 89) What documents typically accompany the physical shipment of goods to a customer? A) The picking list and purchase order B) Packing and picking lists C) The packing list and a bill of lading D) The sales order and an invoice Answer: C Diff: 2 Learning Obj.: 2

90) To maintain an adequate separation of duties, various functions within the customer order process should be independent of each other. An example of this is A) that billing does not have access to the accounts receivable ledger. B) that shipping only accepts goods from finished goods that are identified on an independently prepared packing list. C) Answers A and B are both correct. D) None of these answers is correct. Answer: C Diff: 2 Learning Obj.: 2 91) There are various approaches to an accounts receivable application. The approach in which a customer's remittances are applied against a customer's total outstanding balance is called A) aging schedule processing. B) balance-forward processing. C) open-item processing. D) None of these answers is correct. Answer: B Diff: 2 Learning Obj.: 4 92) To maintain adequate separation of functions, accounts receivable should not have access to A) cash received from customers. B) checks received from customers. C) invoices and credit memos. D) Answers A and B are both correct. Answer: D Diff: 2 Learning Obj.: 4 93) One process, which is transparent to customers and has a beneficial effect on the company's cash flow, is to A) implement a cycle billing plan. B) factor accounts receivable. C) decrease the amount of time in which customers have to pay their monthly invoices. D) Answers B and C are both correct. Answer: A Diff: 2 Learning Obj.: 4

94) To provide an adequate separation of functions in the accounts receivable business process, maintaining the subsidiary accounts receivable ledger should be the responsibility of A) billing. B) accounts receivable. C) cash receipts. D) general ledger. Answer: B Diff: 2 Learning Obj.: 4 95) To provide an adequate separation of functions in the accounts receivable business process, maintaining the accounts receivable control account should be the responsibility of A) billing. B) accounts receivable. C) cash receipts. D) general ledger. Answer: D Diff: 2 Learning Obj.: 4 96) A sales return occurs when a customer actually returns goods that have been shipped. The departments involved with processing this transaction up to the point of issuing a credit memo are the A) shipping, receiving, and billing departments. B) receiving, billing, and accounts receivable departments. C) shipping, receiving, and credit departments. D) receiving, credit, and billing departments. Answer: D Diff: 2 Learning Obj.: 4 97) The Bad Luck Fortune Cookie Company has a 360-day past-due balance of $1,300.00. After repeated attempts at collection, the account is deemed worthless. The departments involved with processing this transaction up to the point of issuing an approved write-off memo are the A) credit and accounts receivable departments. B) treasurer, billing, and accounts receivable departments. C) credit, treasurer, accounts receivable, and internal audit departments. D) credit, treasurer, cash receipts, and internal audit departments. Answer: C Diff: 2 Learning Obj.: 4

98) The business process used when there is an existing customer account balance is A) accounts receivable. B) cash-received-on-account. C) cash sales. D) aged trial balance. Answer: B Diff: 2 Learning Obj.: 4 99) In the cash-received-on-account process, the remittance list is used to post the A) cash receipts journal. B) accounts receivable ledger. C) Answers A and B are both correct. D) None of these answers is correct. Answer: A Diff: 1 Learning Obj.: 1 100) The amount of cash receipts for August 12 is $6,389.42. For general ledger to post this amount, it must receive A) a journal voucher from cash receipts. B) the deposit slip from the bank for August 12 showing $6,389.42 as a deposit. C) a control total from accounts receivable. D) a journal voucher from cash receipts and a control total from accounts receivable. Answer: D Diff: 2 Learning Obj.: 4 101) To control incoming cash from the mail and ensure an accurate accounting, the department which should have complete control over the transaction is the A) mailroom. B) cash receipts. C) accounts receivable. D) No one department should have complete control over incoming cash Answer: D Diff: 1 Learning Obj.: 4 102) A turnaround document that is used to enhance internal control and promote the accuracy of incoming cash receipts is the A) journal voucher. B) remittance advice. C) bank deposit slip. D) remittance list. Answer: B Diff: 2 Learning Obj.: 4 17 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

103) Using a lock-box system A) expedites the cash flow for a company. B) helps to reduce interest income lost due to delays in depositing out-of-state-checks. C) promotes the segregation of duties because a third-party handles cash receipts. D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 4 104) A company located in Delaware has customers nationwide. The most effective system to deal with the issue of float is to A) use one lock-box collection system located in the Midwest. B) have customers send their remittances to the company's corporate office in Delaware. C) use several regional lock-box systems located geographically around clusters of customers. D) factor its accounts receivable to a collection agency. Answer: C Diff: 2 Learning Obj.: 4 105) A significant difference between a cash sales business process and a cash-received-onaccount business process is that A) no previous customer account balance exists in a cash sales business process. B) the float is shorter in a cash-received-on-account business process. C) more direct supervision is required in a cash-received-on-account business process. D) There is no significant difference between the two business processes. Answer: A Diff: 2 Learning Obj.: 4 106) A grocery store customer will be given a gallon of ice cream if his or her receipt has a red star stamped on it. The idea behind this technique from an accounting control standpoint is to A) promote the dairy industry's "Got Milk" campaign. B) have the customer audit his or her cash receipt. C) keep the customer happy. D) Answers A and C are both correct. Answer: B Diff: 2 Learning Obj.: 4

107) Which illustration is not an example of a customer audit technique? A) Providing a customer with a remittance advice that must be returned with payment B) Pricing items at $1.00 rather than 99 cents so the customer does not expect change C) Entering the customer in a prize contest if he or she calls a number and provides feedback about the purchase D) All of these answers are correct. Answer: B Diff: 2 Learning Obj.: 4 108) Which illustration is not an example of a supervision technique? A) Using professional shoppers in a retail environment B) Using a test package for a bank teller or cash counter C) Having a cash register make sound when it is opened in the presence of a customer D) All of these answers above are correct. Answer: C Diff: 2 Learning Obj.: 4 109) Sarbanes-Oxley Act of 2002 requires companies maintain an adequate ________ structure over the business processes that support financial reporting. A) risk assessment B) internal control C) assurance assessment D) reliability process Answer: B Diff: 2 Learning Obj.: 2 110) The SEC Interpretive Guidance "Management's Report on Internal Control Over Financial Reporting" approved in 2007, focuses management on internal controls that best protect against risk of material ________ in financial statements. A) fraud B) misstatements C) negligence D) mistakes Answer: B Diff: 2 Learning Obj.: 2

111) Effective internal control provides ________ assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. A) little B) adequate C) total D) reasonable Answer: D Diff: 2 Learning Obj.: 2 112) Auditing standard No. 5 describes a ________ approach to selecting controls to be tested. A) hybrid B) bottom-up C) top-down D) This standard does not discuss the selection of controls to be tested. Answer: C Diff: 2 Learning Obj.: 2 113) Risk assessment should evaluate whether controls sufficiently address identified risks of material misstatements due to fraud and A) controls specifically designed to prevent fraud. B) controls intended to address the risk of collusion. C) controls intended to address the risk of management override of these controls. D) controls specifically designed to prevent material misstatements. Answer: C Diff: 2 Learning Obj.: 2

114) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Remittance list ________ 2. Credit memo ________ 3. Open-item processing ________ 4. Bill of lading ________ 5. Invoice ________ 6. Balance-forward processing ________ 7. Sales order ________ 8. Inquiry ________ 9. Goods issue notice ________ 10. Float A. Documentation which is forwarded to the billing function to evidence a shipment to a customer B. Invoice received from a carrier for shipments C. The time between the signing of the payment check by a customer and the moment the firm has use of the funds D. A form used to document reductions to a customer's account due to sales returns or allowances E. A customer's remittances are applied against a customer's outstanding balance rather than against individual invoices F. A listing of customer payments in cash and by check that is prepared for control purposes G. A document similar to a quotation that does not contain delivery information H. A document that informs a customer of charges for goods or services rendered I. A customer's remittances are applied against individual invoices rather than a customer's outstanding balance J. A document prepared to initiate the shipment of goods to a customer Answer: 1. F, 2. D, 3. I, 4. B, 5. H, 6. E, 7. J, 8. G, 9. A, 10. C Diff: 2 Learning Obj.: 1, 2, 3

115) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Imprest techniques ________ 2. Factoring ________ 3. Blanket order ________ 4. Customer audit ________ 5. Cycle billing ________ 6. Professional shoppers ________ 7. Lock-box deposit system ________ 8. Bill ________ 9. Shipping advice ________ 10. Quotation A. A single order which calls for several shipments to the same customer over a specific period of time B. The selling of accounts receivable at a discount to a collection agency C. People hired to purchase goods in a retail environment for the specific purpose of observing the recording of transactions D. A synonym for "goods issue notice" E. The processing of accounts receivable, subdivided by alphabet or account number in order to distribute the preparation of statements over the working days of the month F. A control technique in which an item is held accountable to a specified total amount G. A procedure in which the customer acts as a control over the initial documentation of a transaction H. A document sent to a potential customer to inform them of product prices, availability, and delivery information I. Customer remittances are sent directly to a bank and are credited to a company's account before they are posted to customer accounts J. Another name for an invoice Answer: 1. F, 2. B, 3. A, 4. G, 5. E, 6. C, 7. I, 8. J, 9. D, 10. H Diff: 2 Learning Obj.: 1, 2, 3, 4

116) The following ten paragraphs describe control weaknesses in customer order and account management business processes. Listed below are 11 controls that may help control the weaknesses: A. Customer credit check B. Master price list independent from Order Entry C. Credit department approval of customer account adjustments D. Independent confirmation from internal audit to customer E. Independent confirmation from Accounts Receivable to customer F. Balance the posted remittance advices to the remittance list in Accounts Receivable G. Customer audit H. Billing information generated from sales order data I. Comparison of goods, picking list, and packing list in Shipping J. Packing list generated from sales order data K. File of picking lists, signed by Shipping, in Finished Goods Required: In the blank next to each number, list one capital letter representing the best control to address the system weakness. You will use each letter only once, and one letter will not be used. 1. ________ Employees of Micro-Speed Computer Company's billing department observed that for the sales of January 15, inventory item number 7856 was priced at a different amount on ten different orders. 2. ________ Hemingway Manufacturing Company sent a $7,500 payment on account to United Coastal Hardware Company. A mailroom clerk stole the payment and accompanying remittance advice, but included the payment on the day's remittance list. The accounts receivable department later sent Hemingway a statement showing $7,500 credited to its account. 3. ________ An employee worked for a week at Bob's Belly Buster Burgers. After the employee quit, the owner noticed that the dollar amount of sales for the week was unusually low, although the amount of food ordered was typical. 4. ________ At Washington Square Company, customers are complaining that they are not receiving the correct quantities of goods ordered, or the wrong items are being shipped to them. 5. ________ To increase its catalog business, Great Southwest Company permitted new customers to open a $500 account with the company. A disgruntled company employee placed several fraudulent telephone orders with the company, each time disguising his voice and acting as a new customer. The employee obtained $5,000 in merchandise before he was caught. 6. ________ As an added convenience to her customers, Melanie Jacobi, a saleswoman for The New People Shoe Company, negotiates and approves sales returns and allowances. Auditors performing an analytical review of sales and inventory data have discovered a decrease in sales without a corresponding increase in the number of finished goods.

7. ________ Customers of Miller Magnetic Company are complaining that they are being billed for amounts greater than they ordered and received. 8. ________ Iron Works Equipment Company had financial difficulty and fell behind in its payments to Great Lakes Manufacturing Company. After repeated attempts at collection, Great Lakes' credit department finally wrote off the Iron Works account on September 30, 200X. On December 14 200X, auditors discovered that an accounts receivable employee conspired with a mailroom employee to divert $6,500 in payments made by Iron Works after their account was written-off. 9. ________ At Young People Accessory Company, the finished goods department sends goods to the shipping department, accompanied by a picking list. The shipping department clerk compares the goods to the picking list and signs the picking list, returning it to the finished goods warehouse clerk. Then the shipping department prepares a three-part shipping notice, one copy of which serves as the packing list and is enclosed with the goods to be shipped. An auditor recently discovered that the sales of a popular woman's purse were far less than the amount of inventory reduction for the purse. 10. ________ At Goode Brothers Office Supply, Inc., the correct goods for a customer's order were "picked" and transferred from the finished goods warehouse to shipping. The shipping clerk kept part of the customer's order. The customer later complained that he had received only half of his order. The shipping clerk claimed that shipping had not received the complete order from finished goods. Since Goode Brothers could not prove the source of the shortage, it sent additional goods to the customer at no charge. Answer: 1. B, 2. F, 3. G, 4. I, 5. A, 6. C, 7. H, 8. D, 9. J, 10. K Diff: 3 Learning Obj.: 2, 4

117) Melbourne Manufacturing Company is a new start-up business that has not yet opened its doors. The controller for the company is concerned about the best way to process accounts receivable. The controller expects each individual sale to be relatively large, and her goal is for all customers to pay on an individual invoice basis. The marketing department's sales forecast estimates that Melbourne will build a customer base of 1,800 in six to nine months. Required: a. What is the appropriate accounts receivable processing method for Melbourne Manufacturing? Describe how it would work. b. Describe the concept of cycle billing. What are the potential benefits of cycle billing for Melbourne Manufacturing? Answer: a. The company should use the open-item processing method. The accounts receivable system will maintain a separate record for each unpaid invoice. This is a practical approach given that each sale will be relatively large. As the customers pay invoices, the payments are matched against the unpaid invoice records. b. Cycle billing refers to the distribution of statements throughout the month rather than only at month-end. Melbourne Manufacturing Company could subdivide their accounts receivable file either by account number or alphabetically, and devise a plan to spread the preparation of statements over different working days of the month. This would even the work flow for the accounts receivable department, since statements would be created at different times during the month (not all at month-end). The company would also benefit from cycle billing since cash inflows will be more evenly received over the month from customers. Diff: 2 Learning Obj.: 4

118) National Auto Loan has customers throughout the 48 contiguous states. Its current policy is to have all customers mail their payments to National Auto's corporate office located in Lansing, Michigan. It is considering a regional lock-box system to collect loan payments from its customers. Changing to a regional lock-box system will decrease the company's float time from eight days (on average) to three days. The company's average daily collection is $1,750,000. The bank that operates the regional lock-box system requires compensating balances totaling $800,000. Annual fees and expenses associated with the lock-box system are $350,000. Required: a. Compute the dollar amount of net funds freed if National Auto uses the lock-box system. b. Compute the percentage rate of net funds freed. Answer: a. Float for the Lansing, MI, location (8 days × $1,750,000) $14,000,000 Less: Float using a lock-box system (3 days × $1,750,000) 5,250,000 Gross funds freed if a lock-box system is used 8,750,000 Less: Required compensating balance for lock-box system 800,000 Net funds freed if a lock-box system is used $7,950,000 b. Cost of net funds freed = $350,000 fees and expenses / $7,950,000 = 4.40% Diff: 2 Learning Obj.: 4 119) The Jackson Supply Company recently started using a regional lock-box collection system. The controller for the company compared the float using the lock-box system with the float using the company's prior, one-location collection system. The controller found that the company was saving $2,600,000 in average float. The bank that provides the regional lock-box system requires that the company maintain a $500,000 compensating balance at all times. The bank also charges service fees of $120,000 annually. Required: Calculate the percentage cost of net funds freed for Jackson Supply Company. Answer: Gross savings using a lock-box system $ 2,600,000 Less: Required compensating balance for the lock-box system 500,000 Net savings using a lock-box system $ 2,100,000 $120,000 fees and expenses / $2,100,000 = 5.71% percentage cost of funds freed Diff: 2 Learning Obj.: 4

120) Southeastern Supply Company has been in business for one month. The chief information officer of the company is designing procedures for its sales order entry system. Top management wants procedures for both general and specific authorization. Required: Describe procedures to accomplish each of the following activities and indicate whether each procedure requires general or specific authorization. 1. Establishment of prices to be entered on sales orders 2. Establishing terms of sale, including credit limits 3. Disposition of blocked orders for customers over the credit limit 4. Disposition of sales allowances 5. Writing off accounts deemed worthless Answer: 1. Management separate from the sales order function should prepare a master price list for use in sales orders. This is a general authorization. 2. Management can establish general guidelines for credit customers, such as: requiring a credit check; a credit limit for an initial order from a new customer; and establishing a credit limit after the initial order. These general guidelines would be a general authorization. Occasionally, new customers might need more credit than the company normally allows, or a new customer might have a credit record that does not meet the company's normal requirements. The sales terms for such customers would be a specific authorization. 3. Blocked orders are those that put customers over their credit limit. The sales order department informs the credit department of blocked orders, and the credit department decides which ones should be released for fulfillment. This is a specific authorization. 4. The sales order department negotiates the amount of sales allowances with customers. (An allowance is a reduction in the amount owed by the customer due to damaged merchandise, shortages in shipment, or other fulfillment problems.) The credit department approves the amount of the allowance and authorizes the billing department to prepare a credit memo reducing the customer's account. This is a specific authorization. 5. The credit department reviews the accounts receivable aging schedule and recommends accounts to be written off. The treasurer approves the write-offs and authorizes the accounts receivable department to write off the customer accounts. This is a specific authorization. Diff: 3 Learning Obj.: 1, 2

121) Describe the following order entry procedures: a. Pricing b. Credit checking c. Availability checking Answer: Suggested answer: a. To price an order, the order-taker must know the current prices of products or services, and surcharges or discounts that apply, and shipping costs. b. Credit checking occurs after pricing is complete and before inventory availability is checked. The system blocks orders that are over the customer's previously established credit limit. The credit department reviews blocked orders and may authorize some or all of them to be released. c. Availability checking occurs after the pricing is complete and after the customer's credit is determined to be satisfactory. If goods are in stock or are expected to arrive before the customer's requested delivery date, the order proceeds normally without any exceptions. If goods are not expected to be in stock, the company may offer the customer an option of accepting a partial shipment, or delaying the shipment until sufficient stock arrives. Diff: 2 Learning Obj.: 1 122) Goodfellows Manufacturing Company is a mature user of the SAP ERP order processing system. Goodfellows recently acquired another manufacturing company and it wants to consolidate its customer records into Goodfellows' SAP ERP system. What are two things Goodfellows must do before it consolidates the other manufacturing company's customer records into its SAP ERP system? Answer: Suggested answer: (The text lists three things a company should do before entering new customer master records into the SAP ERP system.) • SAP ERP requires that each customer master record be unique. Goodfellows should eliminate any duplicate customers and verify that the customers of the other company are "new customers" in its system. • Each new customer's hierarchy assignment must be known to the system before the new customer master record is created. The hierarchy assignment includes information related to pricing, such as the distribution channel, type of industry, and geographic location. • The new customers must be approved for sales before creation of their master records in SAP ERP. Diff: 2 Learning Obj.: 1

123) Why should management or an organizational function that is independent of the sales order function, prepare the master price list? Answer: Suggested answer: The sales order application's purpose is to record sales orders. When management or a different (independent) function prepares the master price list, the authorization of pricing is separated from the recording of prices on sales orders. This separation of duties provides a control over the activities of sales order employees. They may not give preferential prices to certain customers or engage in any discriminatory pricing practice (which is a key reason for the separation of duties in this situation). Diff: 2 Learning Obj.: 2 124) Describe the procedures for a sales return and explain how the procedures relate to the segregation of duties of authorization, custody of assets, and record keeping. Answer: Suggested answer: The customer returns goods for credit to the selling firm's shipping department. Shipping returns the items to inventory and prepares a sales return memo for the credit department. The credit department approves the sales return memo and forwards it to the billing department. Billing issues a credit memo to the customer based on the authorization contained in the sales return memo. Billing prepares a journal entry for the credit memo. Accounts receivable posts the credit memo entry to the customer's account. The duties of custody, authorization, and record keeping are separated in these procedures. Shipping has custody of the returned inventory items (asset). The credit department authorizes the reduction of the customer's account receivable. Billing prepares the entry, and accounts receivable maintains the records. Diff: 2 Learning Obj.: 2 125) Explain SOX compliance as this Act relates to the sales business process and the accounts receivable business process. Answer: Suggested answer: Both the sales business process and the accounts receivable business process generates asset amounts that are significant on a company's income, balance sheet, and cash flow statements. Given the significant accounts, disclosures, and assertions, risk assessment of both the sales and AR business process will be necessary for compliance with SOX. Risk assessment should also evaluate identified risks of material misstatement due to fraud and controls intended to address the risk of management override of these controls. Diff: 2 Learning Obj.: 2

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 9 Procurement and Human Resources Business Processes 1) A synonym for the word "purchasing" is "procurement." Answer: TRUE Diff: 1 Learning Obj.: 1 2) The eight documents in the SAP ERP Materials Management module may be processed "online." Answer: TRUE Diff: 2 Learning Obj.: 1 3) All eight documents in the SAP ERP Materials Management module are used each time an item is purchased. Answer: FALSE Diff: 2 Learning Obj.: 1 4) Numeric document type codes are assigned to each new procurement document created in the SAP ERP system. Answer: FALSE Diff: 2 Learning Obj.: 1 5) ERP can copy relevant information from an existing document to a new one, reducing errors and expediting the business process. Answer: TRUE Diff: 2 Learning Obj.: 1 6) A purchase order is an internal document created to request the procurement of something so that it is available at a certain point in time. Answer: FALSE Diff: 2 Learning Obj.: 1 7) Approval of a purchase requisition usually means that the request is within cost limits. Answer: TRUE Diff: 2 Learning Obj.: 1 8) ERP maintains lists of approved and disapproved sources of supply. Answer: TRUE Diff: 1 Learning Obj.: 1 1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

9) It is common for companies to configure their systems to automatically issue purchase orders for purchase requisitions meeting certain criteria. Answer: TRUE Diff: 2 Learning Obj.: 1 10) An outline agreement contains line items. Answer: FALSE Diff: 2 Learning Obj.: 1 11) Invoice verification is responsible for the payment of invoices in ERP. Answer: FALSE Diff: 2 Learning Obj.: 1 12) In ERP, every module can access every master record. Answer: TRUE Diff: 2 Learning Obj.: 1 13) Goods movement can be either an internal or external event. Answer: TRUE Diff: 2 Learning Obj.: 1 14) Well-designed receiving procedures should call for an independent count of materials delivered and for the preparation of the receiving report. Answer: TRUE Diff: 2 Learning Obj.: 2 15) In the procurement business process it is not necessary to separate receiving from stores. Answer: FALSE Diff: 1 Learning Obj.: 2 16) Buyer-vendor relationships are more a matter of procedure than of policy. Answer: FALSE Diff: 2 Learning Obj.: 2 17) The imprest fund concept is primarily restricted to petty cash control. Answer: FALSE Diff: 1 Learning Obj.: 3 2 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

18) A voucher payable system encompasses all expenditures, including trade accounts, payroll, and capital expenditures. Answer: TRUE Diff: 2 Learning Obj.: 3 19) Vouchers themselves can take several forms, and the form of the voucher itself is not significant. Answer: TRUE Diff: 1 Learning Obj.: 3 20) When using a built-up voucher system, the account "Vouchers Payable" is used in addition to "Accounts Payable." Answer: FALSE Diff: 2 Learning Obj.: 3 21) In a negative timekeeping system only exceptions are recorded. Answer: TRUE Diff: 1 Learning Obj.: 4 22) The travel expense component of the ERP HR-PA does not support HR recruitment efforts. Answer: FALSE Diff: 2 Learning Obj.: 4 23) An "infotype" is a SAP term that denotes a collection of data fields that is grouped together for display. Answer: TRUE Diff: 2 Learning Obj.: 4 24) Payroll processing is one of the simplest procedures within a large organization. Answer: FALSE Diff: 1 Learning Obj.: 4 25) The individual who distributes paychecks should be independent of personnel, timekeeping, and the payroll department. Answer: TRUE Diff: 2 Learning Obj.: 4

26) The ERP system's "create" function adds a new blank infotype with a default validity date from "current date" to "end of time." Answer: TRUE Diff: 2 Learning Obj.: 4 27) In the ERP system a personnel event is a single HR infotype. Answer: FALSE Diff: 2 Learning Obj.: 4 28) One of the functions of the personnel department is the timekeeping function. Answer: FALSE Diff: 1 Learning Obj.: 5 29) Unemployment compensation laws are the same in all states, and all states participate in the federal-state unemployment insurance program. Answer: FALSE Diff: 2 Learning Obj.: 5 30) An employer is responsible for the full amount of federal payroll taxes even when he or she fails to withhold the appropriate contributions from employees. Answer: TRUE Diff: 2 Learning Obj.: 5 31) Because the procurement business process generates revenue amounts that are considered to be significant accounts, disclosures, and assertions on a company's income statement, risk assessment of the procurement business process is necessary for compliance with SarbanesOxley. Answer: FALSE Diff: 2 Learning Obj.: 2 32) The payroll business process is a subset of procurement and therefore, falls outside the control of Sarbanes-Oxley. Answer: FALSE Diff: 2 Learning Obj.: 5 33) Within the procurement business process, fundamental controls are based on a separation of function. Answer: TRUE Diff: 2 Learning Obj.: 2 4 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

34) Risk assessment for the payroll business process is required for compliance with SarbanesOxley. Answer: TRUE Diff: 2 Learning Obj.: 5 35) For the procurement business process, assessed risk must be clearly documented and controls selected for testing and evaluation. Answer: TRUE Diff: 2 Learning Obj.: 2 36) For the procurement business process, assessed risk is optional under Sarbanes-Oxley as long as a company's internal control system has been approved by external auditors. Answer: FALSE Diff: 2 Learning Obj.: 2 37) Once a purchase requisition is completed, it is electronically forwarded to a(n) ________ for approval. Answer: supervisor manager Diff: 2 Learning Obj.: 1 38) ________ documents are used in the selection of a vendor. Answer: Quotation Diff: 2 Learning Obj.: 1 39) The ________ ________ purchase order is issued to initiate a movement of goods between plants in a company. Answer: stock transport Diff: 2 Learning Obj.: 1 40) ERP Master Material records contain so much data that they are organized as ________. Answer: views Diff: 2 Learning Obj.: 1 41) Master records used only by purchasing in the ERP system are ________ ________ records. Answer: purchasing master Diff: 2 Learning Obj.: 1

42) Purchasing policies may require ________ ________, which is usually implemented through use of request-for-quotation documents. Answer: competitive bidding Diff: 2 Learning Obj.: 2 43) A voucher system is essentially a(n) ________ technique. Answer: review Diff: 2 Learning Obj.: 2 44) SAP ERP contains the ________ and the ________ HR modules. Answer: PA; PD PD; PA PA, PD PD, PA Diff: 1 Learning Obj.: 4 45) The most often used feature in the SAP ERP HR modules is the ________ ________ feature. Answer: time management Diff: 2 Learning Obj.: 4 46) In the ERP system there are ________ data structures which provide the basis for the storage and manipulation of data. Answer: three Diff: 2 Learning Obj.: 4 47) To make each infotype in the ERP system unique and to prevent overwriting when updating infotypes, ________ data is added to each infotype. Answer: validity Diff: 2 Learning Obj.: 4 48) The SAP ERP HR object code for the object Job is ________. Answer: C Diff: 2 Learning Obj.: 4 49) The rate of pay for an employee cannot be changed unless authorized by the ________ department. Answer: personnel Diff: 2 Learning Obj.: 5 6 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

50) In most states, unemployment compensation laws provide for taxes only on ________. Answer: employers Diff: 2 Learning Obj.: 5 51) The basic information about what the U.S. government requires with respect to payroll is outlined in the Internal Revenue Service's publication called ________ ________. Answer: Circular E Diff: 2 Learning Obj.: 5 52) Risk ________ for payroll, procurement, and customer order management business processes is required for compliance with Sarbanes-Oxley. Answer: assessment Diff: 2 Learning Obj.: 2, 5 53) For compliance with SOX, assessed risk for business processes must be clearly documented and ________ selected for testing and evaluation. Answer: controls Diff: 2 Learning Obj.: 2 54) Management and auditors must be concerned with evaluating the existence and functioning of controls as they are necessary to protect against the risk of ________ misstatements. Answer: material Diff: 2 Learning Obj.: 2 55) Risk ________ for payroll, procurement, and customer order management business processes is required for compliance with Sarbanes-Oxley A) control B) compliance C) assessment D) assertions Answer: C Diff: 2 Learning Obj.: 2, 5 56) For compliance with SOX, assessed risk for business processes must be clearly A) tested and reported to FASB. B) documented on form Circular E and submitted to the SEC. C) tested and checked for material irregularities. D) documented and controls selected for testing and evaluation. Answer: D Diff: 2 Learning Obj.: 2, 5 7 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

