Section 4D Flashcards
disk storage unit is preferred over a magnetic tape drive because the disk storage unit:
has nine tracks.
offers sequential access to data files.
offers random access to data files.
is a cheaper medium for data storage.
offers random access to data files.
Access to data takes less time with disk storage than with magnetic tape storage.
Consider how data is stored on magnetic tape. Blocks of data files are arranged linearly along the entire length of the tape. In order to move from a read location at or near the beginning of the tape to a read location near the end of the tape, it is necessary to travel over all tape between the two read locations.
On the other hand, if disk storage is used, it is possible to jump directly from one read location to another. This is possible because disk storage offers random access to data files.
DATA STORAGE CONCEPTS
An \_\_\_\_ some times called a \_\_\_ , is something about which information is stored (employees, inventory items, customers). ....Each entity has attributes, or characteristics of interest, which are stored (employee pay rates, customer addresses). T/F
A ___is a specific instance of an attribute. (The ___for Able Company’s customer number is 16152.)
……. Data values are stored in a physical space called a __. A customer number, such as 16152, will be stored in a ___named “Customer Number.”
A set of fields is called a ___
Related records are grouped to form a __
A set of interrelated, centrally coordinated files is referred to as a ___
entity, sometimes called a variable
True
data value
field
record
file
database
A ___stores cumulative information about an organization and is similar to a l edger in a manual system. This is like a perm file.
___are records of past transactions, including those of past periods.
\_\_\_files are files that are referred to during processing. A \_\_file is a traditional file system characterized by having only fixed-length “\_\_” files. All files are of equal \_\_
master file
Archive files
Reference
flat , length.
Which of the following technologies is specifically designed to exchange financial information over the World Wide Web?
Hypertext markup language (HTML)
Extensible business reporting language (XBRL)
Hypertext transfer protocol (HTTP)
Transmission control program/internet protocol (TCP/IP)
XBRL
Extensible business reporting language (XBRL) uses tags to identify the contents of each data item. It was created to transmit financial information over the Internet.
The other answer choices (HTML, HTTP, and TCP/IP) are incorrect because they are each protocols used on the Internet but are not limited to the exchange of financial information.
Which of the following is responsible for making sure that the information system operates efficiently and effectively?
Network manager
Security management
Systems administrator
Change management
System Admin
The systems administrators make sure the information system operates efficiently and effectively.
The network managers make sure the networks operate continuously and properly and that all applicable devices are linked to the organization’s internal and external networks.
Which of the following input controls would prevent an incorrect state abbreviation from being accepted as legitimate data?
Reasonableness test
Field check
Digit verification check
Validity check
Validity Check
A validity check is an edit test in which an identification number or transaction code is compared with a table of valid identification numbers or codes maintained in computer memory. As an example, the system would compare an incorrect state abbreviation of “PS” with all possible valid state abbreviations and determine that it is not an abbreviation for one of the 50 states.
A field check makes sure that the entry is the correct type for the field (numeric or alphanumeric). Any letters would satisfy this requirement, whether or not they were a valid state abbreviation.
Which of the following procedures would enhance the control structure of a computer operations department?
Periodic rotation of operators
Mandatory vacations
Controlled access to the facility
All of the answer choices are correct.
All above
Periodic rotation of operators, mandatory vacations, and controlled access to the facility would all enhance the control structure of a computer operations department.
Periodic rotation of operators and mandatory vacations provide other personnel the opportunity to detect any control weakness. Controlled access is one of the basic control objectives.
Management of a company has a lack of segregation of duties within the application environment, with programmers having access to development and production. The programmers have the ability to implement application code changes into production without monitoring or a quality assurance function. This is considered a deficiency in which of the following areas?
Change control
Management override
Data integrity
Computer operations
Change Control
Change control is the process of modifying application software, including requesting a change, reviewing the effectiveness of the change, approving the change, and implementing the change. Since programmers can implement application code changes without approval, there is a weakness in control over changes to application programs.
Data integrity refers to accuracy of data entered into the program or processing of that data rather than the software itself.
____is the process of modifying application software, including requesting a change, reviewing the effectiveness of the change, approving the change, and implementing the change.
Change control
A control procedure that could be used in an online system to provide an immediate check on whether an account number has been entered on a terminal accurately is a: HASH TOTAL
False - Self-checking digit
A self-checking digit is generated when the data element is inputted. A prescribed arithmetic operation is automatically done and stored on this element. This same operation is then performed later on, which would “ensure that the number has not been recorded incorrectly.”
A compatibility test validates the data within the field.
A hash total is the total of a nonquantitative field such as account number to be sure all records are processed.
If the company installs a ___network, it should ensure that transmission facilities on its premises are secure.
leased-line
The planning committee was concerned that unauthorized people might attempt to gain access to the network. If the company installs a network using leased lines, then it should ensure that:
phone numbers for the network are kept confidential.
tone suppression devices are installed on all ports.
transmission facilities on its premises are secure.
network availability is limited to certain times of the day.
transmission facilities on its premises are secure.