57) Management and auditors must be concerned with evaluating the existence and functioning of controls as they are necessary to protect against the risk of A) material misstatements. B) fraud. C) management misrepresentations. D) human errors. Answer: A Diff: 2 Learning Obj.: 2, 5 58) In the materials planning system, purchase requisitions can A) only be prepared electronically. B) only be prepared manually. C) be prepared either manually or electronically. D) Purchase requisitions are not part of the materials planning system. Answer: C Diff: 2 Learning Obj.: 2 59) The final step in the procurement process should be A) preparation of the purchase order. B) vendor payment. C) receipt of the goods. D) invoice verification. Answer: B Diff: 2 Learning Obj.: 2 60) A procurement document that is not available in ERP is the A) quotation. B) contract. C) scheduling agreement. D) invoice. Answer: D Diff: 1 Learning Obj.: 1 61) ERP can check to see whether a contract exists with a vendor to fill the requirements of a purchase requisition. If no vendor is available, ERP will A) prepare a request for quotation. B) prepare a quotation. C) select an appropriate vendor. D) issue a warning diagnostic to the user about the situation. Answer: A Diff: 2 Learning Obj.: 1 8 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

62) In the SAP ERP system, an outline agreement with a vendor is basically a A) request for a quotation. B) contract. C) purchase order. D) purchase requisition. Answer: B Diff: 2 Learning Obj.: 1 63) How does ERP's materials management module assist in vendor selection? A) It links the quotation documents with the requisition. B) It downloads product information from the vendor's system. C) It provides a 100-point scoring system to evaluate vendors. D) It sends rejection letters to vendors whose bids are not accepted. Answer: C Diff: 2 Learning Obj.: 1 64) A document which identifies a vendor and confirms the quantity and price of goods identified in it is called a(n) A) purchase requisition. B) outline agreement. C) purchase order. D) scheduling agreement. Answer: C Diff: 2 Learning Obj.: 1 65) The type of purchase order a vendor receives when the vendor must receive and assemble parts into an end product is known as a A) third-party purchase order. B) standard purchase order. C) stock transport purchase order. D) subcontract purchase order. Answer: D Diff: 2 Learning Obj.: 1 66) An outline agreement detailing the total quantity of material to be ordered over a period of time is a A) quantity contract. B) value contract. C) scheduling agreement. D) subcontract. Answer: A Diff: 2 Learning Obj.: 1 9 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

67) A purchase order prepared under an existing contract or scheduling agreement is called a A) consignment purchase order. B) stock transport purchase order. C) standard purchase order. D) release order. Answer: D Diff: 2 Learning Obj.: 1 68) Goods receipt documents can be prepared in several ways. Which way below would not be used when preparing a goods receipt document? A) By the Inventory Management system B) By allowing accounts payable to prepare the document C) By reference to the purchase order D) Posting the goods receipt document into quality inspection Answer: B Diff: 2 Learning Obj.: 1 69) In ERP, the invoice verification component ensures that A) cost requirements have been met. B) quantity requirements have been met. C) shipping deadlines have been met. D) Answers A and B are correct. Answer: D Diff: 2 Learning Obj.: 1 70) The ERP system compares which of the following documents in its invoice verification procedure? A) Purchase order and goods receipt document B) Goods receipt document, invoice, and requisition C) Goods receipt document, invoice, purchase order, and requisition D) Goods receipt document, invoice, and purchase order Answer: D Diff: 2 Learning Obj.: 1 71) Vendor payment is typically made A) when an authorized order is placed. B) once an invoice is posted. C) when a goods receipt document is prepared. D) when a purchase requisition has been approved. Answer: B Diff: 2 Learning Obj.: 1 10 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

72) In ERP, master records are created that reflect the organization structure and business processes of the company. Company, plant, and storage locations are known in ERP as A) objects. B) organizations. C) targets. D) entities. Answer: A Diff: 1 Learning Obj.: 1 73) A code is not used in ERP master records to identify a(n) A) plant. B) accounting unit. C) specific invoice. D) purchasing organization. Answer: C Diff: 2 Learning Obj.: 1 74) The Materials Management module of ERP maintains vendor master data. Users in different departments can update these records as necessary. There are several categories of information maintained in vendor master records. Which category of data below is not maintained in the vendor master records? A) General data such as name, address, and telephone B) Purchasing data such as quotations, invoice verification, or inventory control C) Object data such as an organization accounting unit D) Company code (accounting data) defines agreed payment terms and sub-ledger reconciliation account number Answer: C Diff: 3 Learning Obj.: 1 75) The ERP master records that has a hierarchical structure is the A) material master record. B) vendor master record. C) object master record. D) purchasing information master record. Answer: A Diff: 2 Learning Obj.: 1

76) The specific component of ERP which allows a user to check goods movement and manage inventory stocks is the A) materials management module. B) inventory management module. C) vendor master record. D) material master record. Answer: B Diff: 3 Learning Obj.: 1 77) The department or function that is responsible for selecting a vendor to order materials from is A) purchasing. B) individual departments requesting the material. C) requisitioning (stores). D) sales. Answer: A Diff: 1 Learning Obj.: 1 78) Which of the following accesses the purchase order database during the processing of a purchase order? A) General ledger and accounts payable B) Accounts payable, stores, and the receiving department C) Receiving department, stores, and the general ledger D) Accounts payable, stores and the general ledger Answer: B Diff: 2 Learning Obj.: 1 79) Which of the following normally receives a copy of the purchase requisition? A) Vendor B) Stores C) Purchasing D) Receiving department Answer: C Diff: 2 Learning Obj.: 1

80) Which of the following reviews and approves the purchase order prior to its further processing? A) Stores B) Receiving C) Internal audit D) The requesting department Answer: D Diff: 2 Learning Obj.: 2 81) To do a blind count, the receiving department A) should receive a copy of the purchase order with the quantities omitted. B) should not receive a copy of the purchase requisition. C) should not receive a copy of the purchase order. D) should prepare the receiving report only after the count is completed. Answer: A Diff: 2 Learning Obj.: 2 82) The documents which accounts payable should use to verify a purchase transaction are A) purchase requisition, receiving report, and invoice. B) receiving report and purchase order. C) invoice, purchase requisition, and purchase order. D) purchase requisition, invoice, receiving report, and purchase order. Answer: D Diff: 2 Learning Obj.: 2 83) With respect to the segregation of duties, the main function of cash disbursements is A) custody of assets. B) authorization. C) reconciliation. D) recording of transactions. Answer: A Diff: 2 Learning Obj.: 2 84) The best way to prevent improper buyer-vendor relationships is to A) separate the purchasing and receiving functions. B) have formal written policies and procedures over procurement. C) have cash disbursements report to the treasurer. D) permit only purchasing supervisors to select vendors. Answer: B Diff: 2 Learning Obj.: 2

85) Among the following pair of functions, which pair represents the most serious internal control weakness when the duties are performed by the same individual? A) Purchasing and verification of vendor invoices B) Check signing and cancellation of voucher documentation C) Cash disbursement and verification of vendor invoices D) Physical handling of incoming merchandise and preparation of receiving reports Answer: C Diff: 3 Learning Obj.: 2 86) The key to the success of the attribute rating approach to vendor selection is A) attributes must be identified and listed. B) a weight must be assigned to each identified attribute. C) individual evaluators should rank attributes independently of each other. D) attribute numerical rankings should be multiplied by their appropriate weights. Answer: C Diff: 3 Learning Obj.: 2 87) Vendors found on a company's approved vendor list should possess the attribute(s) of A) financial soundness. B) reliability. C) no conflicts of interest. D) An approved vendor should possess all of these attributes. Answer: D Diff: 2 Learning Obj.: 2 88) Which of the following is not a major control feature of the cash disbursements business process? A) Use of a voucher system B) Use of an imprest fund C) An independent bank reconciliation D) Separation of approval from actual payment Answer: B Diff: 3 Learning Obj.: 3 89) The function responsible for forwarding voucher checks directly to payees is A) cash disbursements. B) accounts payable. C) internal audit. D) purchasing. Answer: A Diff: 1 Learning Obj.: 3 14 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

90) The function responsible for reconciling the bank account upon which voucher checks are drawn is A) cash disbursements. B) accounts payable. C) internal audit. D) purchasing. Answer: C Diff: 1 Learning Obj.: 3 91) The greatest amount of internal and business process control in the cash disbursements process comes from A) the signing of voucher checks by an authorized party. B) the prenumbering of vouchers and voucher checks. C) the accounts payable function. D) a final review of transaction documents prior to the authorization of payment. Answer: D Diff: 3 Learning Obj.: 3 92) The primary objective of a voucher system is to A) sign checks. B) review cash payments. C) record liabilities. D) reconcile the vendor subsidiary ledger to the control account. Answer: B Diff: 2 Learning Obj.: 3 93) Which one of the following identifies the necessary information to maintain a built-up voucher system? A) All approved invoices awaiting payment, paid invoices, and the vendor subsidiary ledger B) All approved invoices awaiting payment C) All paid and unpaid invoices D) A vendor subsidiary ledger and paid invoice file Answer: A Diff: 3 Learning Obj.: 3

94) SAP ERP contains more than one human resource module. The module that incorporates organizational structure represented as an administrative hierarchy composed of units is A) time management. B) personnel planning and development. C) payroll. D) personnel administration. Answer: B Diff: 2 Learning Obj.: 4 95) A timekeeping system in which all employee attendance and absence information is maintained is A) comprehensive time management. B) negative timekeeping system. C) positive timekeeping system. D) complex timekeeping system. Answer: C Diff: 1 Learning Obj.: 4 96) In the ERP HR modules, several infotypes for the same object can exist at the same time, but only one infotype for the object is valid. In such a case, the other infotypes are referred to as A) delimited. B) invalid. C) archived. D) parents. Answer: A Diff: 2 Learning Obj.: 4 97) In the ERP system, which one of the following is an "infotype"? A) Hiring B) Leaving employment C) Changing jobs D) Employee personnel data Answer: D Diff: 2 Learning Obj.: 4

98) In ERP, human resource object types are identified with a one or two letter identifier. The code for the object Employee is A) E. B) EE. C) P. D) W. Answer: C Diff: 3 Learning Obj.: 4 99) The department responsible for authorizing employee pay deductions is the A) payroll department. B) personnel department. C) independent paymaster. D) production department (for factory workers). Answer: B Diff: 1 Learning Obj.: 4 100) The department responsible for collecting and maintaining time cards and reconciling these to job time summary tickets is the A) timekeeping department. B) payroll department. C) personnel department. D) production department (for factory workers). Answer: A Diff: 1 Learning Obj.: 4 101) The department responsible for the actual computation and preparation of payroll is the A) accounts payable department. B) payroll department. C) personnel department. D) production department (for factory workers). Answer: B Diff: 1 Learning Obj.: 4 102) Which of the following should not have access to signed paychecks? A) Payroll and personnel B) Cash disbursement, personnel, and timekeeping C) Personnel, payroll, and timekeeping D) Cash disbursement, personnel, and bookkeeping Answer: C Diff: 2 Learning Obj.: 5 17 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

103) Which one of the following represents a weakness in internal control regarding the human resources area? A) The payroll staff distributes paychecks to employees in other departments. B) The payroll department supervisor makes decisions regarding the hiring of payroll department employees. C) The supervisors of all departments are responsible for initiating requests for salary increases for their subordinate employees. D) Supervisors are responsible for reviewing and approving time reports of their subordinate employees. Answer: A Diff: 3 Learning Obj.: 5 104) The federal tax which requires that employees and employers contribute equally for old age, survivors', disability, and hospital insurance benefits is A) federal unemployment tax. B) federal income tax. C) workers' compensation. D) social security tax. Answer: D Diff: 2 Learning Obj.: 5 105) Employers engaged in interstate commerce are required by law to pay overtime at a minimum of one and one-half times the regular rate for hours worked in excess of 40 per week. The law that requires this is called the A) Fair Labor Standards Act (FLSA). B) Federal Unemployment Tax Act (FUTA). C) Federal Income Tax Act (FITA). D) Federal Insurance Contributions Act (FICA). Answer: A Diff: 2 Learning Obj.: 5 106) Various payroll forms and reports must be submitted to federal and state entities by certain deadlines. The federal form which is not due on or before January 31 of each year is the A) Form W-2. B) Form W-3. C) Form 941. D) Form 1099-MISC. Answer: B Diff: 3 Learning Obj.: 5

107) Form 941 is filed to report federal income and social security taxes withheld from employees. It is filed A) weekly. B) monthly. C) quarterly. D) annually. Answer: C Diff: 2 Learning Obj.: 5 108) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Purchase requisition ________ 2. Procurement ________ 3. Approved vendor list ________ 4. Blind count ________ 5. Purchase order ________ 6. Attribute rating ________ 7. Request for quotation ________ 8. Receiving report ________ 9. Invoice verification ________ 10. Voucher package A. Counters in receiving do not have access to quantities shown on purchase orders. B. Document used to request a purchase C. A summary of vendors approved for use by the purchasing function D. A collection of documents that are reviewed and approved to authorize a transaction E. An approach to vendor selection which identifies, lists, and evaluates several different aspects concerning a vendor F. Prepared to document the receipt of deliveries from vendors G. The document issued to a vendor to initiate a purchase H. The business process of selecting a source, ordering, and acquiring goods or services I. The review of purchasing documentation prior to authorizing payment to vendors J. Documents used to request competitive bids from vendors Answer: 1. B, 2. H, 3. C, 4. A, 5. G, 6. E, . J, 8. F, 9. I, 10. D Diff: 2 Learning Obj.: 1

109) The following ten paragraphs describe control weaknesses in customer order and account management business processes. Listed below are ten controls that may help regulate the weaknesses: A. Separation of payroll and personnel departments B. Independent paymaster to distribute paychecks C. Imprest payroll bank account D. Vendor selected by purchasing department E. Timekeeping department reconciles time cards to job time summaries F. Requisition form prepared by requestor G. Receiving report signed by stores H. Vendor list approved independent of purchasing I. Purchase order copy sent to accounts payable J. Receiving report copy sent to accounts payable Required: In the blank next to each number, list one capital letter representing the best control to address the system weakness. You will use each letter only once. 1. ________ Rattlesnake Wire Company's purchasing manager selected his brother-in-law as a vendor and received a kickback for providing the business. 2. ________ Blazing Saddles Corporation ordered goods that receiving personnel stole. Receiving prepared a receiving report and sent it to accounts payable. The company unknowingly paid for the stolen goods. 3. ________ The production manager at Ghost Manufacturing Company told the payroll department he had hired a new employee. On payday, the paymaster could not find the employee and upon investigation, found that the employee did not exist. 4. ________ Price Company's purchasing department ordered goods requested by the maintenance department by phone. When the goods arrived, the maintenance department claimed that the goods were of such poor quality they could not be used. 5. ________ Connecticut Yankee Manufacturing Company ordered goods that were never received. The company, as a matter of standard policy, paid the invoice. 6. ________ Southern Star Manufacturing Company's payroll department routinely distributed paychecks on payday. The payroll supervisor suddenly quit her job. On the next payday, the payroll department could not find employees to claim two paychecks. 7. ________ Panhandle Products Company cannot easily identify vendors, and consistently selects vendors whose goods are overpriced and whose delivery schedules are too slow for Panhandle's needs. 8. ________ Lone Star Production Company received goods that were never ordered. The company paid the invoice. 20 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

9. ________ Half Moon Manufacturing Company's production manager is unsure that the second shift employees are working all hours reported on the job time tickets. 10. ________ The internal auditor of Eastern Overboard Company prepares the bank reconciliation. He has difficulty managing the large number of outstanding checks at month-end in the bank reconciliation. Most of the outstanding checks are employee paychecks. Answer: 1. H, 2. G, 3. A, 4. F, 5. J, 6. B, 7. D, 8. I, 9. E, 10. C Diff: 3 Learning Obj.: 2, 3, 5

110) The following ten items describe positions or departments related to procurement and human resource business processes. Listed below are ten positions or departments: A. Cash disbursements B. Paymaster C. Purchasing D. Receiving E. Accounts Payable F. Payroll G. Personnel H. Timekeeping I. Internal audit J. Stores Required: Next to each number, write the letter of the answer representing the department or position described. ________ 1. Has authority to request the purchase of needed items ________ 2. Prepares a control total of checks paid and sends it to general ledger ________ 3. Reconciles bank statements ________ 4. Performs final matching of documents to authorize payments ________ 5. Computes gross pay, deductions, and net pay ________ 6. Counts and inspects incoming goods ________ 7. Has responsibility for distributing employee payroll checks ________ 8. Maintains clock cards and reconciles them to job time summary sheets ________ 9. Authorizes new employees and their pay rates and payroll deductions ________ 10. Frequently uses request-for-quotation forms to obtain bids Answer: 1. J, 2. A, 3. I, 4. E, 5. F, 6. D, 7. B, 8. H, 9. G, 10. C Diff: 2 Learning Obj.: 1, 4

111) Below are the documents commonly encountered in a procurement business process: a. Purchase requisition b. Purchase order c. Receiving report d. Payment voucher Required: For each document, (1) state where it originated, and (2) give the entity or entities (e.g., other departments or parties) which would most likely receive a copy of the document or that should access it in a database. Answer: (1) (2) Document Origin Copies to or accessed by: a. Purchase requisition

Stores

Purchasing, accounts payable

b. Purchase order

Purchasing

Vendor, stores, accounts payable, receiving

c. Receiving report

Receiving

Stores, accounts payable

d. Payment voucher Diff: 2 Learning Obj.: 1

Accounts payable

Cash disbursements

112) Below are three procedures that violate common internal control guidelines over the purchasing function: a. The company has never established any written policies regarding conflicts of interest for its buyers. b. The company's buyers are allowed to select suppliers without submitting a list of bidders for review. c. The same buyers who ask suppliers to submit requests for quotations receive the suppliers' bids directly from the mailroom. Required: For each procedure, state one problem that could arise because of the failure to follow common guidelines in the purchasing function. Answer: Problems that could arise under each condition include: a. 1. Management may not be aware of the buyer-supplier relationship that results in excessive purchase costs or inferior quality goods. 2. If the policies are informal (not written), the buyers may not know about them. 3. Buyers who are aware of informal policies may nonetheless deny knowledge of them if confronted with evidence of inappropriate activities. b. 1. Buyers may ask only favored suppliers to bid on orders. 2. Low-cost suppliers may be excluded from the bidding process. c. Buyers may discard bids from bidders they consider unacceptable. Diff: 3 Learning Obj.: 2

113) The following is a description of the payroll procedures for Cherokee Custom Crafters, a small company that customizes vans and RVs according to customers' specifications: The payroll department prepares a time card for each employee on the payroll every Monday and leaves the time cards in a box near the entrance to the factory. Workers fill in their time daily. A payroll clerk picks up the time cards the following Monday when dropping off the new time cards. The payroll clerk then inputs the number of hours for each employee into the computer. The payroll application calculates gross pay, deductions, and net pay, and prints a payroll register. Payroll checks are prepared manually by the payroll clerk and signed by the chief accountant, who takes them to the factory supervisor. The factory supervisor distributes the checks. The chief accountant prepares the monthly reconciliation of the payroll bank accounts. Required: List five recommendations for improving Cherokee Custom Crafters' internal controls over its payroll function. Answer: Some recommendations for internal controls over payroll are: • A time clock or software should be used which requires factory employees to clock in and out. The time clock should be placed so that the factory supervisor or other responsible party can observe employees clocking in and out. • The factory supervisor should review time cards daily, and at the end of the week should sign the time cards before the payroll clerk picks them up. • The factory supervisor should compare the time cards with the job cost sheets for consistency before signing. The chief accountant should perform an independent review of the time cards and the job cost sheets. (As an alternative, Cherokee Custom Crafters could hire a timekeeper to collect time cards and reconcile them to the job cost sheet.) • The factory supervisor should prepare control totals of the total number of time cards and the total number of hours for later comparison with the payroll register. (Or, the timekeeper could prepare these control totals for the chief accountant.) • The chief accountant should compare the payroll register with the control totals each payday. • The company's treasurer should sign the payroll checks. A paymaster or an employee other than the payroll clerk, the chief accountant, and the factory supervisor should distribute the checks. • If the chief accountant signs and distributes the checks, he or she should not be responsible for reconciling the payroll bank account. Ideally, a party with no related responsibilities should prepare the bank reconciliation. • Occasionally, an officer of the company should witness the distribution of the paychecks on a surprise basis. Diff: 3 Learning Obj.: 5

114) Name four federal acts or types of taxes that relate to payroll, and briefly discuss the main provision of each. Answer: Suggested answer: • The Federal Insurance Contributions Act (FICA): requires employers and employees to contribute equally to provide for old age, survivors, disability, and hospital insurance benefits. • The Federal Unemployment Tax Act (FUTA): requires payroll taxes to be paid by employers to fund federal unemployment insurance programs. • Federal Internal Revenue Code (federal income taxes): requires the taxation of employee earnings and requires employers to withhold required amounts. • Federal Fair Labor Standards Act: defines overtime and requires payment of overtime rates under certain circumstances. Diff: 2 Learning Obj.: 5 115) Discuss the employer's requirements for FICA tax, including the procedures for deposit, penalties for failure to deposit, the form used to report the tax, and the due dates of the form. Answer: Suggested answer: An employer is required by law to deduct FICA tax from each employee's pay each pay period. The employer is also required to match the employee's deducted amounts and deposit the total in a bank serving as a government depository. The employer is responsible for the total amount of tax even if the employer fails to withhold it from employees. A penalty is charged to the employer if it fails, without reasonable cause, to make timely deposits. Employers who claim on the federal form to have made tax deposits when in fact they have not made them are subject to criminal penalties. Employers must file Form 941 at the end of each calendar quarter to report federal income tax withheld and FICA tax for all employees. Diff: 2 Learning Obj.: 5

116) Discuss why the buyer-vendor relationship is the most critical point of control in the procurement business process, and describe two procedures that can improve control in the buyer-vendor relationship. Answer: Suggested answer: The buyer-vendor relationship is the most critical point of control in procurement because it exists in every purchase transaction. The goal of the procurement process should be to obtain the most appropriate goods at the best price, but faulty buyer-vendor relationships can quickly result in companies paying too much for goods or ordering improper goods. In addition, buyers can illegally profit through vendor kickbacks. A company should have a formal written policy regarding vendor relationships that is communicated to the buyers and strongly supported by management. Requiring bids through request-for-quotation documents is one way of obtaining the most appropriate goods at the best price. The company can rotate buyers' responsibilities so they are not always dealing with the same vendors. A party, who is independent of the purchasing function, can prepare an approved vendor list containing vendors who have been found reliable, financially sound, and free of conflicts of interest. Diff: 2 Learning Obj.: 2 117) When goods arrive at a company's location, what are the ways a receiving report (goods receipt document) can be prepared in SAP ERP's procurement business process? Answer: Suggested answer: The goods receipt document can be prepared through SAP ERP's inventory management system when the goods are delivered to stores. A second way to prepare the goods receipt document is through reference to the purchase order (after the goods have been received, counted, and verified). The data on the purchase order is used to complete the goods receipt, and the purchase order receives data that the goods have arrived. A third way to prepare the goods receipt is through a quality inspection procedure. SAP ERP transfers accepted goods from quality inspection to available inventory. Diff: 2 Learning Obj.: 1 118) Explain the difference in a voucher system between recording invoices when they are approved for payment versus recording invoices when paid. Answer: Suggested answer: Invoices recorded when approved result in an accrual of liabilities. A formal record of liabilities exists until the invoices are paid. Invoices recorded when paid bypass being recorded as liabilities, since the accounts payable general ledger account is simultaneously debited and credited. Recording invoices when paid does not create any complexity in record keeping, but invoices recorded when approved must be sorted again by due date for payment purposes. Diff: 2 Learning Obj.: 2

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 10 The Production Business Process 1) Costs in job or processing costing may be either actual or standard costs. Answer: TRUE Diff: 1 Learning Obj.: 1 2) Detailed material specifications for a product are recorded on a bill-of-materials. Answer: FALSE Diff: 2 Learning Obj.: 1 3) Factor availability reports communicate the availability of labor and machine resources for use in production. Answer: TRUE Diff: 2 Learning Obj.: 1 4) Sales forecasts are generally unrelated to the amount of a product held in inventory. Answer: FALSE Diff: 2 Learning Obj.: 1 5) An important internal control function is the reconciliation of time cards to production labor reports. Answer: TRUE Diff: 2 Learning Obj.: 1 6) Reorder point is calculated as the purchasing cost per order multiplied by the average inventory usage rate. Answer: FALSE Diff: 2 Learning Obj.: 1 7) The best sources of information necessary to calculate an EOQ are prior purchase orders. Answer: FALSE Diff: 2 Learning Obj.: 1 8) The perpetual inventory method is a term used to describe a system in which parts are produced only as they are required in subsequent operations. Answer: FALSE Diff: 2 Learning Obj.: 1 1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

9) Fixed assets are often the company's largest investment. Answer: TRUE Diff: 2 Learning Obj.: 2 10) Automated drafting software is part of a CAM system. Answer: FALSE Diff: 1 Learning Obj.: 3 11) Industrial robots are used to move material, parts, tools, or specialized devices through variable programmed motions for the performance of a variety of tasks. Answer: TRUE Diff: 1 Learning Obj.: 3 12) CAM systems are used to collect and process data from programmable manufacturing processes to provide decision support. Answer: TRUE Diff: 2 Learning Obj.: 3 13) Systems that incorporate programmable production processes that can be quickly reconfigured to produce different types of products are called ZIPS. Answer: FALSE Diff: 2 Learning Obj.: 3 14) FMS greatly speeds up time-consuming retooling. Answer: TRUE Diff: 2 Learning Obj.: 3 15) The "heart" of the MRP II system is the MRP system. Answer: TRUE Diff: 1 Learning Obj.: 4 16) The value of a typical EDI system is that vendor and customer are linked electronically. Answer: TRUE Diff: 2 Learning Obj.: 4

17) Bar code is an automatic identification technology that uses low power radio waves to send and receive data between RFID tags and readers. Answer: FALSE Diff: 2 Learning Obj.: 4 18) A finished goods status report is sent to production planning from the stores department. Answer: FALSE Diff: 2 Learning Obj.: 1 19) The master-operations file is one of the data sources integrated with others in the productionplanning application program. Answer: TRUE Diff: 2 Learning Obj.: 1 20) The central feature of the cost accounting application is updating of the production-loading file. Answer: FALSE Diff: 2 Learning Obj.: 1 21) The cost accounting application program processes the production data and production-status files. Answer: TRUE Diff: 2 Learning Obj.: 1 22) Outputs of a cost accounting program are job time and machine time tickets. Answer: FALSE Diff: 2 Learning Obj.: 1 23) The term applied overhead refers to the element of direct labor hours or cost used in the CIM environment. Answer: FALSE Diff: 2 Learning Obj.: 5 24) Activity-based costing calculates a single overhead rate for each different manufacturing activity. Answer: FALSE Diff: 2 Learning Obj.: 5

25) Production volume is one way to measure a cost driver. Answer: TRUE Diff: 1 Learning Obj.: 5 26) The significance of activity-based costing as a management tools depends largely on the accuracy of the cost drivers selected as allocation bases. Answer: TRUE Diff: 2 Learning Obj.: 5 27) The MRP II systems extends MRP in production order processing by including the creation of transaction files and numerical control tapes for the plant floor. Answer: TRUE Diff: 2 Learning Obj.: 4 28) There are seven major processing modules in MRP II. Answer: FALSE Diff: 1 Learning Obj.: 4 29) In MRP II, batch size is determined from the production-planning module. Answer: TRUE Diff: 2 Learning Obj.: 4 30) As a manufacturer moves from a batch to at JIT continuous flow manufacturing environment, more emphasis may be placed on an MRP II system. Answer: FALSE Diff: 2 Learning Obj.: 4 31) Lean production is a concept based on the concept that inventory is a waste. Answer: TRUE Diff: 2 Learning Obj.: 1 32) Lean production is an inventory system in which parts are stored when there is evidence of a stock out. Answer: FALSE Diff: 2 Learning Obj.: 1

33) Lean production is a production system in which parts are produced only as they are required in subsequent operations. Answer: TRUE Diff: 2 Learning Obj.: 1 34) RFID stands for radio-frequency inventory documentation. Answer: FALSE Diff: 2 Learning Obj.: 4 35) Radio-frequency identification is an automatic identification technology that uses low power radio waves to send and receive data between RFID tags and readers. Answer: TRUE Diff: 2 Learning Obj.: 4 36) RFID tagging is more popular than bar coding in inventory management systems because they are cheaper and have a lower error rate. Answer: FALSE Diff: 2 Learning Obj.: 4 37) EAN-13 is a bar coding standard which is a superset of the original 12-digit UPC system. Answer: TRUE Diff: 2 Learning Obj.: 4 38) GS1 is a global organization dedicated to the design and implementation of global standards and which is the creator of EAN-13. Answer: TRUE Diff: 2 Learning Obj.: 4 39) GTIN is the Global Trade Item Number which is an identifier for trade items developed by GS1. Answer: TRUE Diff: 2 Learning Obj.: 4 40) A GTIN can be 8-14 digits long and can be constructed using several number structures. Answer: FALSE Diff: 2 Learning Obj.: 4

41) The procedure in which costs are compiled in process or department accounts by periods is called ________ costing. Answer: process Diff: 1 Learning Obj.: 1 42) A document that details the resources available in stock for use in production is the ________ ________ report. Answer: inventory status Diff: 2 Learning Obj.: 1 43) A document detailing the work completed on individual orders as they move through the manufacturing process is the ________ ________ report. Answer: production status Diff: 2 Learning Obj.: 1 44) An out-of-stock condition may occur if the ________ ________ is not known for a particular inventory item. Answer: reorder point Diff: 2 Learning Obj.: 1 45) Systems that include software for defining the manufacturing process or tools to increase productivity are known as ________ systems. Answer: CAM Diff: 2 Learning Obj.: 3 46) The ________ in MRP is used comprehensively to include all types of inventories. Answer: "M" Diff: 2 Learning Obj.: 4 47) In the production-planning application system, ________ contain information about the work center, length of time, and tooling required to perform each task. Answer: routings RTGs Diff: 2 Learning Obj.: 5 48) There are ________ major elements that enter into the cost of manufacturing a product. Answer: three Diff: 2 Learning Obj.: 5 6 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

49) To assist in the overall production-control function, ________ ________ reports are distributed to department supervisors. Answer: resource usage Diff: 2 Learning Obj.: 5 50) CIM significantly alters a manufacturer's cost behavior patterns by substituting ________ ________ for direct labor. Answer: capital equipment Diff: 2 Learning Obj.: 5 51) An element that influences the total cost of an activity is a(n) ________ ________. Answer: cost driver Diff: 2 Learning Obj.: 5 52) In MRP II, the production ________ control module is used to implement the production plan and to reduce delays and waiting time by monitoring feedback and production and shop floor status data. Answer: activity Diff: 2 Learning Obj.: 4 53) In contrast to a(n) ________ environment, there is no advance scheduling in a(n) ________ environment. Answer: batch; JIT batch; just-in-time batch, JIT batch, just-in-time Diff: 2 Learning Obj.: 4 54) Systems ________ is "mission critical" in quick response manufacturing systems. Answer: development Diff: 2 Learning Obj.: 5 55) ________ ________ is a concept based on the idea that inventory is a waste. Answer: Lean production Diff: 2 Learning Obj.: 1 56) ________ ________ scanners require a direct line of sight in order to function. Answer: Bar code Diff: 2 Learning Obj.: 4 7 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

57) ________ ________ in RFID eliminate the need for direct line of sight to the RFID tag. Answer: Radio signals Diff: 2 Learning Obj.: 4 58) EAN-13 is a(n) ________ coding standard which is a superset of the original 12-digit UPC system. Answer: bar Diff: 2 Learning Obj.: 4 59) GTIN is an identifier used to look up product information in a(n) ________ like UPCs. Answer: database Diff: 2 Learning Obj.: 4 60) A production system in which parts are produced only as they are required in a subsequent operation is known as A) periodic production. B) green production. C) lean production. D) push production. Answer: C Diff: 2 Learning Obj.: 1 61) Radio-frequency identification is an automatic identification technology that uses A) high frequency radio waves to send and receive data between RFID tags and readers. B) low power radio waves to send and receive data between RFID tags and readers. C) bar codes to eliminate the need for direct line of sight to the RFID tags. D) radio waves to send and receive data between bar coded tags. Answer: B Diff: 2 Learning Obj.: 4 62) The following are reasons RFID tags are not widely used except A) RFID is more costly that printed bar codes. B) there is a much higher error rate in RFID than in scanning printed bar codes. C) RFID cannot be used in lean manufacturing. D) All of the above are reasons RFID tags are not widely used. Answer: C Diff: 2 Learning Obj.: 4

63) ________ is a bar coding standard which is a superset of the original 12-digit UPC system. A) RFID-12 B) GS1-12 C) GTIN-13 D) EAN-13 Answer: D Diff: 2 Learning Obj.: 4 64) GTIN stands for A) Global Trade Item Number. B) Global Tracking Item Number. C) Global Tracking Identifying Number. D) Global Trade Identifying Number. Answer: A Diff: 2 Learning Obj.: 4 65) GTIN is an identifier used to look up product information in A) GS1 tables. B) Web-based list structures. C) databases. D) eBXML. Answer: C Diff: 2 Learning Obj.: 4 66) Which of the following controls is not a typical function found in the production business process of manufacturing firms? A) Cost accounting B) Production control C) Property accounting D) Capital expenditure review and authorization Answer: D Diff: 1 Learning Obj.: 2 67) Which inventory control is the most critical in the production business process? A) Separation of functions B) Maintaining basic records and documentation C) Periodic physical counts and tests against independent records D) All of these controls are critical to inventory control in the production business process. Answer: D Diff: 2 Learning Obj.: 1

68) The document which specifies detailed labor operations, their sequencing, and their related machine requirements is A) the bill of materials. B) the master operations list. C) either the bill of materials or master operations list. D) the product specification and design abstract. Answer: C Diff: 2 Learning Obj.: 1 69) Several factors are integrated when determining what products should be manufactured. The factor which is predominantly driven by influences external to the production business process is A) product requirements. B) demand for the product. C) production resources available to the firm. D) Answers A and C are correct. Answer: B Diff: 2 Learning Obj.: 1 70) The document which gives authorization to the production department to manufacture a product is a A) production order. B) materials requisition. C) purchase order. D) sales forecast. Answer: A Diff: 2 Learning Obj.: 1 71) The source for the item and quantity information shown on a materials requisition is the A) bill of lading. B) bill of materials. C) inventory status report. D) factor availability report. Answer: B Diff: 2 Learning Obj.: 1

72) The department that receives copies of materials requisitions from both the inventory control function and the production department is A) accounting. B) sales. C) accounts payable. D) purchasing. Answer: A Diff: 2 Learning Obj.: 1 73) The document used by the cost accounting function to establish a WIP record for each job is the A) sales forecast. B) production order. C) materials requisition. D) job time card. Answer: B Diff: 2 Learning Obj.: 1 74) Which document is not updated when a manufacturing order is complete and goods are transferred to stores? A) Production order B) WIP record C) Finished goods inventory records D) Materials requisition Answer: D Diff: 3 Learning Obj.: 1 75) The general formula for calculating the inventory reorder point is A) average inventory usage rate multiplied by lead time. B) economic order quantity less average inventory usage rate. C) lead time multiplied by economic order quantity. D) lead time multiplied by average inventory turnover rate. Answer: A Diff: 2 Learning Obj.: 1

76) A manufacturing company wants to know the optimal amount to order of part number 45612. It should gather appropriate inventory information about the part and then calculate the part's A) inventory usage rate. B) lead time. C) economic order quantity. D) reorder point. Answer: C Diff: 1 Learning Obj.: 1 77) Calculation of the reorder point requires knowledge of A) the economic order quantity multiplied by the average usage rate. B) the time from the issuance of a purchase order until the order is received. C) the average time from the issuance of a purchase order until the economic order quantity occurs. D) the minimum inventory usage rate. Answer: B Diff: 2 Learning Obj.: 1 78) Which is the best way for a company to prevent having outdated inventory on hand? A) Store inventory securely B) Classify inventory according to location in the company's records C) Evaluate inventory turnover D) Write down the inventory balance when a warehouse employee finds outdated inventory Answer: C Diff: 2 Learning Obj.: 1 79) Which of the following is not a concern regarding the storage and handling of inventory items? A) Price paid per unit B) Protection against damage or spoilage C) Avoidance of obsolescence D) Security against embezzlement Answer: A Diff: 2 Learning Obj.: 1 80) Control over inventory includes A) storing. B) handling. C) spoilage. D) Answer A and B are correct. Answer: D Diff: 2 Learning Obj.: 1 12 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

81) Inventories serve as a buffer between different operations in a A) just-in-time production system. B) materials as needed system. C) perpetual inventory system. D) Answers A and B are correct. Answer: D Diff: 2 Learning Obj.: 1 82) Which of the following objectives in a property accounting application system relates to the process of periodic comparison of physical assets with the accounting records? A) Provide for appropriate depreciation and/or amortization calculations B) Maintain adequate records that identify assets with description, cost, and physical location C) Provide for reevaluation for insurance and replacement cost purposes D) Provide management with reports for planning and controlling individual asset items Answer: B Diff: 2 Learning Obj.: 2 83) The file or record that is essentially a subsidiary ledger for tangible assets, such as land, buildings, machinery, and equipment, is the A) fixed assets register. B) fixed assets control ledger. C) property master ledger. D) property control ledger. Answer: A Diff: 1 Learning Obj.: 2 84) Which of the following is the best internal control over fixed assets? A) Analyze monthly variances between authorized and actual expenditures. B) Establish a written company policy distinguishing between capital and revenue expenditures. C) Require acquisitions to be authorized by user departments. D) Use a budget to control acquisitions and retirements. Answer: A Diff: 3 Learning Obj.: 1

85) Which of the following is the best internal control over disposals of fixed assets? A) Periodically analyze the scrap sales revenue and the repairs and maintenance expense accounts. B) Periodically compare removal work orders and disposal authorization. C) Separate the duties of the official authorizing a disposal and the official approving removal work orders. D) Use serial numbers to identify fixed assets that could be sold. Answer: C Diff: 3 Learning Obj.: 2 86) The employee who is responsible for the custody of investments should A) authorize the purchase of additional investments. B) maintain the investment register. C) open the safety deposit or depository area only when a second employee is present. D) conduct periodic physical inventories comparing the investment register to the investments on hand. Answer: C Diff: 3 Learning Obj.: 2 87) Which of the following is not a common internal accounting control procedure in a property business process? A) Having physical inventories of property taken periodically under the supervision of staff who are responsible for the custody of the assets B) Requiring authorization by an official or committee for expenditures over a certain amount C) Reconciling detailed subsidiary property records with the control accounts at least annually D) Having the property appraised periodically for insurance purposes Answer: A Diff: 2 Learning Obj.: 2 88) Solids modeling, finite-elements analysis, and automated drafting are common capabilities of A) CIM. B) CADD. C) CAM. D) MRP II. Answer: B Diff: 1 Learning Obj.: 3

89) Software that often includes components to facilitate process planning, line analysis, and statistical process control, among other tasks, is called A) CIM. B) MRP II. C) CADD. D) CAM. Answer: D Diff: 1 Learning Obj.: 3 90) The system that uses statistical process control to determine whether a manufacturing process is within limits is A) CADD. B) CAM. C) CIM. D) MRP II. Answer: B Diff: 1 Learning Obj.: 3 91) Which of the following occurs when a manufacturing facility uses statistical process control? A) A plan is developed to describe the routing of each production process. B) Production processes can be quickly reconfigured. C) Process outputs are compared to engineering specifications. D) A programmable device moves material, parts, tools, or specialized devices to perform tasks. Answer: C Diff: 2 Learning Obj.: 3 92) MRP systems integrate several subsystems. Which subsystem below is not integrated into the MRP system? A) Production planning B) Production scheduling C) Reporting D) Procurement Answer: D Diff: 1 Learning Obj.: 3

93) A manufacturing system's flexibility and speed of response depends largely on the degree to which its components are integrated. Which technology below would effectively integrate the company's system with the systems of its suppliers and customers? A) EDI B) Automatic identification C) Distributed processing D) All of these answers are correct. Answer: A Diff: 2 Learning Obj.: 3 94) Which of the following is false regarding the standard UPC bar code system? A) Both customer and supplier can use the same UPC product code. B) Problems with vendor-based coding usually result when a vendor uses different codes for different items. C) UPC assigns a six-digit code to each vendor. D) UPC coding is vendor-based coding which can be applied at any point. Answer: B Diff: 3 Learning Obj.: 4 95) Which of the following is a common benefit of UPC standardization? A) Paper invoices are no longer needed. B) Inventory levels are reduced. C) Cross-referencing of inventory codes is eliminated. D) Physical inventory counts are no longer needed. Answer: C Diff: 2 Learning Obj.: 4 96) The production planning report that discloses the availability of labor and machine resources is the A) production schedule. B) sales forecast. C) raw materials status report. D) factor availability report. Answer: D Diff: 1 Learning Obj.: 5

97) The focal point of the materials requirements planning system (MRP) is to A) manufacture inventory items on time. B) report the sequencing of all operations connected with production. C) produce the master production schedule. D) disclose all data related to product components. Answer: C Diff: 2 Learning Obj.: 4 98) In a production planning system, the production status file is an input to which of the following? A) Production scheduling program B) Inventory update program C) Report generator program D) Production planning system Answer: D Diff: 2 Learning Obj.: 1 99) In a production planning system, output from the production planning program includes which of the following? A) Production loading file B) Routings C) Completed production order file D) Finished goods stock status report Answer: B Diff: 2 Learning Obj.: 5 100) In a production planning system, the production status file is used as an input for which of the following groups of applications? A) Scheduling and cost accounting B) Cost accounting and planning C) Scheduling and reporting D) Reporting and cost accounting Answer: A Diff: 3 Learning Obj.: 5

101) In a production planning system, the production loading file is an input to which of the following? A) Production planning program B) Production scheduling application C) Cost accounting program D) Inventory update program Answer: B Diff: 2 Learning Obj.: 4 102) Data is required from which of the following to build a production data file? A) Materials requisition data B) Goods receipt data C) RTG data D) Materials requisition and RTG data are both required. Answer: D Diff: 2 Learning Obj.: 5 103) Which of the following outputs from the cost accounting program is used in the next cycle of production planning and scheduling? A) Resource usage file B) Production order file C) Production status file D) Summary report Answer: C Diff: 2 Learning Obj.: 5 104) In a production planning system, which of the following files updates the finished goods inventory file? A) Completed production order file B) Production status file C) Production data file D) Production loading file Answer: A Diff: 2 Learning Obj.: 5 105) Which of the following reports specifies production cost variances? A) Completed production cost report B) Resource usage report C) Factor availability report D) Production order report Answer: B Diff: 2 Learning Obj.: 5 18 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

106) In traditional accounting methods, predetermined overhead rates are based on A) machine hours. B) utilities consumed. C) direct labor hours or direct labor costs. D) depreciable lives of machinery and equipment. Answer: C Diff: 2 Learning Obj.: 5 107) The predetermined overhead application rate is computed as A) budgeted overhead cost divided by budgeted activity. B) total labor cost divided by total machine hours. C) budgeted activity divided by budgeted overhead cost. D) total machine hours divided by total labor cost. Answer: A Diff: 2 Learning Obj.: 5 108) CIM affects manufacturing overhead primarily by A) increasing direct materials costs and decreasing direct labor hours. B) decreasing manufacturing overhead overall. C) increasing manufacturing overhead overall. D) increasing machine costs and decreasing direct labor hours. Answer: D Diff: 3 Learning Obj.: 5 109) Activity-based costing (ABC) systems allocate overhead differently than traditional cost accounting systems. The difference between an ABC and a traditional cost accounting system is that A) traditional systems calculate several overhead rates, one for each manufacturing activity. B) an ABC system uses a single allocation overhead rate. C) ABC systems calculate several overhead rates, one for each manufacturing activity. D) a traditional cost accounting system uses two overhead allocation rates: one for actual activity and one for estimates (or standards). Answer: C Diff: 1 Learning Obj.: 5 110) Which of the following is a way to identify cost drivers for activity-based costing? A) Analytical review B) Time-in-process measures C) Volume measures D) Regression analysis Answer: D Diff: 2 Learning Obj.: 5 19 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

111) The bill of material module in the MRP II system is used to communicate the structure of a product, as it is in MRP. The MRP II system extends this module's capability to include A) maintenance of engineering or product drawings from a CADD system. B) the sequence of operations required to manufacture a component or assembly. C) maintaining the assembly schedules for specific configurations. D) creating a packet that contains order, material list, routing, and drawing information. Answer: A Diff: 3 Learning Obj.: 4 112) Which of the following is a common consequence of implementing JIT in an MRP II/CIM environment? A) Increase in setup costs B) Reduction in the size of each production lot C) Longer lead time needed to schedule production D) Increase in buffer stocks of raw materials Answer: B Diff: 2 Learning Obj.: 5 113) Totally computerized systems such as a quick response systems A) eliminate traditional internal control problems. B) still require human intervention in the transaction processing cycle. C) intensify certain internal control problems. D) still require paper documents in EDI applications. Answer: C Diff: 2 Learning Obj.: 4 114) In a quick response manufacturing system, internal controls A) should be established after the information system is designed and tested. B) must be included within the design and development of the system. C) should be based on existing manual controls. D) can be excluded in such a system because there is so little human intervention in processing transactions. Answer: B Diff: 2 Learning Obj.: 5

115) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Advanced integration technologies (AIT) ________ 2. Bill of materials ________ 3. Solids modeling ________ 4. Job time cards ________ 5. Cost driver ________ 6. Vendor-based coding ________ 7. Process costing ________ 8. EOQ ________ 9. Routings ________ 10. Inventory status report A. Lists the raw materials that are necessary to produce a product B. The optimum order amount that minimizes total inventory cost C. Consists of EDI, automatic identification, and distributed processing D. An element that influences the total cost of an activity E. A summary that details the resources available in inventory F. Used to document the amount of labor time that is spent working on each production project G. The mathematical representation of a part as a solid object in computer memory H. Having a purchaser (i.e., retailer) utilize a vendor's product codes as its own product codes for the same products I. Production costs are compiled by department rather than by job J. Documents that indicate the sequence of operations required to manufacture a product Answer: 1. C, 2. A, 3. G, 4. F, 5. D, 6. H, 7. I, 8. B, 9. J, 10. E Diff: 2 Learning Obj.: 1, 2, 3, 4, 5

116) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. RTGs ________ 2. Job costing ________ 3. Reorder point ________ 4. Economic order quantity (EOQ) ________ 5. Just-in-time production ________ 6. Computer-integrated manufacturing ________ 7. Flexible manufacturing system (FMS) ________ 8. Finite element analysis ________ 9. Job ________ 10. Fixed asset register A. A synonym for production order B. Documents that indicate the sequence of operations required to manufacture a product C. A system in which items are only produced as they are required in subsequent operations D. The order quantity that minimizes total inventory cost. E. A systematic list of assets such as land, buildings, machines, and equipment that is maintained for control purposes F. A CAM system that incorporates programmable production processes that can be quickly reconfigured to produce different types of products G. A mathematical model used to determine mechanical characteristics, such as stresses of structures under load H. Integrates the physical manufacturing system and the manufacturing resource planning (MRP II) systems I. The level of inventory at which it is desirable to order or produce additional items to avoid an out-of-stock condition J. Production costs are assigned to production orders Answer: 1. B, 2. J, 3. I, 4. D, 5. C, 6. H, 7. F, 8. G, 9. A, 10. E Diff: 2 Learning Obj.: 1, 2, 3, 4, 5

117) Presented below is a list of computer file names found in quick-response manufacturing systems, followed by definitions of the terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Completed production order file ________ 2. Master operations file ________ 3. Production data file ________ 4. Inventory file ________ 5. Routings (RTGs) file ________ 6. Resource usage file ________ 7. Master production plan file ________ 8. Bill of materials file ________ 9. Production status file ________ 10. Production loading file A. Contains information about the work center, length of time, and tooling required to complete each production task B. Contains production requirements associated with open production orders C. Lists all cost data for completed production orders D. Shows actual and standard material, labor, and operation costs for work completed E. Contains a record for each product manufactured, detailing its components F. Contains both materials requisition and routing data to input into the cost accounting program G. Contains a record for each product, detailing the machine and labor sequences required for its production H. Contains a record for each open production order I. Updated by the completed production order file J. Processed against the bill of materials, production status, and master operations files in the production planning program Answer: 1. C, 2. G, 3. F, 4. I, 5. A, 6. D, 7. J, 8. E, 9. H, 10. B Diff: 3 Learning Obj.: 5

118) The following production information has been gathered from the records of the New Processes Manufacturing Company: Product:

Alpha

Zeta

Units Produced Direct material cost / unit Direct labor cost / unit Direct labor hours / unit Production machine setup Engineering changes

1,500 $ 10 14 1 3 times 1 time

7,500 $ 22 28 2 3 times 2 times

Additional production information is as follows: • Total setup costs (a part of total manufacturing overhead) = $21,500 • Total engineering changes (a part of total manufacturing overhead) = $9,500 • Total annual overhead cost = $288,750 • Total annual direct labor hours = 16,500 Required: A. Calculate the ABC overhead allocation rate using the cost drivers given above. B. Calculate the total cost per unit for each product using activity-based costing for the overhead allocation. Answer: A. $288,750 - $129,000 (setup costs) - $28,500 (engineering changes) = $131,250 remaining overhead cost to be allocated by direct labor hours $129,000 setup costs / 6 annual setups = $21,500 per setup $28,500 engineering costs / 3 annual changes = $9,500 per engineering change $131,250 / 16,500 hours = $7.9545 per direct labor hour for remaining overhead

B. Total cost for product Alpha: Direct material Direct labor Setup costs Engineering Overhead

= = = = =

1,500 × $10 1,500 × 1 × $14 $21,500 × 3 setups $9,500 × 1 change 1,500 × $7.9545

= = = = =

$ 15,000 21,000 64,500 9,500 11,932

Total manufacturing cost for Alpha = $15,000 + $21,000 + $64,500 + $9,500 + $11,932 = $121,932 / 1,500 units = $81.29 per unit Total cost for product Zeta: Direct material Direct labor Setup costs Engineering Overhead

= = = = =

7,500 × $22 7,500 × 2 × $28 $21,500 × 3 setups $9,500 × 2 changes 7,500 × 2 × $7.9545

= = = = =

$ 165,000 420,000 64,500 19,000 119,318

Total manufacturing costs for Zeta = $165,000 + $420,000 + $64,500 + $19,000 + $119,318 = $787,818 / 7,500 units = $105.04 per unit Diff: 3 Learning Obj.: 5 119) The following production information for the Murray Manufacturing Company has been gathered for part number AB7 (which is used in the manufacture of one of its products): • Murray Manufacturing buys part AB7 from a supplier. • Murray estimates that it will need 5,400 parts this month (which has 30 days). • Each part costs $6.89, and it costs Murray $750 to place an order for part AB7. • It takes 8 days to receive an order of part AB7 from Murray's supplier. • All parts orders are received, inspected, and checked into inventory the same day shipment is received. • Inventory carrying costs are 20% of the inventory value for the month. Required: A. Compute the economic order quantity in units (rounded to the nearest unit) for part AB7. B. Compute the reorder point (rounded to the nearest unit) for part number AB7. Answer: A. EOQ ((2  5,400  750)/(6.89  .20)) = (8,100,000 /1.378) = 5,878,084. 179 = 2,424 units (rounded down to the nearest unit) B. 5,400 units used on average in 30 days this month = 180 units per day (5,400 / 30) 180 units per day × 8 days' lead time = 1,440 units remaining is the reorder point Diff: 2 Learning Obj.: 1 25 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

120) World Voice is a long-distance telephone service provider that is in the process of overhauling its fixed-asset applications system. Required: Identify the individual data items that should be included in the database for each of the company's fixed assets. Answer: The new fixed asset database should include the following items: Name of asset Manufacturer Model and serial number Asset class code Company-assigned asset number General ledger account number Diff: 2 Learning Obj.: 2

Location of asset Acquisition date Original cost Data for book depreciation Data for tax depreciation Maintenance data (i.e., dates and dollar amounts)

121) Southwestern Pride is a company that processes and packs vegetables for sale in retail stores. Southwestern Pride uses a CIM environment in its facility. Sensors on its production lines automatically record data regarding materials used (processed vegetables, added ingredients, jars, lids, labels, boxes, etc.) and the progress of production lots. Employees also input data from workstations in the various production areas (receiving, cleaning, cooking, and canning). Required: Assuming that the company's databases utilize direct-access organization, what files and records could be updated directly from the production floor? Answer: Files and records that could be updated directly from the production floor are: • Raw materials inventory records • Work-in-process inventory records • Finished goods inventory records • Production order records (or production status file) • Production scheduling records (or production loading file) • Factor availability records • Resource usage records • Employee time sheets • Summary expense distribution records Diff: 3 Learning Obj.: 2

122) Explain how activity-based costing differs from traditional overhead allocation techniques. Answer: Suggested answer: The main difference between traditional overhead allocation techniques and activity-based costing is the number of bases used to allocate manufacturing overhead costs to products. Traditional allocation techniques use only one base, while ABC uses a number of bases to more finely allocate costs to those products responsible for the cost incurred. Also, traditional allocation bases were often based on direct labor hours or direct labor cost, which are less prominent components in highly automated production systems. Diff: 2 Learning Obj.: 5 123) Distinguish between MRP and MRP II. Answer: Suggested answer: MRP is an acronym for "materials requirements planning" and refers to the use of computers in production planning and control systems. These systems encompass all types of inventories and are used to plan and schedule material usage requirements. MRP II is an acronym for "manufacturing resource planning" and encompasses MRP as well as related systems for sales, billing, and purchasing. In addition, MRP II may include a number of extensions of the basic capabilities found in MRP systems. Diff: 2 Learning Obj.: 4 124) Why is it important to design control systems in a quick-response manufacturing system before the manufacturing system is implemented? Answer: Suggested answer: Controls should be included in the design of a quick-response manufacturing system for two reasons. First, quick-response manufacturing systems must frequently be designed "from scratch," as few turnkey systems are available. Adding control systems after the system is designed is impractical from a cost standpoint, because the initial design itself is quite costly. Including controls with other system features during the design phase is far less expensive, and will provide better internal control. Second, the organization itself should test all controls before implementing them. The design phase provides an opportunity to review the programming and operation of controls before they are implemented. Diff: 2 Learning Obj.: 3

125) Describe RFID including the benefits and drawbacks of this technology. Also compare this technology to that of bar codes. Answer: Suggested answer. Radio-frequency identification is an automatic identification technology that uses low power radio waves to send and receive data between RFID tags and readers. Bar code scanners require a direct line of sight in order to function. RFID eliminates the need for direct line of sight to the RFID tag. RFID tagging is not widely used because RFID are more costly than printed bar codes and there is a much higher error rate in RFID than in scanning printed bar codes. Diff: 2 Learning Obj.: 4 126) What elements are involved in determining what products should be manufactured? How does the transaction cycle controls assist in such a decision? Answer: Suggested answer: The decision to manufacture a certain product over another requires the integration of three criteria: the demand for a product; the product requirements; and the production resources available to the firm. If the product is manufactured for inventory purposes (as opposed to a specific job order), production requirements depend on a sales forecast. This is because sales forecasts are directly related to the amount of a product held in inventory at any time. Transaction cycle controls that provide useful information in the decision about what product to manufacture include inventory status reports and factor availability reports. The inventory status report provides details about material resources in inventory that are available to production. The factor availability report provides information about the availability of labor and machine resources. Sales forecasts are also based on information provided by a finished goods status report, which lists the quantities of products in current inventory. Diff: 2 Learning Obj.: 1 127) Discuss the financial benefits of just-in-time production systems. Answer: Suggested answer: Using a JIT production system cuts a number of costs. The main financial benefit of using such a system comes primarily from the overall reduction in inventory levels, since a goal of JIT is to minimize inventory levels. The firm's total investment in inventory is reduced. Specifically, costs such as handling and storing materials, obsolescence, warehouse space, and financing charges to carry inventory are reduced significantly. Other possible reductions in costs would accrue from lower labor costs from the redesign of production processes, quantity discounts from vendors interested in maintaining long-term relationships with the manufacturer, and an increased emphasis on quality production, which may decrease the cost of rework, spoilage, and waste. Diff: 2 Learning Obj.: 1 28 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 11 Systems Planning, Analysis, and Design 1) The implementation stage of a systems development project can be minimized when it involves an upgrade to an existing system. Answer: FALSE Diff: 2 Learning Obj.: 1 2) Systems analysis is the first step in the systems development life cycle. Answer: FALSE Diff: 1 Learning Obj.: 1 3) The role played by the systems developer is much like that of a doctor with regard to a patient. Answer: TRUE Diff: 1 Learning Obj.: 1 4) The steering committee needs to approach systems development from a "long-run" view. Answer: TRUE Diff: 2 Learning Obj.: 1 5) Subsidiary to tactical systems development objectives are the strategic objectives. Answer: FALSE Diff: 2 Learning Obj.: 1 6) Key success factors are characteristics of an organization that distinguishes it from competitors. Answer: TRUE Diff: 1 Learning Obj.: 1 7) The systems development strategic plan should identify specific areas to be given the highest priority. Answer: TRUE Diff: 1 Learning Obj.: 1 8) One objective of a systems survey is to find ways to automate tasks that have been performed manually. Answer: FALSE Diff: 2 Learning Obj.: 1 1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

9) Customers should be viewed as vital components of a system and should be included in any analysis. Answer: TRUE Diff: 2 Learning Obj.: 1 10) A good approach to use with a manager when performing an information needs analysis is to ask the manager, "What kind of problems do you have here?" Answer: FALSE Diff: 2 Learning Obj.: 1 11) Information requirements of a production control system might include quality control specifications. Answer: TRUE Diff: 1 Learning Obj.: 1 12) A large portion of the systems analyst's job is to collect and organize facts. Answer: TRUE Diff: 1 Learning Obj.: 3 13) A closed-ended questionnaire is the same as a depth interview. Answer: FALSE Diff: 2 Learning Obj.: 3 14) Structured systems analysis begins with computer program code and then, through a number of steps each decreasing in detail, ends with a general description of a particular system. Answer: FALSE Diff: 2 Learning Obj.: 3 15) Document and analytic flowcharts are optional tools in systems analysis. Answer: FALSE Diff: 2 Learning Obj.: 3 16) Determining access methods involves defining primary and secondary access keys. Answer: TRUE Diff: 2 Learning Obj.: 3

17) The systems development life cycle, including the design phase, is a finite process terminating in a completed system. Answer: FALSE Diff: 2 Learning Obj.: 3 18) Systems design problems are much like other problems in life because there is no single solution which perfectly solves the problem. Answer: TRUE Diff: 1 Learning Obj.: 2 19) As an organization increases in its complexity and the number of products manufactured or sold, it becomes easier to find an appropriate turnkey software system that adequately meets the organization's needs. Answer: FALSE Diff: 2 Learning Obj.: 2 20) Management is typically responsible for selecting the best major system design from among several design alternatives. Answer: TRUE Diff: 1 Learning Obj.: 2 21) The document that includes everything necessary to actually implement the design project is the detailed design proposal. Answer: TRUE Diff: 1 Learning Obj.: 7 22) The use of prepackaged business process blueprints is seldom used in system design specifications or proposals. Answer: FALSE Diff: 2 Learning Obj.: 7 23) It is important to design system reports that have appropriate titles and captions. Answer: TRUE Diff: 1 Learning Obj.: 7 24) Regarding general systems design considerations, implementing adequate controls is too often emphasized. Answer: FALSE Diff: 2 Learning Obj.: 7 3 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

25) Systems design is a creative activity and can be viewed somewhat as an art. Answer: TRUE Diff: 1 Learning Obj.: 1 26) File analysis sheets show the relationships between the various kinds of files. Answer: FALSE Diff: 2 Learning Obj.: 1 27) One type of business process blueprint is CASE. Answer: FALSE Diff: 2 Learning Obj.: 1 28) Computer professionals love the freedom of designing and building a new system from the ground up. Answer: TRUE Diff: 1 Learning Obj.: 4 29) A dedicated software package is intended for a large and diverse number of users. Answer: FALSE Diff: 2 Learning Obj.: 8 30) A good question to ask when evaluating "canned" software is "Are source programs supplied?" Answer: TRUE Diff: 2 Learning Obj.: 10 31) Most deficiencies in a systems plan become obvious during the planning and analysis phases of the systems development life cycle. Answer: FALSE Diff: 2 Learning Obj.: 2 32) Iterative or agile approaches to systems development require constant communication and require all phases of the systems life cycle to be carried on simultaneously. Answer: TRUE Diff: 2 Learning Obj.: 2

33) The whole concept of service-oriented architectures relies on small independent pieces of software called services. Answer: TRUE Diff: 2 Learning Obj.: 1 34) RAD is an iterative development technique using prototype designs. Answer: TRUE Diff: 2 Learning Obj.: 2 35) RUP is an iterative development technique using prototype designs. Answer: FALSE Diff: 2 Learning Obj.: 2 36) RUP is a development framework involving 4 phases to help with iterative approaches to systems development. Answer: TRUE Diff: 2 Learning Obj.: 2 37) Object-oriented design and analysis relies on the identification of services and their attributes. Answer: FALSE Diff: 2 Learning Obj.: 9 38) Object-oriented design focuses on defining objects and their actions as well as the data they use and how they collaborate with each other. Answer: TRUE Diff: 2 Learning Obj.: 9 39) In object-oriented design, objects are said to possess attributes, and attributes possess methods. Answer: FALSE Diff: 2 Learning Obj.: 9 40) In object-oriented design, objects possess methods and attributes. Answer: TRUE Diff: 2 Learning Obj.: 9

41) Ruby and Python are pure, native object-oriented languages. Answer: TRUE Diff: 2 Learning Obj.: 9 42) UML diagrams are used to document objects and classes and how they communicate with each other. Answer: TRUE Diff: 2 Learning Obj.: 2 43) UML diagrams are ideal for OO development; however, they are difficult to use to create source code. Answer: FALSE Diff: 2 Learning Obj.: 2 44) Model driven architecture is the main architecture used in traditional systems design approaches. Answer: FALSE Diff: 2 Learning Obj.: 1 45) BPEL is an executable computer language that facilitates interactions between business processes and Web services. Answer: TRUE Diff: 2 Learning Obj.: 9 46) OASIS stands for Organization for the Assessment of Structured Iterative Standards. Answer: FALSE Diff: 2 Learning Obj.: 9 47) REA stands for Resources, Enterprise, and Agents. Answer: FALSE Diff: 2 Learning Obj.: 1 48) In a REA model, for each event there are two general categories of related attributes. Answer: TRUE Diff: 2 Learning Obj.: 1

49) It is crucial that all major systems development efforts have the support of ________ ________. Answer: top management Diff: 2 Learning Obj.: 1 50) General systems development objectives include the overall ________ objectives relating to the company's long-run planning. Answer: strategic Diff: 2 Learning Obj.: 1 51) Prioritizing systems development projects should be done in the same way as in ________ ________. Answer: capital budgeting Diff: 2 Learning Obj.: 2 52) A small change in an area of weakness that may result in major improvements is called a(n) ________. Answer: bottleneck Diff: 2 Learning Obj.: 2 53) ________ requirements for one subsystem will, in turn, specify ________ requirements for another subsystem. Answer: Input; output Diff: 2 Learning Obj.: 1 54) Warnier-Orr methodology uses the basic constructs of sequence, ________, and ________. Answer: selection; repetition Diff: 2 Learning Obj.: 3 55) Structured systems analysis and structured systems design are very ________ processes. Answer: similar Diff: 1 Learning Obj.: 3 56) Adding error conditions and data file access to structured English results in documentation that is sometimes referred to as ________. Answer: pseudocode Diff: 2 Learning Obj.: 5

57) The primary rule in developing design specifications is that the designer should work from ________ to ________. Answer: outputs; inputs Diff: 2 Learning Obj.: 1 58) One area in which the accountant can play a critical role while working on a design team is implementing adequate ________. Answer: controls Diff: 2 Learning Obj.: 1 59) Two special problems that relate to information systems design are problems involving ________ and ________ design. Answer: forms; database documents; database forms, database documents, database Diff: 2 Learning Obj.: 1 60) ________ design focuses on producing documents that provide effective interfaces between managers and the information system. Answer: Forms Diff: 1 Learning Obj.: 1 61) A(n) ________ ________ diagram shows the various data fields within a record. Answer: record layout Diff: 2 Learning Obj.: 5 62) The decision as to whether the computer software is to be built from scratch or purchased should be made at the end of the ________ phase. Answer: analysis Diff: 2 Learning Obj.: 6 63) Hardware that is chosen for use in a system design implementation should be ________ compatible for future uses. Answer: upwardly Diff: 2 Learning Obj.: 10

64) The four enterprise architectural domains are ________, ________, ________, and ________. Answer: business, information, application, technical Diff: 2 Learning Obj.: 1 65) Another name for the traditional approach to the systems development life cycle is the ________ method. Answer: waterfall big-design-up-front Diff: 2 Learning Obj.: 1 66) Each domain within the enterprise architecture is subject to ________, ________, ________, and ________ phases. Answer: analysis, planning, design, implementation Diff: 2 Learning Obj.: 1 67) Agile or ________ approaches to systems development involve carrying on all phases of the life cycle simultaneously. Answer: iterative Diff: 2 Learning Obj.: 2 68) Service-oriented architecture has greatly facilitated working in smaller projects, since the whole concept of SOA relies on small independent pieces of software called ________. Answer: services Diff: 2 Learning Obj.: 2 69) RUP development framework has four phases called the ________, ________, ________, and ________ phases. Answer: inception, elaboration, construction, transition Diff: 2 Learning Obj.: 2 70) Milestones corresponding to ________ of each phase must be achieved before it is accepted by the management. Answer: deliverables Diff: 2 Learning Obj.: 2 71) Object-oriented approach focuses on defining ________. Answer: objects Diff: 2 Learning Obj.: 9 9 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

72) In OO, objects are said to possess ________ and ________. Answer: methods, attributes attributes, methods Diff: 2 Learning Obj.: 9 73) ________ are the things objects do and ________ are the data related to objects. Answer: Methods, attributes Diff: 2 Learning Obj.: 9 74) ________ diagrams are used to document objects and how they communicate in OO design. Answer: UML Diff: 2 Learning Obj.: 2 75) ________ ________ architecture was created by OMG to standardize and refine the process of object-oriented design by developing a model in UML and then automatically generating the software code from the design. Answer: Model driven Diff: 2 Learning Obj.: 2 76) OO analysis produces a(n) ________ model of what the system is functionally required to do. Answer: conceptual Diff: 2 Learning Obj.: 2 77) OO analysis produces a conceptual model which is typically represented in UML by ________, ________, and ________ diagrams. Answer: use-case, class, interaction Diff: 2 Learning Obj.: 2 78) In a pure REA system, journals, ledgers, and accounts can be generated as reports or ________ from the basic recorded data. Answer: "views" Diff: 2 Learning Obj.: 1

79) From a cost standpoint, the phase of systems development in which more money is spent than any other area is A) systems analysis. B) systems design. C) systems implementation. D) systems planning. Answer: C Diff: 2 Learning Obj.: 1 80) From a cost standpoint, the phase of systems development in which major errors can become quite costly in later stages of development is A) systems analysis. B) systems design. C) systems implementation. D) systems planning. Answer: A Diff: 2 Learning Obj.: 1 81) Which of the following is not a goal of developing an overall systems plan and strategy? A) Duplication and wasted effort will be minimized. B) The systems analysis phase will be minimized in favor of design and implementation when budget constraints are present. C) Systems development in the organization will be consistent with the overall strategic plan of the organization. D) Resources will be targeted to the subsystems where the needs are greatest. Answer: B Diff: 2 Learning Obj.: 1 82) A system planning and feasibility analysis involves several phases and operates in a "topdown" fashion. This type of analysis is composed of how many phases? A) Three B) Five C) Six D) Seven Answer: D Diff: 1 Learning Obj.: 1

83) Which of the following planning activities is performed after the other activities? A) Deciding that all system changes must be completed within five years B) Naming the individuals to the systems analysis and design team C) Appointing a steering committee D) Deciding that a reliable file backup system is more important than new factory workstations Answer: B Diff: 3 Learning Obj.: 1 84) The purpose of a systems development steering committee is to A) inquire of top management as to the problems encountered with current systems. B) oversee the work of the systems analysts. C) focus on the overall current and future information needs of the company. D) provide a positive image of the development of new systems and to keep criticism within the organization to a minimum. Answer: C Diff: 2 Learning Obj.: 1 85) The main responsibility of the systems development steering committee is A) overall planning and control of the systems development effort within the organization. B) to oversee the work of systems analysts. C) to become involved in the details of specific development projects. D) to provide a positive image of the establishment of systems development. Answer: A Diff: 2 Learning Obj.: 1 86) A major output of a systems development steering committee or the individual in charge of systems development is a written document outlining short- and long-term goals relating to the company's development effort. This document is called A) "Key Systems Development Success Factors." B) "The Systems Development Life Cycle." C) "Objectives of Systems Analysis." D) "Strategic Systems Plan." Answer: D Diff: 2 Learning Obj.: 1

87) Which of the following describes the point at which systems project costs should be quantified? A) Identifying and prioritizing potential projects for systems development B) Developing a strategic information systems plan C) Assembling the project team D) Preparing the systems proposal Answer: A Diff: 2 Learning Obj.: 1 88) Which of the following is often the key motivation for the system developers to establish good relationships with current and future users of the system? A) The users' expertise is essential to designing the technical specifications of the new system. B) The success or failure of the new system will depend heavily on the support of the eventual users. C) Users often are responsible for the subsequent evaluation of the developers. D) Users often determine budgets and timetables for systems projects. Answer: B Diff: 1 Learning Obj.: 1 89) The company should inform users that a new system is being developed A) as late as possible, to eliminate the possibility that some employees might oppose the new system. B) after the design plan is complete, to avoid employee interference and confusion. C) as soon as possible, to maximize user acceptance of the new system. D) as soon as the users seem ready to accept the new system. Answer: C Diff: 2 Learning Obj.: 1 90) Which of the following would be an appropriate source of information to obtain during the survey of the current system? A) Professional journals and industry publications B) Minutes of board meetings, financial statements, and charts of accounts C) Organization charts, job descriptions, and policy manuals D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 1

91) An analysis of the systems survey contains a A) summary of the system's strengths and weaknesses. B) cost comparison of different software packages. C) review of information needs. D) listing of input requirements. Answer: A Diff: 2 Learning Obj.: 1 92) Any bottlenecks in a company's current operations would most likely be discovered A) when the technical specifications of a system are being decided. B) when the information obtained during the system survey is analyzed. C) during the document review. D) None of these answers is correct. Answer: B Diff: 1 Learning Obj.: 1 93) The second major phase of systems analysis is information needs analysis. This phase A) focuses on the general information needs of particular applications. B) concentrates on the report formats that the new systems will output. C) is concerned with specific managerial decisions and their inputs. D) None of these answers is correct. Answer: A Diff: 2 Learning Obj.: 1 94) Which of the following is most relevant in gaining an understanding of a manager's decisions and information needs? A) Information about the major problems the manager normally deals with B) Knowledge about the manager's self-assessment criteria C) Details concerning the manager's job responsibilities D) Knowledge of the criteria used to evaluate the manager's job performance Answer: D Diff: 2 Learning Obj.: 3 95) The third phase of systems analysis results in decisions regarding A) input requirements for the new system. B) output requirements for the new system. C) both input and output requirements for the new system. D) priorities for ranking the different subsystems projects, but not specific system requirements. Answer: C Diff: 1 Learning Obj.: 1

96) Which of the following elements is contained in the systems analysis report? A) Specific timetables for project completion B) Descriptions of any overall problems in the specific subsystem being studied C) A summary of the current system's strengths and weaknesses D) A systems proposal to serve as the framework for the project Answer: B Diff: 2 Learning Obj.: 1 97) The Warnier-Orr methodology is a technique used for A) flowcharting. B) document review. C) evaluating work distributions. D) analyzing information flows. Answer: D Diff: 1 Learning Obj.: 3 98) A formal technique used by the systems analyst to summarize related data inputs and outputs is A) matrix analysis. B) work measurement. C) flowcharting. D) decision analysis. Answer: A Diff: 2 Learning Obj.: 3 99) One benefit of using the Warnier-Orr methodology as a fact-gathering technique is that it A) is easy to understand and use. B) can be used to document any type of system. C) forces a top-down, structured approach to analysis. D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 3 100) In the Warnier-Orr methodology, how would the repetitions associated with the input of batches of customer checks be shown? A) Use a bracket with the number 2. B) Use the subscript (n). C) Use 2 brackets. D) Use the subscript (2). Answer: B Diff: 2 Learning Obj.: 3 15 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

101) At the first level of structured systems analysis, documentation begins with A) matrix analysis. B) an analytic flowchart. C) a logical flow diagram. D) functional analysis. Answer: C Diff: 2 Learning Obj.: 1 102) A flowchart differs from a logical flow diagram because it A) provides a physical description of the system. B) provides a logical description of the system. C) does not specify certain input/output devices. D) does not specify certain storage devices. Answer: A Diff: 2 Learning Obj.: 1 103) In structured systems analysis, the data dictionary describes A) data structure. B) physical layout. C) data structure and physical layout. D) data structure and data elements. Answer: D Diff: 2 Learning Obj.: 1 104) A special language describing processing logic that uses key words such as IF, THEN, ELSE IF, and SO is called A) Warnier-Orr English. B) structured English. C) analytic flowchart notation. D) structured assembler. Answer: B Diff: 2 Learning Obj.: 1 105) When conducting structured systems analysis of a particular system, defining the processing logic A) should always be done using structured English. B) is the same thing as writing actual program code. C) may be done with decision trees or decision diagrams. D) is useful only to technical systems personnel. Answer: C Diff: 3 Learning Obj.: 1 16 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

106) Systems design follows the "top-down approach." This means A) going from the general to the specific. B) beginning with the needs and desires of top management and then considering other users' needs down to the "factory-floor" level. C) going from specific program code to general descriptions of the system. D) starting with a central computer system and then implementing systems for individual departments. Answer: A Diff: 1 Learning Obj.: 1 107) Certain turnkey software packages can sometimes meet the specific needs of an individual situation with minimal design work. Which of the following companies would least likely be able to use a turnkey system? A) A doctor's office B) An attorney C) A petroleum refining company D) A construction company Answer: C Diff: 3 Learning Obj.: 5 108) Which of the following design alternatives is the most difficult to evaluate? A) Deciding whether reports should be generated automatically or on-demand B) Deciding whether processing should be in batch mode or online C) Deciding whether the alternatives meet all major objectives for the system D) Deciding whether existing personnel can manage the system Answer: D Diff: 3 Learning Obj.: 4 109) Once system design alternatives have been laid out and documented, they must be evaluated. The primary criteria for selecting the alternative for implementation purposes should be A) cost versus benefits. B) simplicity versus complexity. C) user acceptance of the alternative. D) feasibility. Answer: A Diff: 3 Learning Obj.: 5

110) In the preparation of design specifications, which of the following activities is undertaken after all of the others have been completed? A) Database design B) Specifying inputs C) Specifying processing steps D) Designing management reports Answer: B Diff: 2 Learning Obj.: 6 111) A design proposal explains that the system will include both manual and computer procedures for reconciling batch totals. This explanation A) shows internal control effectiveness exists at the cost of some efficiency. B) is not accurate. C) should not be included in the design proposal. D) should be included in both the systems analysis report and the design proposal. Answer: A Diff: 3 Learning Obj.: 7 112) Items that should be provided in any detailed design proposal are A) the resumes and qualifications of systems analysts and designers. B) discussions of similar systems that competitors have implemented. C) specific volume and cost information. D) critiques of problems encountered with the prior (or existing) system. Answer: C Diff: 2 Learning Obj.: 7 113) The most important consideration for output design is A) relevance. B) integration. C) uniformity. D) cost-effectiveness. Answer: D Diff: 1 Learning Obj.: 8 114) Which of the following design considerations applies to report or document outputs? A) Relevance B) Integration C) Uniformity D) Accuracy Answer: A Diff: 1 Learning Obj.: 8 18 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

115) The design criterion concerned with avoiding the collection and maintenance of the same data items in more than one place in the organization is A) uniformity. B) flexibility. C) integration. D) standardization. Answer: C Diff: 1 Learning Obj.: 8 116) The design criterion concerned with using the same format and name for data items used in more than one place is A) uniformity. B) flexibility. C) integration. D) standardization. Answer: D Diff: 1 Learning Obj.: 8 117) Probably the most difficult design consideration in designing the data input system is A) uniformity. B) accuracy. C) integration. D) organization. Answer: B Diff: 1 Learning Obj.: 8 118) Which of the following database design techniques shows the interrelationships between various kinds of records? A) Data structure diagrams B) Record layouts C) File-related matrices D) File analysis sheets Answer: A Diff: 2 Learning Obj.: 8

119) Which of the following database design techniques shows the interrelationships between files, their contents, and their uses? A) Data structure diagrams B) Record layouts C) File-related matrices D) File analysis sheets Answer: C Diff: 2 Learning Obj.: 8 120) A file-related matrix reveals that a file's data item A is used in six different reports, while data item B in the same file is not used in any report. The systems designer should consider A) using both data items A and B. B) deleting data item B and using only data item A. C) using neither data item A nor B. D) deleting data item A and using only data item B. Answer: B Diff: 2 Learning Obj.: 8 121) Prepackaged design systems have both advantages and disadvantages in assisting the designer with the systems development cycle. A disadvantage of such prepackaged design methodologies is that they do not A) specify desired outputs. B) provide assistance in structuring a particular problem. C) adequately deal with the problem of response time. D) Answers A and C are correct. Answer: D Diff: 2 Learning Obj.: 10 122) A company should decide whether to develop software independently or purchase software A) when preparing the detailed design proposal. B) at the end of systems analysis. C) at the end of systems planning. D) when preparing design specifications. Answer: B Diff: 1 Learning Obj.: 1

123) Which of the following is not an advantage of using purchased or "canned" software packages? A) They are less expensive. B) They seldom meet all of a company's needs precisely. C) They are already debugged. D) The company can "test drive" the product before making a substantial investment. Answer: B Diff: 2 Learning Obj.: 10 124) When evaluating purchased software it is often helpful to use a decision table format to consider various issues and potential problems with the software. A question (or questions) to be asked in a decision table which might uncover any "skeletons in the closet" regarding a software package is A) "How many other installations that are 'second-reference organizations' have used the software, and for how long?" B) "How stable is the software vendor?" C) "How closely does the software fit the needs of the company?" D) "How flexible is the software?" Answer: A Diff: 3 Learning Obj.: 8 125) When a company is purchasing software, it should choose hardware A) before choosing software. B) at the end of systems analysis. C) after choosing software. D) at any time either before or after choosing software. Answer: C Diff: 2 Learning Obj.: 1 126) One reason to put off the purchase of computer hardware or software is A) the price of hardware and software will drop shortly. B) a new version of hardware or software will be available soon. C) the company wants the latest "state-of-the-art" system. D) None of these answers is a good reason to put off the purchase of computer hardware or software. Answer: D Diff: 2 Learning Obj.: 1

127) Actively involving the ultimate users in the development of a system might help to limit A) communications problems. B) unrealistic or vague requirements during the analysis phase. C) disillusionment and confusion during the design phase. D) All of these answers are correct. Answer: D Diff: 2 Learning Obj.: 4 128) It is normal for deficiencies in a systems plan to only become obvious during the A) design and implementation phases. B) planning and analysis phases. C) planning and design phases. D) If the systems plan is correctly executed, deficiencies will not be present. Answer: A Diff: 2 Learning Obj.: 4 129) The more complicated, unfamiliar, or innovative business and information environments become, the more it becomes necessary to A) plan and analyze upfront. B) use an iterative design approach. C) employee a project manager. D) use the waterfall method correctly. Answer: B Diff: 2 Learning Obj.: 5 130) Systems development means defining, shaping, and reshaping the four enterprise architectural domains of A) business, information, application, and technical architectures. B) business, software, implementation, and training architectures. C) software, hardware, training, and maintenance architectures. D) software, information, hardware, and reporting architectures. Answer: A Diff: 2 Learning Obj.: 1 131) Each domain in the enterprise architecture is subject to A) cost overruns if planning is not carefully completed upfront. B) government review if the company is publicly traded. C) the four phases of RUP development. D) analysis, planning, design, and implementation. Answer: D Diff: 2 Learning Obj.: 1 22 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

132) In iterative or agile approaches to systems development A) each phase of the life cycle is completed prior to moving to the next phase. B) phases can be started in any order the project manager deems appropriate. C) all phases of the life cycle are carried on simultaneously. D) the systems development life cycle is not appropriate to implement. Answer: C Diff: 2 Learning Obj.: 2 133) Service-oriented architecture relies on developing small independent pieces of software called A) groups. B) services. C) units. D) prototypes. Answer: B Diff: 2 Learning Obj.: 1 134) An iterative approach using prototypes is called A) service-oriented development. B) waterfall development. C) object-oriented design. D) rapid application development. Answer: D Diff: 2 Learning Obj.: 2 135) The phase of the Rational Unified Process where the project is documented in detail using UML and prototypes is the ________ phase. A) inception B) elaboration C) construction D) transition Answer: B Diff: 2 Learning Obj.: 2 136) The phase of the Rational Unified Process where the software is deployed to end users for testing and training is the ________ phase. A) inception B) elaboration C) implementation D) transition Answer: D Diff: 2 Learning Obj.: 2 23 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

137) Rational Unified Process relies on a(n) A) iterative approach. B) traditional approach. C) object oriented approach. D) It does not use any of these approaches. Answer: A Diff: 2 Learning Obj.: 2 138) The object-oriented approach focuses on defining A) objects. B) services. C) units. D) All of the above are a part of the object-oriented approach. Answer: A Diff: 2 Learning Obj.: 9 139) Data related to objects are called A) items. B) methods. C) attributes. D) characteristics. Answer: C Diff: 2 Learning Obj.: 9 140) The things objects do are called A) items. B) methods. C) attributes. D) characteristics. Answer: B Diff: 2 Learning Obj.: 9 141) ________ diagrams are used to document objects (and classes of objects) and how they communicate with each other. A) UML B) ER C) Conceptual D) Data flow Answer: A Diff: 2 Learning Obj.: 1

142) UML diagrams directly match objects in computer programs which greatly facilitate communication between the analysts, designers, and programmers A) forcing objects to be defined in numerous languages. B) forcing all objects to be identified. C) eliminating the need for an iterative approach. D) eliminating a language gap between DFDs and programming code. Answer: D Diff: 2 Learning Obj.: 2 143) MDA stands for A) Model Diagram Assurance. B) Methods, Development, Assessment. C) Model Driven Architecture. D) Method Driving Assessment. Answer: C Diff: 2 Learning Obj.: 9 144) The approach of MDA is to A) develop a model and then use iteration so programmers can develop a prototype. B) develop a model and then transform the model into computer software. C) develop methods that can then be organized into object classes. D) develop methods that can then be modeled into computer software. Answer: B Diff: 2 Learning Obj.: 9 145) An example of a transformation language that can be used with MDA is ________. A) OMG B) QVT C) UML D) OO Answer: B Diff: 2 Learning Obj.: 9 146) Object-oriented design and analysis is based on objects and relies on A) UML diagrams. B) MDA models. C) BPEL diagrams. D) None of the above aids OO analysis. Answer: A Diff: 2 Learning Obj.: 9

147) BPEL is an executable computer language that facilitates interactions between A) objects and services. B) objects and methods. C) business processes and data diagrams. D) business processes and Web services. Answer: D Diff: 2 Learning Obj.: 9 148) BPEL is supported by the internationally recognized and leading IT open standards organization called A) OASIS. B) OMG. C) MDA. D) QVT. Answer: A Diff: 2 Learning Obj.: 9

149) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Forms design ________ 2. Systems planning ________ 3. Upwardly compatible ________ 4. Integration ________ 5. Dedicated software package ________ 6. Pseudocode ________ 7. Feasibility ________ 8. Cost effectiveness ________ 9. Standardization ________ 10. Turnkey system A. Design criteria that means the avoidance of collecting and maintaining the same data items in more than one place B. Design criteria that all data items be entered in a basic format and assigned a common name when used in more than one place C. The process of planning and creating specific forms D. Structured-English type of system documentation that includes provisions for error conditions and data file access E. A computer package that meets the specific needs of an individual situation with minimal design work F. Identifying subsystems within the information system that need special attention for development G. A commercially available software package that is intended for a narrow audience H. Design criterion that states that it must be possible to actually implement the design specifications I. A concept that states that the benefits of a system must exceed its costs J. Computer hardware that can easily be upgraded to a larger or faster model without losing existing data or programs Answer: 1. C, 2. F, 3. J, 4. A, 5. G, 6. D, 7. H, 8. I, 9. B, 10. E Diff: 2 Learning Obj.: 1, 10

150) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Detailed design proposal ________ 2. Steering committee ________ 3. Systems analysis ________ 4. Bottleneck ________ 5. "Canned" software package ________ 6. Key success factors ________ 7. Information needs analysis ________ 8. Structured English ________ 9. Systems development life cycle ________ 10. Warnier-Orr A. A special language for describing process logic that uses several key words including IF, THEN, ELSE IF, and SO B. A software package purchased from a vendor C. A methodology and diagramming technique for analyzing the outputs of an application and factoring the application into a hierarchical structure of modules to accomplish the necessary processing D. Everything necessary to actually implement a design project E. A weakness in the system where small changes can result in major improvements in performance F. Characteristics that distinguish a company from its competitors and are integral to its success G. The concept that every systems development project goes through essentially the same process or life cycle of systems analysis, design, and implementation H. Group representing top management and all major functional areas within the organization which is charged with guiding the overall systems development effort I. The process of understanding existing systems and problems, describing information needs, and establishing priorities for further systems work J. Analysis of specific decisions made by managers in terms of the information inputs Answer: 1. D, 2. H, 3. I, 4. E, 5. B, 6. F, 7. J, 8. A, 9. G, 10. C Diff: 2 Learning Obj.: 1, 3, 6, 7, 10

151) Presented below are three lists. The first list contains design considerations for system elements. The second list contains the system elements, and the third list contains the definitions of the design considerations. Required: Insert the Roman numeral of the system element(s) that apply to the design consideration in the first column. Insert the letter of the correct definition for each design consideration in the second column. The Roman numerals will be used more than once. Each letter will be used only once. System Design element(s) consideration definition ________ ________ ________ ________ ________ ________ ________ ________ ________ ________

________ ________ ________ ________ ________ ________ ________ ________ ________ ________

Design consideration 1. Cost effectiveness 2. Integration 3. Efficiency 4. Security 5. Relevance 6. Accuracy 7. Comprehensiveness 8. Flexibility 9. Clarity 10. Standardization

System elements: I. Outputs (report or document) II. Database III. Data processing IV. Data input V. Controls and security measures Design consideration definitions: A. Speedy data retrieval for queries is an example B. Information making a difference in one's decision, with no unneeded or missing information C. Addresses multiple areas of concern D. Avoidance of collecting and maintaining the same data items in more than one place E. Data are correct F. Information is understandable to a variety of parties G. All data items are entered in the same format and assigned a common name when used in more than one place H. Data are protected from unauthorized changes, additions, and deletions I. Benefits exceed the costs J. Ability to handle a variety of questions

Answer: System element(s) 1. all 2. II, III, IV 3. II 4. II 5. I 6. II, III, IV 7. V 8. II 9. I 10. II Diff: 2 Learning Obj.: 1

Design consideration definition I D A H B E C J F G

152) A small manufacturer of custom-made sports equipment has hired you as a systems consultant. You have completed a systems survey and found that the company is experiencing wide-ranging problems in its manufacturing and delivery systems, including bottlenecks in production and shipping, and quality control concerns because customer feedback indicates jobs are not conforming completely to their specifications. You are ready to begin the second phase of systems analysis, identifying information needs. Required: Explain what information needs analysis is, and describe two techniques you would use to identify information needs. Answer: Information needs analysis concerns the study of decisions made by managers. By identifying the managers' information requirements, the analyst can decide the needed system inputs. The analyst can use any of four different techniques to perform information needs analysis (The problem requires two techniques). • Identify each manager's primary job responsibilities. The consultant should develop an understanding of the requirements of each manager's position. The consultant would need to get to know the managers in various departments such as production and shipping. After understanding the duties performed by managers, the consultant can determine the information each manager needs to carry out his or her responsibilities. • Identify the means by which each manager is evaluated. Evaluation requirements are the basis for the manner in which many managers approach day-to-day responsibilities. Managers need certain types of information to meet evaluation requirements. The consultant should be especially aware of evaluation requirements in the areas identified as bottlenecks. Managers making decisions related to the bottlenecks may currently be using inadequate information that should be the focus of improvement in a systems project. • Identify some the of problems managers face. Rather than asking the mangers point-blank about their problems, the consultant should ask the managers many questions about what they do, and listen carefully to the answers. The consultant should work toward developing a good working relationship with the managers. Managers who trust the consultant are more likely to reveal their "take" on problems in the system. In this case, the consultant will learn more about the bottlenecks with this approach. • Identify the means by which the manager evaluates personal output. How does the manager know when his or her work is acceptable? What are the data sources the manager uses to complete work? Answers to these questions will allow the consultant to identify additional system inputs needed on a regular basis. Diff: 2 Learning Obj.: 1

153) Ace Fasteners is a small manufacturing company. The controller has been preparing aging schedules and found that the company's invoices are not being sent out in a timely manner. The accounts receivable department has told the controller that it is not getting information when orders are completed and shipped due to its computer system. The computer system is slow and cannot keep pace with production. As a result, the computer system crashes frequently. The accounts receivable department often must type invoices when the computer system is malfunctioning, resulting in backlogs and delays in billing. When the controller brings up the issue to the president of the company at a weekly management meeting, the president states, "Just get the problem fixed so we can send out the bills on time. What is the next item on the agenda?" Required: From a standpoint of systems planning and feasibility analysis, how would you as a consultant (hired by the controller of Ace Fasteners to "fix the problem") advise the controller and management to proceed to remedy this systems problem? Answer: It appears that the president does not understand the nature of the computer system problem or what may possibly be involved to solve it. A consultant should first advise the president, controller, and other managers of the steps involved in undertaking a system planning and feasibility study. The controller may have to educate the president and managers about what is involved in such a study. Specifically, the consultant should discuss the following phases to the study: • Discussion and planning by top management. The consultant may have a difficult "sales job" in this area, as the president is obviously unaware of how to go about systematically solving the company's computer system problem. The consultant should discuss the need for management to support the systems development effort, and ask for their understanding that to properly fix the problems management needs to support the development effort. The consultant should present his or her case and emphasize that any "quick fix" for the accounts receivable billing problem may lead to further problems in the immediate future. • Steering committee. When the consultant has gained the support and understanding of top management, the consultant should then ask management to form a steering committee for the project. The consultant should urge the committee to focus on the overall current and future information needs of the company, and that the committee is responsible for the overall planning and control of the development effort. The consultant should also point out that the committee is not responsible for the details of this specific development project or for future projects. • Establish objectives and constraints. The consultant, in conjunction with management, should establish overall objectives for the project as well as constraints. Key success factors for the company should be identified and incorporated into the design of the system. • Develop a strategic systems plan. The consultant, in conjunction with management, should then develop a strategic systems plan for Ace Fasteners. It should be a formal, written document that identifies short- and long-term goals. The plan should identify and discuss: key success factors; describe the systems within the company; and provide a statement of priorities, an outline of required resources, and a timetable for developing the specific system.

• Prioritizing the project. The strategic plan should prioritize the areas that should be given highest priority. Since Ace is in critical need of a new production and accounts receivable billing system, it is likely that this project will be given highest priority. The consultant should also help management to prioritize other projects that may have been identified for future exploration and possible development. • Systems development proposal. The consultant should prepare a system proposal to provide a basis for analysis and a preliminary design for the proposed system. If possible, the consultant should work with management and staff in developing such a proposal, and get management to agree to and support it. • Establishing the system analysis and development team. At this point the consultant should create a team of individuals from within the company (and likely other consultants from outside of the company) to conduct the analysis and preliminary design of the system. Diff: 3 Learning Obj.: 1 154) A company president has been told by the chief information officer that a certain systems analysis and design project is at the stage of having "design specifications prepared." Required: Identify what systems design phases have occurred and what phases need to take place to complete this project? Answer: Systems design proceeds from the general to the specific. The "prepare design specifications" phase is in the "center" of a systems design project when moving from the general to the specific. This means that the "systems planning and analysis" and "evaluate various designs" phases should have occurred (both of which are more general or "high-level" in nature). After the "prepare design specifications" phase is complete, the project should generate a "systems design specifications" document, and then proceed to the actual "systems implementation" stage. Problems in design specifications may be encountered during the implementation phase, and may result in the earlier phases "being revisited" to make necessary changes. After the actual "systems implementation" stage, a "systems review and control" phase should occur to ensure that the system is properly functioning and meets users' needs. It should be pointed out that the development cycle is not static, but rather it is a dynamic process that is ongoing and may seem to "never end." Diff: 2 Learning Obj.: 6

155) Briefly discuss some behavioral considerations that are of major importance to the systems planning and analysis phase. Answer: Suggested answer: A major behavioral consideration is communication at various stages: communication between top management and the systems development team, communication within the team, and communication between the team and managers/users. First, it is essential that top management clearly explain its overall strategic plans for the organization and its vision of what it expects from the systems development effort. Secondly, the team must communicate well so that the planning phase will be thorough and efficient, it will obtain the data it needs to make recommendations, and it will ensure that all important views are aired. Finally, the team (with the assistance of management) should take special efforts to communicate their objectives to managers and other affected users so that unnecessary resistance, uncertainty, and anxiety can be avoided. Diff: 2 Learning Obj.: 4 156) What individuals should be involved in systems planning? Answer: Suggested answer: The key individuals who should be directly involved in systems planning are: • the members of the steering committee, which should include representatives of top management, all affected user groups, and a high-level manager from the information systems function • a systems development team, ideally composed of top management, user departments, accountants, programmers, and other technical systems people More generally, top management and all affected individuals should be involved, by providing input regarding their needs, assisting the development team, and staying informed of the team's progress and recommendations. Diff: 2 Learning Obj.: 1

157) What are some important factors to consider when evaluating "canned" software? Answer: Suggested answer: When evaluating purchased "off-the-shelf" or "canned" software, the company should consider the following questions: • How well does the software appear to meet the company's needs? • Is the software vendor likely to remain in business in the future? • Does the vendor provide technical support and if so, how? • How do previous and current users (particularly second-reference users) of the software feel about it? • Is the software "user-friendly"? • Is the software "well-documented"? • Are error messages adequately explained either on the screen or in the documentation? • Is source code available for custom modifications? Diff: 2 Learning Obj.: 10 158) How is the Warnier-Orr methodology used to organize facts in systems analysis and design projects? Answer: Suggested answer: The Warnier-Orr methodology is based on analyzing the outputs of an application. The method uses a diagramming technique to divide the application into a hierarchical structure of processing modules. The methodology uses brackets or braces to denote hierarchy. In a Warnier-Orr diagram, the highest level is to the left of the diagram, while the lowest is to the right. A Warnier-Orr diagram is drawn using only three basic constructs: sequence, selection, and repetition. Any processes included in a sequence are enclosed using brackets and would be executed from top to bottom. The selection construct is necessary when there are two or more alternatives. Mutually exclusive alternatives are enclosed in a bracket and separated by a plus sign enclosed in a circle (which is the "exclusive" symbol). The repetition construct is indicated by subscripts. When the process is repeated only once, the subscript "(1)" is used. If repeated more than once, the subscript "(n)" is used. When no processing is required, the words "null" or "skip" are used in the diagram. The methodology is easy to understand and use. It can be used to document any type of system, from a general overview to detailed program logic. Using the Warnier-Orr method forces the analyst or designer to pattern the system in a structured, top-down approach. Diff: 2 Learning Obj.: 3

159) What are the differences between logical flow diagrams and analytic flowcharts? Answer: Suggested answer: The primary difference between a logical flow diagram and an analytic flowchart is that analytic flowcharts provide a physical description of a system while logical flow diagrams give a logical view of a system. The text referred to the use of logical flow diagrams in structured systems analysis. Practically speaking, either logical flow diagrams or analytic flowcharts can be incorporated for documentation purposes. Logical flow diagrams are useful because the analyst can document logic without committing to any particular physical implementation. A logical flow diagram allows an analyst to separate data flow from physical implementation, which may be useful in solving problems in either area. Analytic flowcharts are necessary tools to document a system's physical implementation, and should also be used to provide this important view of a system. Diff: 2 Learning Obj.: 3 160) What is the Rational Unified Process and what are the four phases incorporated in its framework? Answer: Suggested answer: RUP was developed after analyzing failures in many software development projects took place. The development framework breaks down project life cycles into four phases. They include the following: 1. Inception Phase - project is defined, described, and justified in terms of expected costs and benefits, risks, core requirements, and constraints. 2. Elaboration Phase - project documented in further detail using Unified Modeling Language (UML) diagrams and prototypes that deal with the identified risk. 3. Construction Phase - actual software is coded. 4. Transition Phase - software is deployed to end users for testing and training. Diff: 2 Learning Obj.: 2

161) Describe object-oriented design and analysis and how UML diagrams will aid OO. Also describe what effect transformation will have on the process of design. Answer: Suggested answer: The OO approach differs from the classic approach in that it focuses on objects and the actions the object performs, the data they use and how they collaborate with each other. Objects are said to possess METHODS (things they do) and ATTRIBUTES (data related to objects). UML diagrams are created to document these objects and how they communication with each other. The UML diagrams can then be directly "fed" into matching objects in computer programs. This greatly facilitates communication between the analysts, designers, and programmers, who essentially work in the same language of the objects. This is very different from the classical approach in which there is a language gap between DFDs and programming code. OO analysis relies on UML diagrams. OO analysis produces a conceptual model of what the system is functionally required to do. This conceptual model is typically represented in UML by use case diagrams, class diagrams, and interaction diagrams. The conceptual model is then transformed directly into computer program code. Diff: 2 Learning Obj.: 2

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 12 Systems Project Management, Implementation, Operation, Control 1) Delays are routine during implementation because it is impossible to anticipate all potential problems during the systems design process. Answer: TRUE Diff: 1 Learning Obj.: 1 2) Selecting and training personnel is one of the implementation activities that are carried out based on the design plan. Answer: TRUE Diff: 2 Learning Obj.: 1 3) The degree of success for a new system development project is affected by the adequacy of training given to employees. Answer: TRUE Diff: 2 Learning Obj.: 1 4) It is a good assumption that employees will learn to use a new system by themselves. Answer: FALSE Diff: 1 Learning Obj.: 2 5) One training method that makes use of current technological advances is computer-assisted training. Answer: TRUE Diff: 1 Learning Obj.: 2 6) New computer equipment generally does not require special provisions for complex wiring schemes. Answer: FALSE Diff: 1 Learning Obj.: 2 7) One powerful means of testing computer programs involves processing test data. Answer: TRUE Diff: 2 Learning Obj.: 2 8) The test data approach should not be designed to "break" the computer program. Answer: FALSE Diff: 2 Learning Obj.: 2 1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

9) The cutoff point is the point at which individual segments of the new system are phased in according to a specific time schedule. Answer: FALSE Diff: 2 Learning Obj.: 1 10) A project is a specific application that has been approved for development. Answer: TRUE Diff: 1 Learning Obj.: 3 11) An important criterion used in selecting projects for development is the project's expected return on investment. Answer: TRUE Diff: 2 Learning Obj.: 4 12) The basic resource in any systems project is time. Answer: FALSE Diff: 2 Learning Obj.: 4 13) The project leader uses a project accounting system to fulfill his or her project control responsibilities. Answer: TRUE Diff: 2 Learning Obj.: 4 14) The task completion schedule, based on task time estimates, should be maintained without revision if at all possible. Answer: FALSE Diff: 2 Learning Obj.: 4 15) Time estimate standards developed in-house generally are less effective than standards or estimates available in current project management literature. Answer: FALSE Diff: 2 Learning Obj.: 4 16) Purposely or inadvertently submitting unreasonably low time or cost estimates is known as lowballing. Answer: TRUE Diff: 2 Learning Obj.: 4

17) Typically 30 to 40 percent of total project time is spent in the analysis phase of the systems development life cycle. Answer: TRUE Diff: 2 Learning Obj.: 4 18) Timely project cost data is useful, but not essential, to track the costs incurred to date on a project. Answer: FALSE Diff: 2 Learning Obj.: 4 19) Almost all project accounting systems are automated. Answer: FALSE Diff: 1 Learning Obj.: 4 20) A weekly cost report that is available three weeks after the report date is still an effective tool for overall project control purposes. Answer: FALSE Diff: 1 Learning Obj.: 4 21) If data are input into the project accounting system that is both accurate and timely, it can produce revised cost estimates that are both accurate and timely. Answer: TRUE Diff: 1 Learning Obj.: 4 22) The level of detail produced in a project accounting system is proportionate to the overhead cost of running the system. Answer: TRUE Diff: 2 Learning Obj.: 4 23) The appropriate level of detail to be obtained from a project accounting system is generally decided by the chief information officer. Answer: FALSE Diff: 2 Learning Obj.: 4 24) From a control point of view, virtually all factors that relate to information systems are measured in terms of dollars. Answer: FALSE Diff: 2 Learning Obj.: 4 3 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

25) The ratio of actual CPU time used to CPU time available is one measure of system utilization. Answer: TRUE Diff: 1 Learning Obj.: 6 26) Audits of information systems often focus on internal control. Answer: TRUE Diff: 1 Learning Obj.: 3 27) The amount of testing of a system by an auditor is directly proportional to the degree to which adequate internal controls exist and are operating effectively. Answer: FALSE Diff: 2 Learning Obj.: 3 28) All modifications to a system's software and data schema should be formally reviewed and approved. Answer: TRUE Diff: 2 Learning Obj.: 3 29) Programmers making changes to system software should use the operational copy of the software to test the changes in a "real world environment." Answer: FALSE Diff: 2 Learning Obj.: 3 30) ISO 15504 (SPICE) is a process-based development approach that focuses on the "maturity" of the process being developed. Answer: TRUE Diff: 2 Learning Obj.: 1 31) The SPICE approach categorizes processes into five broad areas and scores "capability level" on a 10-point scale. Answer: FALSE Diff: 2 Learning Obj.: 1 32) A project development environment refers to the tools and technologies used to implement a given project. Answer: TRUE Diff: 2 Learning Obj.: 1 4 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

33) Within the project development environment the project collaboration platform serves to optimize management of the implementation of a systems development life cycle. Answer: FALSE Diff: 2 Learning Obj.: 1 34) Within the project development environment the software application framework provides a structured environment in which to develop software. Answer: TRUE Diff: 2 Learning Obj.: 1 35) A Web application framework that has received considerable attention is Ruby on Rails. Answer: TRUE Diff: 2 Learning Obj.: 1 36) In service-oriented architecture (SOA), an important part of the application development framework is the business process execution language (BPEL) service engine. Answer: TRUE Diff: 2 Learning Obj.: 5 37) The BPEL service engine needs a roadmap which is a set of visual diagrams based on the Unified Modeling Language and/or Business Process Modeling Notation. Answer: TRUE Diff: 2 Learning Obj.: 5 38) The integrated development environment is a software platform for diagrams and models. Answer: FALSE Diff: 2 Learning Obj.: 5 39) A software versioning system keeps only the current version of software source code available so version control issues are minimized. Answer: FALSE Diff: 2 Learning Obj.: 5 40) Two major software versioning systems are Subversion (SVN) and Current Version System (CVS). Answer: FALSE Diff: 2 Learning Obj.: 5

41) To determine the activities that are critical to keeping a project on schedule, ________ ________ must be obtained for each individual activity of the project. Answer: estimated times Diff: 2 Learning Obj.: 1 42) An announcement by management regarding project execution will have the benefit of minimizing ________. Answer: rumors Diff: 1 Learning Obj.: 2 43) Any successful systems implementation requires that considerable attention be given to employee ________. Answer: training Diff: 2 Learning Obj.: 2 44) In the design and implementation of a system, it is almost always necessary to do additional work during the ________ phase. Answer: implementation Diff: 2 Learning Obj.: 1 45) Good testing should do everything possible to ________ computer programs before they are implemented. Answer: break Diff: 2 Learning Obj.: 1 46) The development of computer software without ________ is an almost worthless exercise. Answer: documentation Diff: 1 Learning Obj.: 1 47) A major drawback of the ________ ________ process is that it can involve a greatly extended check-out period. Answer: modular conversion Diff: 2 Learning Obj.: 3 48) An expensive, time-consuming problem in systems implementation is ________ ________. Answer: file conversion Diff: 2 Learning Obj.: 1

49) ________ is necessary to ensure that the new system operates as planned. Answer: Follow-up Diff: 2 Learning Obj.: 1 50) ________ ________ should be submitted to the steering committee in writing. Answer: Project proposals Diff: 2 Learning Obj.: 4 51) ________ is a successive refinement to the project plan. Answer: Scheduling Diff: 2 Learning Obj.: 4 52) A(n) ________ chart is an ideal way to factor a project into phases and tasks and to document such a plan. Answer: HIPO Diff: 2 Learning Obj.: 4 53) Regarding project costs, project resources tend to be spent at a(n) ________ rate as a project proceeds toward completion. Answer: increasing Diff: 2 Learning Obj.: 4 54) A project accounting system operates much like a conventional ________ accounting system. Answer: cost Diff: 2 Learning Obj.: 4 55) A major problem with a system that is down too much is ________ ________ for the company. Answer: lost business Diff: 2 Learning Obj.: 6 56) ________ ________ Environment refers to the tools and technologies used to implement a given project. Answer: Project Development Diff: 2 Learning Obj.: 1

57) The Project ________ Platform serves to optimize management of the communication chain. Answer: Collaboration Diff: 2 Learning Obj.: 5 58) The ________ ________ Framework provides a structured environment in which to develop software. Answer: Software Application Diff: 2 Learning Obj.: 5 59) Many experts believe that eventually, in the future, all end-user software will run in ________ browsers. Answer: Web Diff: 2 Learning Obj.: 5 60) The BPEL service engine needs a roadmap which is a set of ________ diagrams based on Unified Modeling Language and/or Business Process Modeling Notation. Answer: visual Diff: 2 Learning Obj.: 5 61) ________ ________ Environment is a software platform for actually writing program code which provides specialized tools for testing and debugging programs and deploying them to servers for testing or release. Answer: Integrated Development Diff: 2 Learning Obj.: 5 62) A list of activities that is strategic to the project to keep it on schedule is called A) the critical path. B) a PERT diagram. C) a Gantt chart. D) the manager's priority matrix. Answer: A Diff: 1 Learning Obj.: 1 63) Good project management uses plans for implementing a system. The plans should provide A) specific budget information. B) a breakdown of the project into various phases. C) specific timetables for completion. D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 1 8 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

64) The first major step in systems implementation is A) review the systems design. B) establish plans and controls. C) evaluate the new system. D) execute activities. Answer: B Diff: 1 Learning Obj.: 1 65) The second major step in systems implementation is A) review the systems design. B) establish plans and controls. C) execute activities. D) evaluate the new system. Answer: C Diff: 1 Learning Obj.: 1 66) The document that shows the order in which activities may be performed and may be expanded to include estimated times for each individual activity is the A) Gantt chart. B) network diagram. C) PERT diagram. D) CPM diagram. Answer: B Diff: 2 Learning Obj.: 1 67) Which of the following groups of individuals should be on the special project team that executes the implementation of the design plan? A) Systems technical personnel B) Accountants and auditors C) Individuals who also participated in the design D) Design team members and affected managers Answer: D Diff: 1 Learning Obj.: 2 68) The execution of the systems implementation should begin with A) conversion. B) a formal announcement to employees. C) employee training. D) programming. Answer: B Diff: 1 Learning Obj.: 2 9 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

69) Perhaps the most important step regarding the success of a systems development project is A) employee training. B) conversion. C) detailed system design. D) operational training. Answer: A Diff: 2 Learning Obj.: 2 70) When implementing a new system, management often has to decide whether to train existing employees or hire new employees. Many times it is best to retain and retrain current employees because A) current employees are already familiar with the firm's operations. B) overall employee morale is enhanced. C) current employees are already familiar with the firm's operations and overall employee morale is enhanced. D) None of these answers is correct. Answer: C Diff: 2 Learning Obj.: 2 71) To provide the proper environment for computer equipment operations, the company must control A) security. B) wiring. C) access. D) temperature and humidity. Answer: D Diff: 1 Learning Obj.: 5 72) Which of the following activities occurs during the detailed systems design phase? A) Computer programming B) File conversion C) Documentation D) Evaluation Answer: A Diff: 1 Learning Obj.: 1

73) The design specifications for a computer program are determined by A) top management. B) users. C) the design team. D) the computer programmer. Answer: C Diff: 1 Learning Obj.: 2 74) One of the most important parts of systems implementation that is often overlooked or minimized is A) testing. B) documentation. C) data conversion. D) evaluation. Answer: B Diff: 1 Learning Obj.: 3 75) Which of the following can serve as both a training tool for new employees and a help for future computer programming? A) Testing B) Evaluation C) Systems analysis D) Documentation Answer: D Diff: 1 Learning Obj.: 3 76) What standard should be used to evaluate the quality of documentation produced by a programmer? A) The number of pages produced B) The number of logical flow diagrams and analytic flowcharts produced C) The amount of time spent to produce the documentation D) Whether a different programmer can use the documentation at a later date to modify the program Answer: D Diff: 2 Learning Obj.: 3

77) The process of changing input data into a format readable by the new system hardware is called A) testing. B) file conversion. C) evaluation. D) documentation. Answer: B Diff: 1 Learning Obj.: 1 78) The testing approach in which the old system is abandoned and the processing is switched to the new system is called A) parallel operation. B) modular conversion. C) the direct approach. D) the file conversion approach. Answer: C Diff: 1 Learning Obj.: 3 79) The testing approach in which the new system is phased in a segment at a time is A) parallel operation. B) modular conversion. C) the direct approach. D) the file conversion approach. Answer: B Diff: 1 Learning Obj.: 3 80) The most expensive approach to final systems testing is A) parallel operation. B) modular conversion. C) the direct approach. D) the file conversion approach. Answer: A Diff: 1 Learning Obj.: 3 81) The Weapons Testing Laboratory is implementing a new computer system. It desires to use the safest final system testing approach. It should choose A) the direct approach. B) parallel operation. C) the cutoff approach. D) modular conversion. Answer: B Diff: 2 Learning Obj.: 3 12 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

82) The Northwest Savings Bank is implementing a new computer system. It requires that the final testing systems approach is both safe and cost-effective. The bank has planned to implement the new system over the course of the next 18 months. The bank should choose A) parallel operation. B) the direct approach. C) modular conversion. D) the cutoff approach. Answer: C Diff: 2 Learning Obj.: 3 83) The selection of projects for development is usually the responsibility of A) the chief information officer. B) the board of directors of the organization. C) the chief financial officer. D) the steering committee or other organization-wide unit. Answer: D Diff: 2 Learning Obj.: 4 84) For an applications system project, the individual who should be included in the project team because he or she has the best working knowledge of how the application should function in the actual work environment is A) an analyst. B) the chief information officer. C) a computer programmer. D) a representative from the user department for which the application is being developed. Answer: D Diff: 2 Learning Obj.: 4 85) A system development project leader's direct responsibility regarding a project is to A) the user department. B) the steering committee. C) the information systems department. D) the department of which the leader is a member. Answer: B Diff: 2 Learning Obj.: 4

86) The individual who formally approves a system design and implementation project at its completion is the A) the project team leader. B) the chairperson of the steering committee. C) the manager of the department for which the application has been developed. D) the chief information officer. Answer: C Diff: 2 Learning Obj.: 4 87) In addition to project team organization, the project leader has several other primary responsibilities. Which of the following would not be a primary responsibility of the project leader? A) Database administration B) Allocation of resources C) Task assignment D) Status reporting Answer: A Diff: 2 Learning Obj.: 4 88) The major problem faced by any project team is A) scheduling. B) uncertainty. C) resources. D) managerial support. Answer: B Diff: 1 Learning Obj.: 4 89) The guiding philosophy behind factoring a project into detailed activities is A) top-down design with successive refinement. B) to schedule all activities according to CPM methodology. C) to use analytic flowcharts to factor a project into modules. D) to allow individual personnel to choose their own assignments. Answer: A Diff: 3 Learning Obj.: 4 90) The operational principle behind factoring a project into phases and tasks is A) top-down design with successive refinement. B) to schedule all activities according to CPM methodology. C) that each specific task or phase should provide a deliverable at its completion. D) to use analytic flowcharts to factor a project into modules. Answer: C Diff: 3 Learning Obj.: 4 14 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

91) One goal of factoring a project into detailed activities is to A) decrease the total project cost. B) decrease the total amount of time devoted to the project. C) assist in organizing the project's documentation. D) assist in assigning individual employees to tasks. Answer: D Diff: 3 Learning Obj.: 2 92) The best standard to use in developing estimates for the completion time of systems development projects in an organization is A) a vendor-developed standard. B) an industry-average standard. C) a standard recommended by a consultant. D) a standard developed by the organization's experience. Answer: D Diff: 2 Learning Obj.: 4 93) There is no general agreement of standard project phases and tasks in current project management literature and therefore there are no commonly accepted time estimates or standard processing rates. However, there is agreement as to several points related to the estimation process. Which of the following is not an agreed-upon point in the estimation process? A) Estimates are only estimates no matter how well thought out. B) Initial estimates regarding time and costs are almost always too high. C) The accuracy of estimation improves considerably as a project proceeds toward completion. D) Costs are frequently higher than originally estimated. Answer: B Diff: 3 Learning Obj.: 4 94) Which of the following is not an aspect of good project control? A) Setting measurable goals for each phase and task in the overall project B) Reporting actual performance against the established project goals C) Establishing and revising estimates of system utilization D) Evaluating any significant deviations from the project plan Answer: C Diff: 2 Learning Obj.: 4

95) An accounting system in which costs are assigned to individual projects as the projects proceed through their environment is known as a A) project accounting system. B) cost accounting system. C) managerial accounting system. D) financial accounting system. Answer: A Diff: 1 Learning Obj.: 4 96) Materials costs in system application development projects primarily consist of A) computer use charges for program development and testing. B) wages and salaries paid to project team members. C) supplies used by the project team during the course of the project. D) pro-rated amounts for temporary office space used by the project team. Answer: A Diff: 2 Learning Obj.: 4 97) A key input that is needed for the project accounting program to estimate future costs to complete projects are A) computer usage reports. B) overhead rates. C) time sheets. D) progress reports. Answer: D Diff: 2 Learning Obj.: 4 98) Certain performance measures for hardware, software, and personnel are important from a control point of view. Which method listed below is not used to evaluate these items? A) Processing time B) Dollars C) Performance D) Quality of documentation or quantity of program code produced Answer: B Diff: 2 Learning Obj.: 4 99) The percentage of the time an application is unavailable for use is known as A) the bottleneck interval. B) cutoff points. C) downtime. D) the minimal resource allocation period. Answer: C Diff: 2 Learning Obj.: 6 16 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

100) Most firms engage auditors to conduct an examination of an information system. The focus of such an audit should be A) the information system itself. B) system utilization and performance after the implementation is complete. C) the validity and accuracy of the data processed by the system. D) the information system itself and the validity and accuracy of the data processed by the system. Answer: D Diff: 2 Learning Obj.: 6 101) Which tools would an auditor engaged in examining an information system use in conducting the audit? A) Internal control questionnaires B) Compliance and specific transaction tests C) Internal control questionnaires and compliance and specific transaction tests D) None of these answers is correct. Answer: C Diff: 2 Learning Obj.: 6 102) In all operational systems it becomes necessary to make changes. A change made because of a computer programming error not detected until the system begins operation is typically caused by a(n) A) bug. B) virus. C) worm. D) unexpected design contingency. Answer: A Diff: 1 Learning Obj.: 5 103) Modifications to the system may be necessary as environmental conditions and information needs change. A systems modification that has been completed should always be A) approved by the organization's steering committee. B) carefully documented. C) low on the system development priority list since new system requests take priority. D) paid for by the user group who made the initial request. Answer: B Diff: 2 Learning Obj.: 6

104) Examples of "all-in-one" and Integrated Platforms application suites are A) Casewise and Netweaver Developer Studio. B) Ruby on Rails and Perl. C) Java and PHP. D) None of the above are Integrated Platforms suites. Answer: A Diff: 2 Learning Obj.: 5 105) A Web server is part of a(n) A) IDE. B) DB system. C) application solution stack. D) None of the above includes a Web server. Answer: C Diff: 2 Learning Obj.: 5 106) Regarding Web application coding, one could correctly say that A) server-side scripting is more popular than client-side scripting. B) server-side scripting is less popular than client-side scripting. C) server-side scripting and client-side scripting are equally popular. D) None of the above is correct. Answer: A Diff: 2 Learning Obj.: 5 107) Which is an example of server-side scripting? A) Java B) PHP C) Ruby D) None of the above is server-side scripting. Answer: A Diff: 2 Learning Obj.: 5 108) Which of the following is not true of a software versioning system? A) It can keep old copies of application software. B) It can be used to rollback mistakes after they are made. C) It works mainly as standalone software. D) All of the above are true of versioning software. Answer: C Diff: 2 Learning Obj.: 5

109) Software project collaboration platforms focus on A) implementing IDEs. B) debugging projects. C) communications. D) generating code automatically. Answer: C Diff: 2 Learning Obj.: 5 110) Under the SPICE approach, the processes are categorized into the below except A) communicating. B) customer-supplier. C) engineering. D) supporting. Answer: A Diff: 2 Learning Obj.: 1 111) Under SPICE a process is scored based on a 6-point A) difficulty level. B) capability level. C) scale of intelligence. D) management rating. Answer: B Diff: 2 Learning Obj.: 1 112) The tools and technologies used to implement a given project are in the A) the physical design. B) the conceptual framework. C) enterprise architecture. D) project development environment. Answer: D Diff: 2 Learning Obj.: 5 113) The project development environment includes the following except A) project collaboration platform. B) integrated development environment. C) software versioning system. D) customer-supplier stacks. Answer: D Diff: 2 Learning Obj.: 5

114) In the project development environment, serving to manage the communication chain is the A) project collaboration platform. B) software versioning system. C) integrated development environment. D) application solution stack. Answer: A Diff: 2 Learning Obj.: 5 115) A typical project collaboration platform is a ________ application in which all the project participants are able to access and create/review a project's organization, specification, milestones, checklists, tasks, shared document, work-time logs and software code. A) Perl 2.0 B) Ruby 2.0 C) Web 2.0 D) PHP 2.0 Answer: C Diff: 2 Learning Obj.: 5 116) In the project development environment, providing a structured environment in which to develop a software is the A) project collaboration platform. B) software versioning system. C) software application framework. D) integrated development environment. Answer: C Diff: 2 Learning Obj.: 5 117) Individual server-side development frameworks tend to be related to specific programming languages such as A) Java. B) PHP. C) PERL. D) All of the above pertain to server-side development. Answer: D Diff: 2 Learning Obj.: 5

118) The general trend is toward more ________ development, and some feel that eventually all end-user software will run in Web browsers. A) client-side B) server-side C) end-user D) object-oriented Answer: A Diff: 2 Learning Obj.: 5 119) A Web application framework and object oriented programming language that is based on the Model-View-Controller structure is A) OO collaboration. B) Web 2.0. C) PERL. D) Ruby on Rails. Answer: D Diff: 2 Learning Obj.: 5 120) In service-oriented architecture (SOA), an important part of the application development framework is the A) BPEL. B) IDE. C) UML. D) OMG. Answer: A Diff: 2 Learning Obj.: 5 121) Integrated Development Environment (IDE) is a software platform A) for storing old versions of code and communication software. B) for writing program code and providing specialized tools for testing and debugging programs. C) for Web servers identified for program planning and analysis. D) All of the above are examples of what an IDE will do. Answer: B Diff: 2 Learning Obj.: 5 122) The Software Versioning System keeps both current and historical versions of the A) deployment services already coded. B) objects already designed. C) software source code. D) UML diagrams. Answer: C Diff: 2 Learning Obj.: 5 21 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

123) A group of software components needed to deliver a workable application is called a(n) A) solution assessment package. B) finalized deliverable set. C) database system. D) application solution stack. Answer: D Diff: 2 Learning Obj.: 5 124) The application solution stack for a Web application typically includes the following except A) subversion software. B) target operating system. C) Web server. D) programming languages. Answer: A Diff: 2 Learning Obj.: 5

125) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Network diagram ________ 2. Parallel operation ________ 3. Modular conversion ________ 4. Project management ________ 5. Cutover point ________ 6. Downtime ________ 7. Bug ________ 8. Critical path ________ 9. Lowballing A. A moment in time under the direct approach to implementation where the switch to a new system is made B. Involves running the new and old systems simultaneously before final conversion C. The percentage of time that equipment is unavailable for use D. A scheduling technique that depicts the order in which the activities must be performed E. Purposely or inadvertently submitting unreasonably low time or cost estimates to obtain a contract F. Tools used to track progress and manage resources for a systems development project G. Computer programming error that is not detected until the program is in use H. A list of activities that are crucial in that if any one of them is delayed, the entire project will be delayed I. An approach to implementation that involves phasing in a new system in segments Answer: 1. D, 2. B, 3. I, 4. F, 5. A, 6. C, 7. G, 8. H, 9. E Diff: 2 Learning Obj.: 1, 3, 4, 6

126) Presented below is a list of terms related to project leader responsibilities. Required: For each term, insert the letter for the project leader responsibility to which the term relates. Use P for planning, S for scheduling, and C for control. Each letter will be used more than once. ________ 1. Progress and time reporting ________ 2. Uses PERT network charts ________ 3. Resource allocation ________ 4. Status reports to management ________ 5. Uses a project accounting system ________ 6. Project breakdown ________ 7. Task assignment ________ 8. Related to successive refinement of the project plan ________ 9. Activity/task scheduling ________ 10. Its objective is to facilitate resource assignment and control Answer: 1. C, 2. S, 3. P, 4. C, 5. C, 6. P, 7. S, 8. S, 9. S, 10. P Diff: 2 Learning Obj.: 1, 3, 4, 6

127) The Arnold Steel Company controller is concerned about the dollar costs associated with recent system problems. Specifically, she has mentioned what seems to be a lot of system downtime, lack of responsiveness to user queries and report requests, and the fact the data entry department's keying times have risen over the last two months. Required: a. Are the controller's concerns of a totally financial nature? Explain your answer. b. Identify from a systems implementation, operation, and control point of view what aspects the controller is dealing with, and what possible managerial controls could be established in this situation. Answer: a. The controller's concerns about the information system are not immediately (or easily) quantifiable in dollars and cents because she has identified three nonfinancial aspects of the information systems function. In the long run, if these problems are not controlled or eliminated, the company will begin to suffer financially. b. Such concerns about these examples of nonfinancial aspects of the information system can be addressed through establishing managerial controls. The three major nonfinancial aspects of the information systems function are as follows: • The hardware's performance: Examples: Measure system utilization, system downtime, and system responsiveness. Correct problems when measurement falls below an established threshold. • The software's performance: Examples: user friendliness and functionality. In this situation a modification may be necessary to make the system more responsive to user queries and generation of reports. This could also possibly be a capacity problem, and/or hardware performance oriented. This potentially could become an excellent systems development project for the company to undertake. • The personnel's performance: Examples: the efficiency of data entry personnel, system operators, and hardware repair personnel. Again, measurement and setting benchmarks will provide needed feedback as to the possible problem with slow keying times. This situation may be personnel oriented as well as either hardware and/or software oriented. The problem should be further investigated to determine the causes of the slow keying times. Diff: 2 Learning Obj.: 6

128) Name five options available to organizations to train employees when a system is newly installed or modified. Answer: Suggested answer: Training options available to organizations include: • hiring outside consultants • using training manuals • using videotape presentations • using audiotape presentations • using training seminars • using individualized hands-on instruction • using computer-assisted training Diff: 2 Learning Obj.: 2 129) What are some of the reasons why time estimates are often inaccurate? Answer: Suggested answer: Major causes of inaccurate time estimates are: • the uncertainties inherent in systems development, such as final user preferences and needs • lack of personnel experienced in systems development • undue pressure to complete a project • the desire on the part of participants (employees or contractors) to appear more efficient • failure to consider nonproductive time, such as time lost due to sickness • failure to consider the productive capabilities of different people Diff: 2 Learning Obj.: 4

130) Briefly describe the following three methods of converting from an old system to a new system, and give the advantages and disadvantages of each: • direct approach • parallel operation • modular conversion Answer: Suggested answer: The direct approach involves switching to the new system at once and discontinuing the old system at a certain point in time called a cutoff point (such as a possible weekend conversion). This method may be used when incompatible or relatively minor changes are being implemented. An advantage to this approach is that it is relatively inexpensive. The drawback to this approach is that it allows for the possibility of major system problems impairing the actual operation of the company. Parallel operation involves using both the old system and the new system simultaneously for a period of time while the new system is being "debugged." The results of operations of both systems are compared. If discrepancies are found, it probably indicates problems in the new system. The advantage to this approach is that it is extremely safe. The disadvantage is that it is very expensive and may not be cost effective in all applications. Modular conversion involves a gradual phase-out of the old system on a module-by-module or segment basis. Some aspects of operation are switched over to the new system while the old system is used for other aspects. An advantage of this system is that it is very safe, as any new module or segment which proves to be defective can be temporarily replaced with the old module or segment. The disadvantage of such a conversion is that it can involve a greatly extended checkout period. Diff: 2 Learning Obj.: 1 131) What is the ultimate objective of breaking down an overall new systems development project into phases? How is this process accomplished? Answer: Suggested answer: The overall objective of breaking down a project into distinct phases is to maintain control over the project. This is accomplished best by subdividing the project into separate phases (or factoring). If a total project is suitably factored into the smaller components of a system life cycle, the project becomes easier to control and understand. Factoring involves defining specific tasks, assigning tasks to particular individuals, estimating the time and costs required at each phase, requiring documentation to be produced at each phase, and having high-level management review after each phase is completed. There is no standard method for factoring a project into detailed activities; however, the guiding philosophy here is to incorporate top-down design with successive refinement. Diff: 2 Learning Obj.: 4

132) What is a project accounting system, and how does it function? Answer: Suggested answer: A project accounting system is actually a cost accounting system. The system is used to assign costs to individual projects as they proceed through their development cycle. A properly operating project accounting system can keep track of costs incurred to date on a project and provide a summary cost report at the project's completion. Such a system can be either manual or automated. There are six major components of a project accounting system as follows: • overhead rates • time sheets • computer usage summaries • progress reports • costs to date • revised cost estimates Inputs into the system must be timely and accurate. The final input which must be input on a timely basis is the progress report, which details the amount of progress to date on each project. Project accounting systems can be as detailed as necessary to provide timely and accurate information, but care must be taken to not require too much detail. If too much detail is required, the costs of running the system may well outweigh the benefits derived from the system's output reports. Diff: 2 Learning Obj.: 4

133) What is the project development environment? Explain the major components within this environment. Answer: Suggested answer: The project development environment refers to the tools and technologies used to implement a given project. This includes 1. the project collaboration platform, 2. the software application framework, 3. the integrated development environment, 4. the software versioning system, and 5. the development and deployment application solution stacks. The project collaboration platform serves to optimize management of the communication chain. Typically, project collaboration platform is a Web 2.0 application in which all the project participants are able to access and create/review projects, organize project specifications, milestones, checklists, tasks, shared documents, work-time logs, and software code. The software application framework provides a structured environment in which to develop a software. The framework may include specific programming languages, development tools and aids, and libraries of software that provide ready-made functionality. The integrated development environment is a software platform for actually writing program code, provides specialized tools for testing and debugging programs and deploying them to servers for testing or final release. Most IDEs support third party plug-ins to support different programming languages. The software versioning system keeps current and historical versions of the software source code (i.e., the programs as they are written by programmers). Such version control permits programmers (and managers) to logically retain a complete updated copy of the software as often as every time it is saved by the programmer during development. This permits not only an historical record (and audit trail) of the development, it also permits the software to be rolled back to an earlier version in case of a problem in the current version. An application solution stack (APS) is a group of software components needed to deliver a workable application. The APS for a Web application typically includes the target operating system, the Web server, the database system, and the programming language(s) and any other needed component of the application software framework. Diff: 2 Learning Obj.: 5

•Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 13 Data Management Concepts 1) The terms field, data item, attribute, and element are synonyms. Answer: TRUE Diff: 1 Learning Obj.: 1 2) A field would be composed of "customer name" and "customer account number." Answer: FALSE Diff: 1 Learning Obj.: 1 3) Variable-length records are easier to manipulate than fixed-length records because the size of the variable-length record is generally smaller than the fixed-length record. Answer: FALSE Diff: 2 Learning Obj.: 1 4) Occurrences are also known as instances. Answer: TRUE Diff: 1 Learning Obj.: 1 5) Related groups of fields that repeat themselves in variable-length records are called repeated groups. Answer: TRUE Diff: 1 Learning Obj.: 1 6) It is useful to sort the records in a file so that they are either in ascending or descending order relative to the sort key. Answer: TRUE Diff: 2 Learning Obj.: 1 7) The entity-relationship data model is perhaps the most promising modeling technique. Answer: FALSE Diff: 2 Learning Obj.: 2 8) The tree database structure corresponds to the data structure supported by COBOL and other widely used programming languages. Answer: TRUE Diff: 2 Learning Obj.: 2 1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

9) Network systems are pointer-based systems that allow users to browse through databases in random fashion by selecting keywords or objects. Answer: FALSE Diff: 2 Learning Obj.: 3 10) Relational databases use relational algebra to create tables. Answer: TRUE Diff: 1 Learning Obj.: 3 11) Nominalization is the process of applying rules to normal forms in relational database structures. Answer: FALSE Diff: 2 Learning Obj.: 3 12) In the first normal form, repeated groups are allowed. Answer: FALSE Diff: 2 Learning Obj.: 3 13) An index file is fully inverted when indexes exist for all of its fields. Answer: TRUE Diff: 2 Learning Obj.: 4 14) Sequential-access files are often referred to as ISAM files. Answer: FALSE Diff: 1 Learning Obj.: 4 15) Using the direct-access method, the only thing needed to locate a record is its key value. Answer: TRUE Diff: 2 Learning Obj.: 4 16) Using the direct-access method, congestion results when two or more records yield the same address. Answer: FALSE Diff: 2 Learning Obj.: 4

17) The length of time the user must wait for the system to complete an operation is known as downtime. Answer: FALSE Diff: 1 Learning Obj.: 4 18) Records are contiguous when they are physically next to each other on a disk. Answer: TRUE Diff: 2 Learning Obj.: 6 19) The logical structure of a database is called a schema. Answer: TRUE Diff: 2 Learning Obj.: 6 20) DBMS is a user-friendly computer language or interface that allows the user to request information from the database. Answer: FALSE Diff: 2 Learning Obj.: 6 21) SQL is a non-procedural programming language. Answer: TRUE Diff: 2 Learning Obj.: 6 22) In SQL, WHERE must be used to determine which records from the tables listed in the FROM clause will appear in the results of the SELECT statement. Answer: FALSE Diff: 2 Learning Obj.: 6 23) Individual logical expressions may be combined in a FROM clause with the Boolean operator AND in SQL. Answer: FALSE Diff: 2 Learning Obj.: 6 24) In some respects, the word "file" loses its meaning in a database environment. Answer: TRUE Diff: 1 Learning Obj.: 1

25) Database software primarily deals with the physical aspects of file use, while accounting application software deals with the logical aspect of file use. Answer: FALSE Diff: 1 Learning Obj.: 1 26) A major advantage of DBMS is its ability to construct special database files quickly and efficiently. Answer: TRUE Diff: 2 Learning Obj.: 5 27) A data dictionary can only be used with a DBMS. Answer: FALSE Diff: 1 Learning Obj.: 5 28) A database alias can also arise because the same data item is called different things in different programs written in different languages. Answer: TRUE Diff: 1 Learning Obj.: 5 29) When a DBA is present and active within an organization, users are almost always willing to give up their responsibility for data elements. Answer: FALSE Diff: 2 Learning Obj.: 5 30) A database is a structured collection of data stored in a computer system or network. Answer: TRUE Diff: 2 Learning Obj.: 1 31) A database together with database software is database agnosticity. Answer: FALSE Diff: 2 Learning Obj.: 1 32) A database management system is independent of the application software therefore permitting upgrading or modifying the eBusiness application without changing data or database software. This is referred to as database agnosticity. Answer: TRUE Diff: 2 Learning Obj.: 1

33) Software tools such as Casewise are used to visually represent the E-R models. Answer: TRUE Diff: 2 Learning Obj.: 2 34) Database drivers, NOT database connectors, can be used to connect the business application to the DBMS. Answer: FALSE Diff: 2 Learning Obj.: 5 35) Object-oriented modeling can be easily transformed into OO program code. Answer: TRUE Diff: 2 Learning Obj.: 6 36) The move to object-oriented design is due to the fact that OO databases outperform relational databases in a wide range of common tasks that are typically performed in a business environment. Answer: FALSE Diff: 2 Learning Obj.: 6 37) OLAP is a multidimensional generalization of the 3-dimensional relational table. Answer: FALSE Diff: 2 Learning Obj.: 6 38) An advantage of OLAP is its fast response time. Answer: TRUE Diff: 2 Learning Obj.: 6 39) OLAP uses simple multidimensional "indexes" called aggregations in data mining applications. Answer: FALSE Diff: 2 Learning Obj.: 6 40) A petabyte is 1015 bytes (characters). Answer: TRUE Diff: 2 Learning Obj.: 6

41) In-memory database differs from conventional databases in that the entire database is loaded into computer-internal high-speed random access memory or other high-speed electronic storage device. Answer: TRUE Diff: 2 Learning Obj.: 6 42) ACID is used to prevent database fraud. Answer: FALSE Diff: 2 Learning Obj.: 6 43) The smallest block of data that can be stored and retrieved in an information system is a(n) ________. Answer: field data item attribute element Diff: 1 Learning Obj.: 1 44) ________ are one of the fundamental building blocks used to construct databases. Answer: Segments Diff: 2 Learning Obj.: 1 45) The term ________ ________ order applies to a field on which the file is not sorted. Answer: relative random Diff: 2 Learning Obj.: 1 46) In the E-R conceptual model, the term ________ is used instead of segment, and the term ________ is used to refer to individual fields or data items. Answer: entity; attribute Diff: 2 Learning Obj.: 1 47) ________ fields cross-link segments in tree and network database structures. Answer: Pointer Diff: 2 Learning Obj.: 3 48) A row in a relational database table is called a(n) ________. Answer: tuple Diff: 2 Learning Obj.: 3 6 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

49) In an ISAM file organization, the portion of the disk on which the actual records are written is the ________ area. Answer: prime Diff: 2 Learning Obj.: 4 50) A file that allows an individual to almost instantaneously retrieve records without the use of an index is a(n) ________-access file. Answer: direct Diff: 1 Learning Obj.: 4 51) The computer language that allows a DBA to define the logical structure of the database is called ________. Answer: DDL Diff: 2 Learning Obj.: 6 52) The first word usually found in an SQL statement intended to extract data from a database is ________. Answer: SELECT Diff: 2 Learning Obj.: 6 53) A database ________ is a collection of all data item names in a database, along with a description of the standardized representation form of the data items. Answer: dictionary Diff: 1 Learning Obj.: 5 54) An invaluable benefit of DBMSs is their ability to provide ________ for databases. Answer: security Diff: 1 Learning Obj.: 5 55) One primary objective of a data dictionary is to eliminate data ________ to the extent feasible. Answer: redundancies Diff: 2 Learning Obj.: 3 56) ________ refers to the physical form that data will be stored in, such as BCD or EBCDIC. Answer: Encoding Diff: 2 Learning Obj.: 5

57) Database ________ permits upgrading or modifying the eBusiness application without changing data or database software. Answer: agnosticity Diff: 2 Learning Obj.: 1 58) A software database ________, also called a database connector, can be used to connect the business application to the DBMS. Answer: driver Diff: 2 Learning Obj.: 6 59) OLAP is a multidimensional generalization of the 2-dimensional ________ table. Answer: relational Diff: 2 Learning Obj.: 6 60) When the entire database is loaded into computer-internal high-speed random access memory or other high speed electronic storage device, it is called ________ database. Answer: in-memory Diff: 2 Learning Obj.: 6 61) The "A" in ACID stands for ________. Answer: atomicity Diff: 2 Learning Obj.: 6 62) ________ in ACID means a transaction is not undone if the system fails after it is completed. Answer: Durability Diff: 2 Learning Obj.: 6 63) Fields associated with other fields in a logical grouping are known as A) elements. B) records. C) data items. D) attributes. Answer: B Diff: 1 Learning Obj.: 1

64) In the CUSTOMER record, the field NAME contains the word "Jones" along with 20 spaces after the last character. This is an example of a A) variable-length record. B) data item. C) fixed-length record. D) trailer. Answer: C Diff: 2 Learning Obj.: 1 65) In data management terminology, a record occurrence is a A) secondary sort key. B) trailer record containing additional data. C) method of specifying variable-length records. D) specific example of a record structure. Answer: D Diff: 1 Learning Obj.: 1 66) A trailer record is an extension of a(n) A) master record. B) attribute. C) segment. D) transaction record. Answer: A Diff: 1 Learning Obj.: 1 67) Variable-length records have characteristics that are not found in fixed-length records. An example of such a characteristic is A) the field width can be adjusted for each data occurrence. B) because of their size, most records stored on DASD are variable-length records. C) the actual number of fields can vary from one data occurrence to another. D) the field width can be adjusted for each data occurrence and the actual number of fields can vary from one data occurrence to another. Answer: D Diff: 2 Learning Obj.: 1

68) In the record format STORE (STORE_NO, CITY, VEND#1,VEND#2) which field is repeated? A) STORE B) CITY C) VEND D) STORE_NO Answer: C Diff: 2 Learning Obj.: 1 69) In the record format STORE (STORE_NO, CITY, VEND#1,VEND#2) which field is the parent? A) STORE B) CITY C) VEND D) STORE_NO Answer: A Diff: 2 Learning Obj.: 1 70) In the record format STORE (STORE_NO, CITY, VEND#1,VEND#2) which field is the key? A) STORE B) STORE_NO C) VEND D) CITY Answer: B Diff: 2 Learning Obj.: 1 71) The difference between segments and simple records is that A) simple records have parents and children. B) segment are collections of fields. C) segments have parents and children. D) segments have no fields. Answer: C Diff: 2 Learning Obj.: 1

72) A data item or combination of data items that uniquely identify a particular record in a file is called a(n) A) key. B) occurrence. C) attribute. D) variable-length field. Answer: A Diff: 1 Learning Obj.: 1 73) Four records have the record structure: PART (PART_NO, WARHSE). PART (101,1) PART (101,2) PART (103,1) PART (106,1) Which of the following would be appropriate to use as a record key? A) PART B) PART_NO C) WARHSE D) Answers B and C combined would form a record key. Answer: D Diff: 1 Learning Obj.: 1 74) To process and locate records in files, it is necessary to use a(n) A) attribute. B) key or record key. C) parent. D) element. Answer: B Diff: 1 Learning Obj.: 1 75) Four records have the record structure: EQUIPMENT (EQUIP#, LOCATION). EQUIPMENT (204,1) EQUIPMENT (204,2) EQUIPMENT (208,1) EQUIPMENT (209,1) When sorting these records, which field is the primary sort key and which field is the secondary sort key? A) EQUIPMENT is primary; no secondary sort key is required. B) EQUIP# is primary; no secondary sort key is required. C) EQUIP# is primary; LOCATION is the secondary key. D) LOCATION is primary; EQUIP# is the secondary key. Answer: C Diff: 3 Learning Obj.: 1 11 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

76) A database is defined in terms of the kind of information it includes and the purposes for which it is to be used. This is an example of defining database architecture at the A) logical level. B) conceptual level. C) physical level. D) relational level. Answer: B Diff: 2 Learning Obj.: 2 77) An analyst has identified a certain database as "indexed-sequential." This is an example of defining database architecture at the A) physical level. B) conceptual level. C) logical level. D) relational level. Answer: A Diff: 2 Learning Obj.: 4 78) A database has a hierarchical data structure. This is an example of defining database architecture at the A) physical level. B) conceptual level. C) sequential level. D) logical level. Answer: D Diff: 2 Learning Obj.: 2 79) In an entity-relationship data model, the concepts of part number, type, and cost are known as A) entities. B) attributes. C) relations. D) objects. Answer: B Diff: 2 Learning Obj.: 1, 2

80) In the object-oriented modeling technique, related groups of fields are known as A) objects. B) parents. C) children. D) object classes. Answer: D Diff: 2 Learning Obj.: 2 81) In the entity-relationship model, a diamond shape in a diagram represents A) a relationship. B) an entity. C) an attribute. D) an object. Answer: A Diff: 2 Learning Obj.: 2 82) In the object-oriented database modeling technique, an object class divided into subclasses represents an A) object. B) entity. C) inheritance relationship. D) object class. Answer: C Diff: 2 Learning Obj.: 2 83) In the object-oriented modeling technique, an object class has the following structure: PAPER_INVENTORY (SUPPLIER_NO, DISCOUNT) What is the structure of the subclass COPY having the unique attributes QUANTITY and TYPE? A) COPY (QUANTITY, TYPE) B) COPY (SUPPLIER_NO, QUANTITY, TYPE) C) COPY (SUPPLIER_NO, DISCOUNT, QUANTITY, TYPE) D) COPY (PAPER_INVENTORY, QUANTITY, TYPE) Answer: C Diff: 3 Learning Obj.: 2

84) Network, tree, and relational models are examples of database structure at which level? A) Physical level B) Logical level C) Conceptual level D) Hierarchical level Answer: B Diff: 1 Learning Obj.: 2 85) The database structure which allows a child segment to have more than one parent is the A) network. B) sequential. C) tree. D) object. Answer: A Diff: 2 Learning Obj.: 2 86) The logical structure most commonly used in business today is the A) tree structure. B) network structure. C) hierarchical structure. D) relational structure. Answer: D Diff: 1 Learning Obj.: 2 87) Pointer fields are not used in A) relational structures. B) list structures. C) hypertext models. D) semantic data networks. Answer: A Diff: 2 Learning Obj.: 3 88) Tables without repeating groups in a relational database are said to be A) unnormalized. B) in the first normal form. C) in the second normal form. D) in the third normal form. Answer: B Diff: 2 Learning Obj.: 3

89) In a relational database, tables that do not have any nonkey fields determining the values of other nonkey fields are said to be A) in the first normal form. B) in the second normal form. C) in the third normal form. D) unnormalized. Answer: C Diff: 2 Learning Obj.: 3 90) In a relational database, tables in which no key field is allowed to determine the values of any nonkey field are said to be A) unnormalized. B) in the third normal form. C) in the first normal form. D) in the second normal form. Answer: D Diff: 2 Learning Obj.: 3 91) Sequential-access files are useful A) when only a small number of records need to be accessed in a file containing a large number of records. B) in batch processing. C) when files are unsorted. D) when a large accounts receivable master file is in random account number order. Answer: B Diff: 3 Learning Obj.: 4 92) What data are stored in the index of an indexed file? A) The keys and the disk addresses of the individual records B) The disk addresses of the individual records C) All essential fields for the individual records D) The keys for the individual records Answer: A Diff: 1 Learning Obj.: 4

93) The processing time required to maintain a fully inverted file A) is fast since the entire index can be loaded into primary memory. B) is almost instantaneous because long indexes can be factored into subindexes. C) is fast when two processors are used simultaneously to process the data and index files at the same time. D) can be high since the indexes require more disk storage and must be updated whenever records are added, deleted, or changed. Answer: D Diff: 3 Learning Obj.: 4 94) The processing and inquiry objectives of file usage are both addressed by A) sequential-access file organization. B) fully inverted index file organization. C) indexed-sequential file organization. D) direct-access file organization. Answer: C Diff: 2 Learning Obj.: 4 95) Which of the following is characteristic of the indexed-sequential access method? A) Processing is direct-access; queries are sequential. B) Processing is sequential; queries are handled through an index. C) Processing and queries are both handled through an index. D) Processing and queries are both sequential. Answer: B Diff: 2 Learning Obj.: 4 96) An indexed-sequential file contains A) an index, a prime area, and an overflow area. B) an index, a parent file, and a child file. C) an index, an access area, and a hierarchical file. D) an index, an overflow area, and a fully inverted file. Answer: A Diff: 1 Learning Obj.: 4 97) The purpose of the index in an ISAM file is to A) increase the time needed to write records on the prime area. B) bump records to the overflow area when no prime space is available. C) link the record key to the address. D) search tracks for the desired record. Answer: C Diff: 2 Learning Obj.: 4 16 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

98) A widely used method of storing and locating records in a direct-access file is A) when a record's key field corresponds directly to the coding scheme used by the computer itself. B) to store physical device addresses as a field within a file's records. C) to convert a key to a storage location address using an index. D) to convert a key to a storage location address using a randomizing transformation. Answer: D Diff: 2 Learning Obj.: 4 99) The use of a randomizing transformation to process transactions against a direct-access master file is based on A) comparing the master record key and the transaction record key for equality. B) converting the transaction record key to a storage area location address by using a mathematical algorithm. C) searching a list structure for the associated master file record. D) searching an index for the associated master file record. Answer: B Diff: 2 Learning Obj.: 4 100) Overflow in a directly-accessed file means A) hashing a record to an address. B) vacant storage space created by the hashing results. C) extra storage space is required because the hashing results in more than one record being assigned to the same address. D) a separate section of the disk is allocated for file additions. Answer: C Diff: 2 Learning Obj.: 4 101) The basic economics of file processing are largely determined by the activity ratio, which is the A) number of times a master file is accessed during a period. B) average number of transactions contained in a transaction file. C) number of accessed records times the number of records in the file. D) number of accessed records divided by the number of records in the file. Answer: D Diff: 1 Learning Obj.: 6

102) A high activity ratio A) is typical of batch processing, such as a payroll application. B) is characteristic of all file processing activities in a large corporation. C) spreads the fixed costs of sequential processing over fewer transactions. D) makes ISAM processing more economical if the files are not processed in low activity situations. Answer: A Diff: 3 Learning Obj.: 4 103) The cost of processing per transaction in a high-activity environment is the lowest in which of the following file organization techniques? A) Indexed B) Sequential C) Direct D) Indexed-sequential Answer: B Diff: 2 Learning Obj.: 6 104) Response time is affected by A) disk access time. B) how data records are physically distributed on the disk. C) the database management system but not the operating system. D) disk access time and how data records are physically distributed on the disk. Answer: D Diff: 3 Learning Obj.: 6 105) In a database management system, defining an individual user view of the database is known as defining the A) subschema. B) name of a data element. C) schema. D) number of positions of the data element. Answer: A Diff: 2 Learning Obj.: 6

106) The database computer language that consists of commands for updating and extracting data is A) DDL. B) DBA. C) DML. D) DQL. Answer: C Diff: 1 Learning Obj.: 6 107) The basic DML statement used to modify the rows of tables in SQL is A) SELECT. B) DELETE. C) UPDATE. D) INSERT. Answer: C Diff: 1 Learning Obj.: 6 108) In SQL, the query to extract a customer name from a table identified as company is A) SELECT name, company. B) SELECT name FROM company. C) SELECT company, name. D) SELECT FROM company, name. Answer: B Diff: 2 Learning Obj.: 6 109) In an SQL query, ________ is the comparison operator used to specify "greater than." A) >= B) => C) > D) =>> Answer: C Diff: 1 Learning Obj.: 6 110) The command used in an SQL query to combine fields from several tables is A) GROUP BY. B) ORDER BY. C) WHERE INSTR. D) INNER JOIN. Answer: D Diff: 2 Learning Obj.: 6

111) Database management systems have the ability to integrate separate data files for various accounting applications. In the absence of integration, each type of accounting application will maintain its own independent data files. Which of the following is an advantage of maintaining separate files for accounting applications? A) Maintaining separate files is simple. B) Using independent files, accounting data must be fed into each application file numerous times. C) Since files are defined early in the implementation process, the evolving needs of applications may be constrained by the existing file structure. D) Independence among files often leads to different structures for the same data. Answer: A Diff: 2 Learning Obj.: 5 112) The essential characteristics of the database approach to data processing of accounting data requires that A) data storage is integrated into a single database. B) separate processing routines are required for separate files. C) all access to integrated files is through a single software system. D) data storage is integrated into a single database and all access to integrated files is through a single software system. Answer: D Diff: 3 Learning Obj.: 5 113) Database dictionaries are defined and controlled by A) a DBA. B) a DBMS. C) the SQL DML component. D) the organization's steering committee. Answer: A Diff: 1 Learning Obj.: 5 114) Which of the following is an alias? A) A file whose records consist of data item descriptions B) The use of more than one name for the same field C) The user having the final responsibility for a data item D) The physical form in which data are stored in a database Answer: B Diff: 2 Learning Obj.: 5

115) A database dictionary is defined and controlled by A) the controller. B) the owner. C) DMA. D) DBA. Answer: D Diff: 2 Learning Obj.: 5 116) Database dictionaries are used both alone and with DBMSs to ________ the use of data within an organization A) centralize and document B) centralize and control C) centralize, document, control, and coordinate D) centralize, document, and coordinate Answer: C Diff: 2 Learning Obj.: 5 117) Many of the problems a database administrator faces within an organization are A) internal-control related. B) political. C) software and hardware related. D) data-integrity related. Answer: B Diff: 2 Learning Obj.: 5 118) A database, together with database software, is A) database objects. B) database agnosticity. C) a database management system. D) a database logical structure. Answer: C Diff: 2 Learning Obj.: 1 119) ________ permit(s) the data to be physically stored apart from the application which facilitates a client-server, tiered architecture environment, in which multiple client users access a shared database. A) Database objects B) Database agnosticity C) Database management system D) Database logical structure Answer: B Diff: 2 Learning Obj.: 1 21 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

120) ________ connect(s) the business application to the database management system. A) Database driver B) Database agnosticity C) CASEwise D) Database objects Answer: A Diff: 2 Learning Obj.: 6 121) Object-oriented modeling can be ________ easily into object-oriented program code. A) moved B) translated C) uploaded D) transformed Answer: D Diff: 2 Learning Obj.: 2 122) In practice, ________ databases outperform ________ databases in a wide range of common tasks that are typically performed in a business environment. A) object-oriented, relational B) conceptual, relational C) relational, object-oriented D) object-oriented, conceptual Answer: C Diff: 2 Learning Obj.: 6 123) ________ is a multidimensional generalization of the 2-dimensional relational table which provides incredibly fast response times. A) OLAP B) UML C) RUP D) RAD Answer: A Diff: 2 Learning Obj.: 6 124) OLAP uses complicated multidimensional "indexes" called A) data mining. B) aggregations. C) drivers. D) transformers. Answer: B Diff: 2 Learning Obj.: 6 22 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

125) What defines an entire database being loaded into computer-internal high-speed random access memory or other high-speed electronic storage device? A) Internal database B) In-resident database C) RAM database D) In-memory database Answer: D Diff: 2 Learning Obj.: 6 126) ACID A) ensures reliability of processing database transactions. B) makes sure development of databases is thorough. C) ensures a complete design is implemented. D) makes processing data extremely fast and reporting error free. Answer: A Diff: 2 Learning Obj.: 6 127) The "C" in ACID stands for A) completeness. B) consistency. C) conventional. D) conceptual. Answer: B Diff: 2 Learning Obj.: 6 128) High level query languages include the below except A) QBE. B) NLDQ. C) OQL. D) SQL. Answer: D Diff: 2 Learning Obj.: 6 129) Third party reporting solutions can provide end users the ability to easily extract reports and queries from the application database. Examples of these reporting solutions include A) Crystal Reports. B) MicroStrategy. C) OLAP. D) Crystal Reports and MicroStrategy are both examples of 3rd party reporting solutions. Answer: D Diff: 2 Learning Obj.: 6 23 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

130) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. DBA ________ 2. Inheritance ________ 3. Occurrence ________ 4. Branch ________ 5. Database model ________ 6. Record ________ 7. Fully inverted file ________ 8. Trailer record ________ 9. Record key ________ 10. Field A. The connection between children and parent(s) in a tree structure B. Individual who has overall responsibility for database administration C. The smallest block of data that will be stored and retrieved in the information system D. A synonym for schema E. A relationship created when an object class is divided into subclasses F. A file in which all fields are indexed G. A specific set of data values for a record H. A logical grouping of fields (data items) that concern a certain entity I. A data item or combination of data items that uniquely identify a particular record in a file J. A fixed-length extension of a master record Answer: 1. B, 2. E, 3. G, 4. A, 5. D, 6. H, 7. F, 8. J, 9. I, 10. C Diff: 2 Learning Obj.: 1

131) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Ring structure ________ 2. Alias ________ 3. ISAM ________ 4. Relational algebra ________ 5. Tuple ________ 6. Activity ratio ________ 7. Variable-length record ________ 8. Normalization ________ 9. Disk access time ________ 10. Randomizing transformation A. A row in a relational table B. Both the number of fields and the length (character size) of each field are variable C. A list organization in which the last record in the ring points back to the first record D. Operations used to extract information from relational tables E. A widely used method of storing and locating records in a direct-access file F. The process of applying normal form rules in the relational database model G. A synonym for indexed-sequential file organization H. The length of time required for the CPU to retrieve a single block of data from the disk I. Different users call the same field different names J. The number of active records divided by the number of records in the file Answer: 1. C, 2. I, 3. G, 4. D, 5. A, 6. J, 7. B, 8. F, 9. H, 10. E Diff: 2 Learning Obj.: 1, 2, 3

132) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Logical data structure ________ 2. Key ________ 3. Node ________ 4. DQL ________ 5. Element ________ 6. Hypertext systems ________ 7. DML ________ 8. SELECT ________ 9. First normal form ________ 10. DDL A. Defines the logical structure of the database (schema) B. A synonym for field C. A synonym for record key D. Systems that allow users to browse through databases in random fashion by selecting key words or objects E. The rational manner in which records and fields in the database are structured and organized F. Almost all statements in SQL begin with this word G. The commands for updating, editing, manipulating, and extracting data from a database H. A user-friendly language or interface that allows the user to request information from the database I. Relational tables that do not contain any repeating groups J. A synonym for repeated group Answer: 1. E, 2. C, 3. J, 4. H, 5. B, 6. D, 7. G, 8. F, 9. I, 10. A Diff: 2 Learning Obj.: 1, 2, 3, 4, 6

133) Listed below are ten examples of file organization. Required: From the following three choices, match the file organization technique with each of the ten examples listed. All techniques will be used more than once. S = Sequential IS = Indexed-sequential D = Direct access ________ 1. A large manufacturing company pays all employees once a week. ________ 2. The inventory system of a 24-hour grocery store automatically orders merchandise from vendors when the inventory level is low. ________ 3. A bank customer checking account file is online in an ATM network. The bank also uses the file each month to produce customer statements. ________ 4. An Internet retailer sells children's toys online. ________ 5. An airline reservation system answers customer inquiries about available flights and seats and makes customer reservations. ________ 6. Bookstore employees use an inventory file each week to prepare purchase orders for books. ________ 7. A plant assets file for a small manufacturer is used to prepare quarterly depreciation reports. It is used once a year to prepare a report for insurance purposes. ________ 8. Employees use a vendor application at a trucking company daily to answer questions and accrue accounts payable. The company writes checks to vendors once a week. ________ 9. A file of payables due to actors and writers is processed monthly to prepare royalty checks; it is also used once a year to prepare tax reports. ________ 10. A metropolitan branch library scans books to check them out, answers patron inquiries about available books, and mails monthly statements to patrons having overdue books. Answer: 1. S, 2. D, 3. IS, 4. D, 5. D, 6. S, 7. S, 8. IS, 9. S, 10. IS Diff: 2 Learning Obj.: 4

134) A database contains the following data: Student Schedule (Student#, Student_name, Major, Course#1, ClassTime1, Location1, Course#2, ClassTime2, Location2, Course#3, ClassTime3, Location3) Required: Normalize this relation through the third normal form. Answer: Student Schedule (Student#, Course#1, Course#2, Course#3) Student (Student#, Student_name, Major) Course Schedule (Course#, ClassTime, Location) Diff: 3 Learning Obj.: 3 135) Assume that the customer master file and the transaction file consist of the record numbers shown in the following sequence: Master file Transaction file

3, 7, 23, 76, 79, 99 3, 4, 23, 23, 7, 76, 99

The record number 99 denotes the logical end of the file. The program processes records in ascending order. Required: On the lines below, indicate the numbers of records affected as described. a. Master records which were updated ________ b. Master records which were not updated ________ c. Transaction records which were posted ________ d. Transaction records which were not posted (an error condition) ________ Answer: a. Master records which were updated 3, 23, 76 b. Master records which were not updated 7, 79 c. Transaction records which were posted 3, 23, 23, 76 d. Transaction records which were not posted (an error condition) 4, 7 Diff: 2 Learning Obj.: 4

136) Below are three situations in which the Data Definition Language (DDL), the Data Manipulation Language (DML), or the Data Query Language (DQL) of a database management system will be used. Indicate on the line beside each situation which of the languages would likely be used. ________ A. A programmer uses COBOL to make revisions to the company's payroll application. ________ B. The zip code file in a customer master file is expanded to accommodate the nine digit "zip plus 4" zip codes. ________ C. The personnel director requests a special report regarding the number of employees in the company with a post-secondary education. Answer: A. DML B. DDL C. DQL Diff: 2 Learning Obj.: 6

137) Below are four situations in which the DML component of SQL can be used to manipulate and/or extract data. Indicate on the line beside each situation the letter(s) of the SQL statement, command, or condition which will allow a user to manipulate and/or extract the requested data and information. An answer may be used more than once, but not all answers will be used. A. SELECT B. WHERE C. ON D. OR E. COUNT AS F. GROUP BY G. ORDER BY H. FROM I. INNER JOIN J. IN ________ 1. The query calls for selecting certain names and zip codes, sorted by zip code. ________ 2. The query calls for selecting certain companies found in the USA and Canada tables and grouping them by country ________ 3. The query calls for appending the company name for company 12 to the topics located in the notes table. ________ 4. The query calls for summarizing the count of companies by country. Answer: 1. A, H, G 2. A, H, B, D, G 3. A, H, I, C, B 4. A, E, H, F Diff: 3 Learning Obj.: 6

138) Discuss the relative benefits and drawbacks of the following file organization methods: a. sequential b. indexed-sequential c. direct Answer: Suggested answer: a. Sequential: This method has the advantage of utilizing storage space on a disk or tape most efficiently, which is especially crucial for very large files. The method's main disadvantages are the requirement for all files to be sorted (or in sorted order) prior to processing and to access each record in sequence. The latter can be time-consuming, thus making quick response impossible. b. Indexed-sequential: This method has the advantage of sequential organization discussed above. In addition, due to the use of an index to locate files, this method also allows for accessing individual records quickly. The index is useful when a quick response time is needed or a low-activity application is used. This method is most appropriate for both high-activity and low-activity uses. Indexed-sequential organization uses more storage space then sequential organization because the indexes take up extra space. c. Direct: This method has the fastest response time due to the use of a randomizing transaction to locate individual records. However, this method also can lead to large amounts of wasted storage space depending on the particular algorithm that is used. Diff: 2 Learning Obj.: 4 139) Describe the duties of the database administrator (DBA) regarding the data dictionary. Answer: Suggested answer: A database administrator is responsible for establishing standards, conventions, and documentation for the database and maintaining the data dictionary. The DBA controls both the contents of the data dictionary and its use. By controlling the data dictionary, the DBA can control the data entering the database and reduce the amount of redundant and incompatible data. The DBA, rather than the user, is responsible for the data resource. Consequently, the DBA must effectively coordinate the usage of the data and communicate with users who may be willing to give up their data to the database. Diff: 2 Learning Obj.: 5

140) Describe the index, prime area, and overflow area in an ISAM file structure. Answer: Suggested answer: The index is a map that links the key fields of records to their addresses in the prime area. Each index entry shows the range of key fields on a particular track of the disk on which the file is stored. The computer searches the index to find the track where the record is found. The computer then searches the track sequentially to locate the record. The prime area is the portion of the disk on which the records are written. The overflow area is a separate area of the disk allocated to the file to allow additions with minimal processing. When a record is added to the file, the computer places it in its correct position in the prime area. If extra space is not available in the prime area, the new record bumps an existing record off the track being updated, and the computer moves the record to the overflow area. If a record is not found on the track referenced in the index, the computer automatically searches the overflow area. Diff: 2 Learning Obj.: 4 141) Describe how list organization and multilist organization work in tree and network databases. Also, distinguish between a list structure and a ring structure in the implementation of tree and network structures. How does the list organization make database maintenance difficult? Under what circumstances is the list organization effective? Answer: Suggested answer: In a list organization, each record contains one or more pointers showing the address of the next logical record with the same attribute(s). A record containing more than one pointer belongs to more than one list. The multiple lists are called multilist organizations. The list structure shows the records according to the list organization, or the multilist organization. An indicator shows the end of the list. The ring structure differs from the list structure because the last record in the ring points back to the first record. Also, all records may point backward and forward by using additional pointer fields. The list organization makes database management difficult because the pointers require additional storage space and must be updated every time a record is added or deleted. Pointers in tree and network database structures work best when records are seldom added or deleted. Diff: 2 Learning Obj.: 3

142) Discuss the conceptual level of architecture relevant to databases and their management. Answer: Suggested answer: At the conceptual level of architecture, databases are collections of various elements of information to use for assorted purposes. A database may be defined at this level in terms of the kinds of information it includes and the purposes for which it is to be used. Specific data fields and records must be defined to implement a database defined at the conceptual level. The ways in which the data records and fields will be viewed (as well as related to each other) must also be specified. There is no one standard approach for developing a conceptual data model. There are two popular approaches used: the entity-relationship (E-R) model and the object-oriented modeling technique (OMT). The E-R model depicts relationships between segments. E-R terminology uses "entity" instead of segment and "attribute" to indicate individual fields or data items. The object-oriented model (OMT) was originally developed for object-oriented programming (OO). This model works by viewing the components of the system being modeled as object classes (with object classes corresponding to segments, and objects corresponding to particular instances). OMT also defines relationships between segments, with the basic relationship created when an object class is divided into subclasses (this is called inheritance). Diff: 2 Learning Obj.: 2 143) What is ACID? Provide a description of each part. Answer: Suggested answer: ACID ensures reliability of processing database transactions. "A" stands for atomicity which means the entire transaction is completed or NO part of it is completed. "C" is consistency which means only valid data will be written to the database. "I" is isolation, where other operations cannot interfere with a transaction that is in the middle of being processed. "D" is durability where a transaction is not undone if the system fails after it is completed; any finished transactions are stored. Diff: 2 Learning Obj.: 6

Accounting Information Systems, 11e (Bodnar/Hopwood) Chapter 14 Auditing Information Technology 1) Auditing activities undertaken during substantive testing of account balances can be described as "auditing through the computer." Answer: FALSE Diff: 1 Learning Obj.: 1 2) The external auditor serves the firm's stockbrokers, the government, and the general public. Answer: TRUE Diff: 1 Learning Obj.: 1 3) Total audit cost is increased significantly when some audit resources are directed at reviewing and verifying the internal controls that exist in a system. Answer: FALSE Diff: 2 Learning Obj.: 1 4) With the advances in technology today, the "around-the-computer" approach to auditing is no longer widely used. Answer: TRUE Diff: 2 Learning Obj.: 1 5) Application controls are related to specific computer application systems. Answer: TRUE Diff: 1 Learning Obj.: 1 6) Basic auditing standards may be altered by the technology employed in the system to be audited. Answer: FALSE Diff: 2 Learning Obj.: 1 7) Using information technology in auditing reduces the time spent on clerical tasks and may improve the overall morale and productivity of auditors. Answer: TRUE Diff: 1 Learning Obj.: 1 8) ITF is the one universal auditing approach used in information system audits. Answer: FALSE Diff: 1 Learning Obj.: 2 1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

9) The test data technique requires minimal computer expertise and is usually inexpensive to implement. Answer: TRUE Diff: 1 Learning Obj.: 2 10) ITF does not involve the input of test data into the master files of the computer system being audited. Answer: FALSE Diff: 1 Learning Obj.: 2 11) ITF is a powerful information system audit technology. Answer: TRUE Diff: 1 Learning Obj.: 2 12) Parallel simulation processes test data through real programs. Answer: FALSE Diff: 1 Learning Obj.: 2 13) Parallel simulation is appropriate where transactions are sufficiently important to require a 100 percent audit. Answer: TRUE Diff: 2 Learning Obj.: 2 14) GAS has a long history of usage because public accounting firms developed it in the 1960s. Answer: TRUE Diff: 1 Learning Obj.: 2 15) Some embedded audit routines use automated collection language (ACL) to embed specially programmed modules as in-line code with regular programs. Answer: FALSE Diff: 2 Learning Obj.: 2 16) Embedded audit routines are more easily added to a program as a modification rather than being added as a program is developed. Answer: FALSE Diff: 2 Learning Obj.: 2

17) Snapshot technology is generally incorporated into extended records for later review by auditors. Answer: FALSE Diff: 2 Learning Obj.: 2 18) A trace can produce thousands of output records if an excessive number of transactions are tagged. Answer: TRUE Diff: 2 Learning Obj.: 2 19) The degree of independence that auditors can maintain while developing embedded audit routines will depend largely on the level of technical expertise that they possess. Answer: TRUE Diff: 1 Learning Obj.: 2 20) One type of tracing is to verify a hash total of the object code of software to detect modifications to the software. Answer: FALSE Diff: 2 Learning Obj.: 2 21) Specific documentation showing the nature of application controls in a system is known as control flowcharting. Answer: TRUE Diff: 1 Learning Obj.: 2 22) Most information system audits follow a four-phase structure, which is followed by analysis and reporting of results. Answer: FALSE Diff: 2 Learning Obj.: 2 23) An audit program is a detailed list of the audit procedures to be applied on a particular audit. Answer: TRUE Diff: 1 Learning Obj.: 2 24) An information systems application audit focuses almost exclusively on the testing of processing controls. Answer: FALSE Diff: 2 Learning Obj.: 3 3 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

25) Development standards are major general controls in computerized systems. Answer: TRUE Diff: 2 Learning Obj.: 3 26) Project management controls are concerned with the maintenance of application programs. Answer: FALSE Diff: 1 Learning Obj.: 3 27) One very common program change control is to periodically compare actual copies of object code with duplicate copies retained in the past. Answer: FALSE Diff: 2 Learning Obj.: 3 28) Information system development audits are more common to large organizations because they often have a formal development process. Answer: TRUE Diff: 2 Learning Obj.: 3 29) An audit of an organization's computer service center is normally undertaken before any information system application audit. Answer: TRUE Diff: 2 Learning Obj.: 3 30) PCAOB has encouraged a risk-based approach to testing the effectiveness of internal controls as they relate to financial audits. Answer: TRUE Diff: 2 Learning Obj.: 1 31) Audits of computer service centers do not require as high a degree of technical expertise as do audits of computerized applications. Answer: FALSE Diff: 2 Learning Obj.: 3 32) Risk-based auditing provides assurances relating to the effectiveness of an organization's enterprise risk management process. Answer: TRUE Diff: 2 Learning Obj.: 1

33) In RBA, the subject of the audit is how well the management prevents fraud. Answer: FALSE Diff: 2 Learning Obj.: 1 34) IT governance has the objective of enhancing and ensuring the efficient application of IT resources as a critical success factor. Answer: TRUE Diff: 2 Learning Obj.: 4 35) COBIT is an IT governance framework that is critical in ensuring proper control and governance over information and the system that creates, stores, manipulates, and retrieves that information. Answer: TRUE Diff: 2 Learning Obj.: 4 36) COBIT contains 34 IT processes and organizes them into 8 domains. Answer: FALSE Diff: 2 Learning Obj.: 4 37) Each COBIT IT process should have its own navigation diagram. Answer: TRUE Diff: 2 Learning Obj.: 4 38) Maturity models are used to evaluate an organization's relative level of achievement of IT governance on a scale from 1-10. Answer: FALSE Diff: 2 Learning Obj.: 4 39) CISA, CISM, and CGEIT are professional certifications in system security. Answer: FALSE Diff: 2 Learning Obj.: 4 40) ________ auditors commonly undertake audits that are reviewed and relied upon by ________ auditors. Answer: Internal; external Diff: 2 Learning Obj.: 1

41) When batch processing was the dominant method used in computerized data processing, the ________ approach provided an adequate audit. Answer: around-the-computer Diff: 1 Learning Obj.: 1 42) A clear and obvious benefit is obtained from the ________ analysis capability provided by information technology. Answer: data Diff: 2 Learning Obj.: 1 43) The ________ ________ technique may be used to verify input transaction validation routines. Answer: test data Diff: 2 Learning Obj.: 2 44) Test data used in ITF are identified by special ________ and must be excluded from normal system outputs. Answer: codes Diff: 2 Learning Obj.: 2 45) Using an integrated-test-facility approach, ________ testing is appropriate to ________, realtime processing technology. Answer: concurrent; concurrent Diff: 2 Learning Obj.: 2 46) Auditors with little computer expertise can use ________ to perform audit-related data processing functions. Answer: GAS generalized audit software Diff: 2 Learning Obj.: 2 47) A comprehensive ________ ________ can be established by collecting, in an extended record, supplementary data concerning processing not normally collected. Answer: audit trail Diff: 2 Learning Obj.: 2

48) All embedded audit routine techniques require a(n) ________ level of technical expertise to set up, and at least a(n) ________ level of knowledge to use them effectively. Answer: moderate; moderate or high Diff: 2 Learning Obj.: 2 49) In ________ checking, an auditor manually processes test or real program data through the logic of a program. Answer: desk Diff: 2 Learning Obj.: 2 50) ________ can be effectively used in conjunction with a test data technique. Answer: Mapping Diff: 2 Learning Obj.: 2 51) Application controls are divided into ________ general areas. Answer: three Diff: 1 Learning Obj.: 3 52) The primary audit technique used in an information systems development audit is the review and testing of related ________. Answer: documentation Diff: 2 Learning Obj.: 2 53) Documentation governing the design, development, and implementation of application systems is known as systems ________ ________. Answer: development standards Diff: 2 Learning Obj.: 3 54) An audit of the computer service center is undertaken before any application audits to ensure the ________ ________ of the environment in which the application will function. Answer: general integrity Diff: 2 Learning Obj.: 1 55) ________ is an IT governance professional certification for individuals who manage, design, oversee, and assess an enterprise's information security program. Answer: CISM Diff: 2 Learning Obj.: 4

56) An organization's current status compared to benchmarks and international standards, as well as an organization's strategy for improvement, is called a(n) ________ model. Answer: maturity Diff: 2 Learning Obj.: 4 57) ________ is an open standard which provides "good practices" across a domain and process framework and presents activities in a manageable and logical structure. Answer: COBIT Diff: 2 Learning Obj.: 4 58) In RBA, the subject of the audit is how well the management manages ________. Answer: risk Diff: 2 Learning Obj.: 1 59) RBA provides assurances relating to the effectiveness of an organization's ________ ________ ________ processes. Answer: enterprise risk management Diff: 2 Learning Obj.: 1 60) "Auditing with the computer" A) is only performed by external auditors. B) involves activities related to compliance testing. C) is only performed by internal auditors. D) involves activities related to substantive testing of account balances. Answer: D Diff: 1 Learning Obj.: 1 61) "Auditing through the computer" refers to A) substantive tests. B) compliance tests. C) transaction tests. D) application control tests. Answer: B Diff: 1 Learning Obj.: 1

62) An interim audit A) consists only of substantive testing of account balances. B) has the objective of verifying financial statement figures to render a professional opinion of the financial statements. C) has the objective of establishing the degree to which the internal control system can be relied upon. D) None of these answers is correct. Answer: C Diff: 2 Learning Obj.: 1 63) Confirming the existence, assessing the effectiveness, and checking the continuity of the operation of the internal controls upon which reliance is placed is called A) compliance testing. B) financial statement auditing. C) auditing "around-the-computer." D) substantive testing. Answer: A Diff: 2 Learning Obj.: 1 64) A financial statement audit A) consists only of compliance testing of account balances. B) has the objective of verifying financial statement figures to render a professional opinion of the financial statements. C) has the objective of establishing the degree to which the internal control system can be relied upon. D) None of these answers is correct. Answer: B Diff: 1 Learning Obj.: 1 65) External auditors typically conduct compliance testing because A) the main goal of a financial statement audit is to ensure that internal controls are operating effectively. B) compliance tests yield more reliable evidence than substantive tests. C) compliance tests determine how much reliance can be placed on the internal controls in substantive tests. D) compliance testing can be conducted solely by the internal auditors. Answer: C Diff: 3 Learning Obj.: 1

66) The comparison of input to output is known as auditing A) around-the-computer. B) through the computer. C) with the computer. D) without the computer. Answer: A Diff: 1 Learning Obj.: 1 67) The verification of controls in a computer system is known as auditing A) around-the-computer. B) through the computer. C) with the computer. D) without the computer. Answer: B Diff: 1 Learning Obj.: 1 68) The use of information technology to perform audit work is known as auditing A) around-the-computer. B) through the computer. C) without the computer. D) with the computer. Answer: D Diff: 1 Learning Obj.: 1 69) Information system audits to verify compliance with internal controls are performed by A) internal auditors only. B) external auditors only. C) outside third-party consultants only. D) both internal and external auditors. Answer: D Diff: 1 Learning Obj.: 1 70) Information technology is used to perform some audit work that otherwise would be done manually. The use of information technology by auditors is A) essential. B) mandatory under AICPA Statements of Auditing Standards. C) optional. D) at the sole discretion of the manager in charge of the audit. Answer: A Diff: 1 Learning Obj.: 1

71) An external auditor conducts an information systems audit using the professional standards promulgated by the A) Institute of Internal Auditors. B) American Institute of Certified Public Accountants. C) Institute of Management Accountants. D) Information Systems Audit and Control Association. Answer: B Diff: 1 Learning Obj.: 1 72) An internal auditor conducts an information systems audit using the professional standards promulgated by the A) Institute of Internal Auditors. B) American Institute of Certified Public Accountants. C) Institute of Management Accountants. D) Information Systems Audit and Control Association. Answer: A Diff: 1 Learning Obj.: 1 73) Which of the following is a possible benefit of using information systems technology in the conduct of an audit? A) Increased independence from information systems personnel B) Elimination of most manual calculations, footing, and cross-footing C) Standardization of audit working papers and correspondence D) All of these answers are correct. Answer: D Diff: 1 Learning Obj.: 1 74) The first (and oldest) technique used to audit through the computer is A) the integrated test facility. B) parallel simulation. C) the test data approach. D) generalized audit procedures. Answer: C Diff: 1 Learning Obj.: 2 75) Which of the following procedures uses only auditor-prepared test transactions? A) The test data approach B) Integrated test facility C) Parallel simulation D) Embedded audit routines Answer: A Diff: 2 Learning Obj.: 2 11 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

76) The information systems auditing technique that uses special software to monitor the execution of a program is called A) embedded audit routines. B) mapping. C) a snapshot. D) tracing. Answer: B Diff: 2 Learning Obj.: 2 77) The information systems auditing technique that uses software that has been specifically designed to allow auditors to perform audit-related data processing functions is called A) mapping. B) tracing. C) generalized audit software. D) embedded audit routines. Answer: C Diff: 2 Learning Obj.: 2 78) Which of the following statements is an advantage to using the test data technique in information systems auditing? A) The test can be run only on a specific program at a specific point in time. B) The test must be announced. C) Test data is limited to certain combinations of processing conditions. D) The technique is used for testing programs in which calculations such as interest or depreciation are involved. Answer: D Diff: 3 Learning Obj.: 2 79) Which of the following statements is a disadvantage to using the integrated-test-facility (ITF) approach in information systems auditing? A) When carefully planned, the costs of using ITF are minimal. B) No interruption of normal computer activity is involved in using ITF. C) Fictitious data must be excluded from output reports. D) ITF is used in large computer application systems that use real-time processing. Answer: C Diff: 3 Learning Obj.: 2

80) Which of the following should be developed when the related application system is developed? A) Test data approach B) Integrated test facility C) Parallel simulation approach D) Artificial intelligence software Answer: B Diff: 2 Learning Obj.: 2 81) Which of the following processes real data through a test program? A) Test data approach B) Integrated test facility C) Parallel simulation approach D) Artificial intelligence software Answer: C Diff: 2 Learning Obj.: 2 82) An audit technique not requiring the use of the client's computer facilities is A) the use of snapshots. B) the test data approach. C) the integrated test facility. D) parallel simulation. Answer: D Diff: 2 Learning Obj.: 2 83) An advantage of generalized audit software is that A) it can select a sample of accounts receivable for confirmation and help the auditor prepare confirmation requests. B) the auditor avoids having to review systems documentation. C) it eliminates the need for any coding by the auditor. D) the client's staff can use it to perform audit-related tasks. Answer: A Diff: 1 Learning Obj.: 2 84) Which of the following is correct regarding the ACL audit software package? A) ACL can only be used in a mainframe environment. B) ACL enables the field auditor to connect a PC to a client's accounting system. C) ACL is used primarily for administrative audit activities. D) Most client files must be converted to the ACL language format before processing. Answer: B Diff: 3 Learning Obj.: 2 13 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

85) The technology that involves the modification of actual computer programs for audit purposes is called A) generalized audit software (GAS). B) ACL. C) embedded audit routines. D) record extension. Answer: C Diff: 2 Learning Obj.: 2 86) Using embedded audit routine technology, an auditor may program a module so that the test limits can be altered as desired. This approach has been termed A) sample audit review file. B) in-line coding. C) system control audit review file. D) off-line auditing. Answer: A Diff: 2 Learning Obj.: 2 87) The extended record technique provides a way to reconstruct an audit trail by A) adding specific "dummy" test data processed by the system in the extended record for examination by the auditor after processing is complete. B) processing real data through a test program and comparing the simulated and regular output after processing is complete. C) capturing a detailed listing of the sequence of program statement executions in the extended record that would not normally be saved. D) tagging specific transactions and capturing intervening processing steps in the extended record that would not normally be saved. Answer: D Diff: 3 Learning Obj.: 2 88) The snapshot technique involves capturing and dumping A) selected transaction data. B) the program code itself. C) selected master file contents. D) selected memory contents. Answer: D Diff: 2 Learning Obj.: 2

89) Which two information system auditing technologies are very similar? A) Snapshot and extended records B) ITF and ACL C) Snapshot and ACL D) Extended records and ITF Answer: A Diff: 3 Learning Obj.: 2 90) Which of the following information system auditing technologies produces a printed audit trail of computer processing? A) Extended records B) Snapshot C) Sample audit review file D) System control audit review file Answer: B Diff: 2 Learning Obj.: 2 91) Tracing of a program's execution provides A) programmed edits for input data items. B) test data for subsequent processing. C) a detailed listing of the sequence of program statement execution. D) a comprehensive audit trail which can be reviewed by auditors after processing ends. Answer: C Diff: 2 Learning Obj.: 2 92) Probably the oldest (and still widely used) information systems auditing technique is A) test data. B) review of systems documentation. C) generalized audit software. D) ACL. Answer: B Diff: 3 Learning Obj.: 2 93) The auditor performs a review of systems documentation A) during the initial audit phase. B) throughout the audit at the beginning of each audit phase. C) during the intermediate phase, after becoming familiar with the basic approach to be taken. D) during the final audit phase, giving the auditor a chance to first become familiar with all of the company's operations. Answer: A Diff: 1 Learning Obj.: 2 15 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

94) Routines that collect and summarize statistics concerning program resource utilization are called A) embedded audit routines. B) mapping. C) job accounting routines. D) tracing. Answer: C Diff: 2 Learning Obj.: 2 95) The information system auditing technology that originated as a technique to assist in program design and testing is A) tracing. B) parallel simulation. C) snapshot. D) mapping. Answer: D Diff: 2 Learning Obj.: 2 96) Which of the following information system auditing technologies would be the best to monitor the execution of a computer program? A) Integrated test facility B) Parallel simulation C) Mapping D) Embedded audit routine Answer: C Diff: 3 Learning Obj.: 2 97) The phase of an information systems audit in which an audit program is created is the A) first phase. B) second phase. C) third phase. D) fourth phase. Answer: A Diff: 1 Learning Obj.: 1

98) Compliance testing is the key activity performed in which phase of an information systems audit? A) Second phase B) First phase C) Fourth phase D) Third phase Answer: D Diff: 1 Learning Obj.: 1 99) The phase of an information systems audit in which effort is placed on fact-finding in the areas selected for audit is the A) first phase. B) second phase. C) third phase. D) fourth phase. Answer: B Diff: 1 Learning Obj.: 1 100) Information systems application audits differ from information systems audits because application audits A) are divided into four general areas, each of which has three phases. B) involve reviewing input, processing, and output controls. C) are directed at the activities of systems analysts and programmers. D) focus primarily on fact-finding in the areas selected for audit. Answer: B Diff: 2 Learning Obj.: 1 101) An audit that examines the controls governing the systems process and which directly affect the reliability of the application programs created is called a(n) A) general information system audit. B) information system applications audit. C) application systems development audit. D) information system computer service center audit. Answer: C Diff: 1 Learning Obj.: 3

102) Which of the following controls would not be examined in the audit of a computer service center? A) Environmental controls B) Physical security controls C) Management controls D) Process application controls Answer: D Diff: 2 Learning Obj.: 1 103) In the program change control phase of an application systems development audit, an element that may represent a major loss exposure in terms of fraud and access to sensitive data is A) program development. B) program auditing. C) program testing and quality control. D) program maintenance. Answer: D Diff: 3 Learning Obj.: 1 104) ________ provides assurances relating to the effectiveness of an organization's enterprise risk management processes. A) RBA B) OMB C) REA D) UML Answer: A Diff: 3 Learning Obj.: 1 105) The goal of RBA to auditing is to apply audit efforts to areas in proportion to their likelihood to A) reduce exposures in areas of high risk. B) reduce the exposure and occurrences of fraud. C) significantly impact the auditor's overall audit conclusions. D) All of the above are goals of RBA. Answer: C Diff: 3 Learning Obj.: 1

106) IT governance has the objective of enhancing and ensuring the efficient application of IT resources A) to ensure success in the development of systems and processes. B) as a critical success factor. C) to gain a competitive advantage. D) as a major component to IT security. Answer: B Diff: 3 Learning Obj.: 4 107) The Public Company Accounting Oversight Board (PCAOB) has encouraged a risk-based approach to test the effectiveness of ________ as they relate to financial audits. A) internal controls B) security processes C) financial misstatements D) fraud exposure Answer: A Diff: 3 Learning Obj.: 4 108) Risks associated with implementing new technologies include A) IT strategies not aligned with business strategies. B) control framework for IT does not exist. C) IT performance is not measured and evaluated. D) All of the above are risks associated with new technologies. Answer: D Diff: 3 Learning Obj.: 4 109) An IT governance framework such as ________ can be a critical element in ensuring proper control and governance over information and the systems that create, store, manipulate, and retrieve that information. A) CISA B) SOA C) COBIT D) RBA Answer: C Diff: 3 Learning Obj.: 4

110) COBIT has four domains that include A) plan and organize, acquire and implement, deliver and support, and monitor and evaluate. B) analysis, design, implement, and feedback. C) plan, build, implement, and evaluate. D) analysis, build, train, and implement. Answer: A Diff: 3 Learning Obj.: 4 111) ________ models are used to evaluate an organization's relative level of achievement of IT governance and shows what has to be done to improve. A) RBA B) Maturity C) Visibility D) Navigation Answer: B Diff: 3 Learning Obj.: 4 112) ________ is for IS audit, control, assurance and/or security professionals. A) CISA B) CISM C) CGEIT D) COBIT Answer: A Diff: 3 Learning Obj.: 4 113) ________ is for individuals who manage, design, oversee, and assess an enterprise's information security program. A) CISA B) CISM C) CGEIT D) COBIT Answer: B Diff: 3 Learning Obj.: 4 114) ________ is the most recent certification programs and for individuals interested in Governance of Enterprise IT. A) CISA B) CISM C) CGEIT D) COBIT Answer: C Diff: 3 Learning Obj.: 4 20 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

115) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Mapping ________ 2. Compliance testing ________ 3. Extended records ________ 4. Substantive testing ________ 5. Interim audit ________ 6. Snapshot ________ 7. Parallel simulation ________ 8. Audit software ________ 9. Desk checking ________10. Tracing A. Modification of programs to collect and store additional data of audit interest B. Computer programs that permit the computer to be used as an auditing tool C. Special software that is used to monitor the executing of a program D. The first stage of a financial statement audit which has the objective of establishing the degree to which the internal control system can be relied upon E. Provides a detailed audit trail of the instructions executed during a program's operation F. Modification of programs to output data of audit interest G. Direct verification of balances contained in financial statements H. The auditor manually processes test or real data through the logic of a computer program I. Testing to confirm the existence, assess the effectiveness, and check the continuity of operation of internal controls J. The processing of real data through audit programs, with the simulated output and the regular output compared for control purposes Answer: 1. C, 2. I, 3. A, 4. G, 5. D, 6. F, 7. J, 8. B, 9. H, 10. E Diff: 2 Learning Obj.: 1, 2

116) Presented below is a list of terms relating to accounting information systems, followed by definitions of those terms. Required: Match the letter next to each definition with the appropriate term. Each answer will be used only once. ________ 1. Audit program ________ 2. System control audit review file ________ 3. Auditing around-the-computer ________ 4. In-line code ________ 5. Financial statement audit ________ 6. Control flowcharting ________ 7. Test data ________ 8. Embedded audit routines ________ 9. Sample audit review file ________10. PC software A. The second stage of a financial statement audit which uses substantive testing for direct verification of financial statement figures B. Software that allows the auditor to use PCs to perform audit tasks C. Information systems auditing approach in which the processing portion of a computer system is ignored D. A detailed list of the procedures to be applied on a particular audit E. Analytic documentation or other graphic techniques used to describe the controls in a system F. The use of in-line code to randomly select transactions for audit analysis G. Auditor-prepared input containing both valid and invalid data H. Special auditing routines included in regular computer programs so that transaction data can be subjected to audit analysis I. An application program performs an embedded audit routine such as data collection at the same time as it processes data for normal use J. Auditor-determined programmed edit tests for audit transaction analysis are included in a program as it is initially developed Answer: 1. D, 2. J, 3. C, 4. I, 5. A, 6. E, 7. G, 8. H, 9. F, 10. B Diff: 2 Learning Obj.: 1, 2

117) Below are listed four procedures typically performed during an audit of accounts payable: Audit procedures: a. Test the mathematical accuracy of the accounts payable subsidiary ledger. b. Select samples of vouchers to examine in detail. c. Determine whether cash discounts were properly applied. d. Stratify accounts by value. Required: Briefly state a generalized audit software technique that could be used to perform each procedure, assuming that the accounts payable application is computerized. Answer: a. Use GAS to independently verify extensions and footing of the ledger. b. Use GAS to select a random, stratified, or other sample of vouchers or voucher numbers (depending on how extensively the records are computerized). c. Use GAS logic functions to determine when the company was eligible to take cash discounts; use GAS mathematical functions to recalculate discounts and net payables. d. Use GAS logic functions to determine which accounts fall within the desired value ranges. Diff: 2 Learning Obj.: 2

118) Listed below are five examples of auditing situations and five information systems auditing techniques. Required: First, match the letter of the information system auditing technique which best identifies the example. Then, in the space below each item, write a brief explanation of how the technique works in the situation. A. Parallel simulation B. Test data approach C. Mapping D. PC software E. Extended records ________ 1. An auditor performs an inexpensive test of a cash disbursements program without modifying the client's program. Explanation: ________ 2. Audit team members communicate with each other in separate locations during an audit by exchanging Word and Excel files electronically. Explanation: ________ 3. An auditor inputs test sales order data to find out whether a sales order program executes the program statements needed to produce a shipping notice document. Explanation: ________ 4. An internal auditor modifies a newly designed accounts receivable program to randomly select sales transactions and save each transaction's complete processing audit trail. Explanation: ________ 5. During substantive testing, an auditor tests a client's loan interest accrual program by submitting the client's data to a program running on a computer at the auditor's office. Explanation: Answer: 1. D (or B) Explanation: Test data is an inexpensive test to verify an application program's input validation routines, logic, and computations. The auditor prepares valid and invalid test transactions and submits them for processing against the client's application program. PCs can be used to conduct the test. 2. D Explanation: Virtually all PCs have Web browser/Internet software that can connect the user with others through the World Wide Web virtually anywhere. One invaluable feature of e-mail communication is the capability of sending and receiving files over the Internet. 3. C Explanation: Mapping occurs when an auditor uses special software to monitor an application program's execution. The software counts how often the program executes each program statement. Mapping, however, does not show whether the statements were executed in the correct sequence. 24 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall

4. E Explanation: An application program modification creates an extended record, which is used to collect all processing data on selected "tagged" transactions. The extended record contains the complete audit-processing trail for the selected transactions. Transactions may be chosen randomly, by special code, or as exceptions to edit tests. 5. A Explanation: Parallel simulation uses real client data to process against a test program. The auditor in this case would compare the simulation results against the actual output of the cash disbursements program. Diff: 2 Learning Obj.: 2 119) Listed below are five examples of auditing situations and five information systems auditing techniques. Required: First, match the letter of the information system auditing technique which best identifies the example. Then, in the space below each item, write a brief explanation of how the technique works in the situation. A. Integrated test facility B. Generalized audit software C. Tracing D. Review of systems documentation E. Embedded audit routines ________ 1. An auditor uses software to select and evaluate a statistical sample of loan payments at a bank in a substantive test. Explanation: ________ 2. An internal auditor assists systems personnel to modify a newly developed accounts payable program so that it will tag and save a statistical sample of each month's transactions for further review. Explanation: ________ 3. An auditor with a high level of technical experience requests a dump of the object code of an Internet retailer's purchasing program. Explanation: ________ 4. An auditor inputs special program statements to provide a listing of the sequence of a general ledger application program's execution. The auditor inputs test data and reviews the listing to learn whether the internal controls executed as expected. Explanation: ________ 5. An auditor works with systems personnel as a real-time account receivable application is developed. When completed, the application can incorporate the auditor's test data in regular processing runs. Explanation:

Answer: 1. B Explanation: Generalized audit software is specifically designed to assist auditors in using information technology. GAS can perform audit-related functions such as the statistical sample selection and evaluation and preparation of confirmation request. 2. E Explanation: The accounts payable program can be modified through an embedded audit routine to collect the transactions in a sample audit review file. 3. D Explanation: An object code dump is included in a review of systems documentation. Object code is the machine-language version of an applications program. This review provides assurance that the program is working as expected. 4. C Explanation: A trace is executed using an option in the program source code language. It provides a detailed list of the sequence of program statement execution. 5. A Explanation: In an integrated test facility, an auditor can include test data in the application's processing runs. Test and real transactions update live master files. Output is designed to report test transaction results separately, and to delete the test data from the master files. Diff: 2 Learning Obj.: 1 120) Why are most audits now performed by auditing through and with the computer? Answer: Suggested answer: Factors that have led to auditors adopting audit techniques for auditing through and with the computer include: • Most data that are now audited are in computerized formats. • PCs are now very portable, powerful, and relatively inexpensive. • Software for the PC and software specifically designed for auditing are widely available. • Competitive pressures force auditors to adopt more efficient audit procedures. Diff: 2 Learning Obj.: 1

121) Explain why external auditors perform compliance testing when a main objective of a financial statement audit is to express an opinion regarding the fairness of the monetary balances in a company's financial statements. Answer: Suggested answer: Even though substantive tests are specifically designed to test the monetary balances, and thus are more directly related to the audit objective, relying exclusively on substantive testing is often too expensive to be feasible. Compliance tests are often less expensive to perform. If the client's internal controls are effective and operating reliably, then the accounting records are more likely to be reliable, and the auditor is justified in reducing substantive testing. Diff: 2 Learning Obj.: 2 122) How have personal computers likely affected information systems audits? Answer: Suggested answer: Personal (and notebook or laptop) computers have become highly portable, very powerful, relatively inexpensive, and quite versatile. A large variety of software has been developed for use in auditing which has automated many formerly tedious and time-consuming audit tasks. Much of this software is available in a Windows or Linux format, and it can be loaded and used on PCs. In many cases, a relatively low level of computer expertise is required to effectively operate such software. In other situations, using special software, the PC can often interface directly with the client's mainframe or other computer system. This allows for downloading and testing of data and perhaps even program routines using special audit software. Another feature of using portable PCs is the availability of the Internet. Through e-mail auditors can communicate with others off-site, and through the World Wide Web auditors can access data and research information from Web sites such as the AICPA, SEC, IRS, NYSE, etc. PC software, such as Excel and Word, is used in an audit to build documentation and worksheets. From another perspective, the use of PCs has become very widespread in businesses and auditing, and accounting is no exception. It is almost a necessity to incorporate and use PCs in audit engagements today. The consequence of all of these factors has been the widespread use of PCs in audits and accounting-related activities. Diff: 2 Learning Obj.: 1

123) Because resources are usually limited, not all applications can be audited each year. What factors should an internal or external auditor consider when deciding which applications to audit? Answer: Suggested answer: Factors which should influence the selection of application areas to audit include the following: • How critical the application is to the successful operation of the company • How subject the application is to fraud or some serious financial error • How critical the application is in terms of its effect on balances in the financial statements (application areas may also be critical in terms of appropriate disclosures in the financial statements) • Has there been audit involvement in the development of the application (do ITF or embedded audit modules exist in the program code of the application from its development phase) • The results of the last audit of the application • The length of time elapsed since the last audit of the application • The availability of cost-effective audit techniques to audit the application Frequently a rotating system of application selection is used to select audit areas, with each application being audited according to some multiyear schedule. This allows for the majority of applications, if not all, to be examined over a given period of time. Diff: 2 Learning Obj.: 1 124) Briefly describe the three phases of an information systems audit. Answer: Suggested answer: In the initial phase, the auditor decides which areas will be investigated, how much audit labor will be required, the audit technology to be used, and the development of time or cost budgets. The initial phase concludes with the preparation of the audit program, which is a list of procedures to be applied on the audit. Detailed review and evaluation occur in the second phase of an information systems audit. Auditors review documentation of the application area, conduct interviews, administer questionnaires, and observe operations. Auditors also examine transaction files, control logs, and program listings to design procedures to use in the testing phase (the third phase). The testing phase includes compliance testing based on the findings of the detailed review and examination. The compliance tests help the auditor know, with reasonable assurance, whether internal controls exist and are functioning as shown in systems documentation. Diff: 2 Learning Obj.: 2

125) Describe three areas that an auditor could examine in an audit of a computer service center. Answer: Suggested answer: The areas that could be examined in an audit of a computer service center are: • Environmental controls: The audit would review special temperature and humidity requirements and the status of the air conditioning system used in the building housing the computer and other related equipment. • Physical security: The audit would address controls regarding a stable power source, alternative power sources in case of emergency, protection from fire and water damage, casualty insurance, and business interruption service. An audit would also examine controls over physical access and over the release of data, reports, and computer programs. • Disaster recovery plan: The plan should identify managers' responsibilities, the emergency action plan, alternative facilities, and backup and recovery plans. Malfunction reporting and preventative maintenance: The auditor should review failure logging and reporting, the preventative maintenance schedule, and correction of malfunctions. • Operation controls: The auditor would examine equipment load factors, project usage statistics, budgeted staffing requirements, and expected equipment acquisitions. The auditor could also review billing procedures. • Compliance tests: The auditor would review documentary evidence and conduct interviews with users, managers, and systems personnel. The auditor could also observe operations and make inquiries. Diff: 2 Learning Obj.: 3