Specialized programs that are made available to users of computer systems to perform routine and repetitive functions are referred to as: SOURCE PROGRAMS
False -Service Programs
Service programs are applications programs that can be called in by the user’s programs to perform some common, subordinate function. They are sometimes referred to as “canned” programs.
____are applications programs that can be called in by the user’s programs to perform some common, function. They are sometimes referred to as “canned” programs.
Service programs
A software tool used for ad hoc, online access to items in a database would most likely be:
a query utility program.
an application generator.
a report generator.
terminal emulation software.
query utility program
Query utility programs are used to access information contained in databases. Query utility programs provide users with online access to database information items and are characterized by their ability to enable a user to design an ad hoc query to retrieve only that information needed by the user.
A systems engineer is developing the input routines for a payroll system. Which of the following methods validates the proper entry of hours worked for each employee?
Check digit
Sequence check
Capacity check
Reasonableness check
Reasonableness check
Reasonableness checks test to make sure data makes sense when compared to other data—they can be used to validate the proper entry of hours worked for each employee.
A check digit is created from other digits (e.g., each time a six-digit ID number is entered, a seventh check digit is computed from the first six digits; a verification calculation will not match the check digit if an error is made in entering the six digits)
Flowcharting is a useful internal audit tool for evaluating controls in operational units and operations. A problem relating to flowcharts is the time and cost of developing and maintaining them. One means for reducing this cost is through use of which of the following?
Flowcharting software
Organization charts as surrogates for flowcharts
Outsourcing
Standard flowcharts
flowchart software
Flowcharting software could be used to reduce the cost of preparing and updating flowcharts.
A system where several minicomputers are connected for communication and data transmission purposes, but where each computer can also process its own data, is known as a CENTRALIZED NETWORK
Distributed Data Processing Network
Distributed data processing is a network of interdependent computers where certain functions are centralized and other functions are decentralized and processing is shared among two or more computers. In a distributed data processing network, each computer can also process its own data. Distributed data processing is an alternative to both centralization and decentralization.
In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator?
Managing remote access
Developing application programs
Reviewing security policy
Installing operating system upgrades
Manage Remote Access
. A network administrator in this environment would be expected to deal with the full scope of network activities, which would include access to the network from remote locations.
JOB DUTIES:
Who is dis? Give Job Title
the organization's networks operate continuously and properly, and all applicable devices are linked to the organization's internal and external networks.
WHO IS DIS? GIVE A JOB TITLE
___makes sure all system components are secure and protected from any and all internal as well as external threats.
Network manager
Security management
An advantage of having a computer maintain an automated error log in conjunction with computer edit programs is that:
reports can be developed that summarize the errors by type, cause, and person responsible.
less manual work is required to determine how to correct errors.
better editing techniques will result.
the audit trail is maintained.
reports can be developed that summarize the errors by type, cause, and person responsible.
An audit trail is maintained but reports would have to be developed to make it meaningful.
In a microcomputer system, the place where parts of the operating system program and language translator program are permanently stored is RAM (Random Access Memory)
False - Read only Memory (ROM)
The operating system and language translator programs are permanently stored in the read only memory (ROM). ROM may only be read from to prevent these important programs from being accidentally altered or deleted.
RAM is used for temporary storage of data or programs and can be erased and reused. This memory is used to store programs and data currently being used by the CPU.tion.
A decision table indicates the:
sequence of logical operations in a program.
sequence of operations in a system.
alternative logic conditions and actions to be taken in a program.
flow of documents regarding a transaction.
alternative logic conditions and actions to be taken in a program.
A decision table is useful in building logical models. It is a tabular representation of logical processes. It indicates the alternative logic conditions and actions to be taken in a program.
An employee mistakenly enters “April 31” in the date field. Which of the following programmed edit checks offers the best solution for detecting this error?
Reasonableness
A reasonableness check is an edit check of logical correctness of the relationships among the values in an input data set, or the value of an input item with the values of a related data item in a master file.
A control designed to catch errors at the point of data entry is:
A BATCH TOTAL
False -A self-checking digit
Self-checking digits ensure that the number has been entered correctly and that it is valid
The operational effectiveness of controls can be improved through the application of a methodology such as Six Sigma or total quality management (TQM). In general, in order to improve the operating effectiveness of processes and their associated controls, the following series of steps needs to be followed in what sequence?
I. Implement monitoring and control capabilities
II. Collecting information about the problem or issue
III. Remediating causes of ineffectiveness or inefficiencies
IV. Determine the root cause of the issue
V. Define the problem, issue, and/or goal of the process
V II IV III I
Which control, when implemented, would best assist in meeting the control objective that a system have the capability to hold users accountable for functions performed?
Programmed cutoff
Redundant hardware
Activity logging
Transaction error logging
Activity logging
Activity logging provides an audit trail of user activity
Transaction error logging controls transactions rather than user terminal activity
All of the following are characteristic of computer machine language, except:
internal binary code.
hexadecimal code.
assembly language.
on/off electrical switches.
Assembly Language
Which of the following best describes what is contained in a data dictionary?
An organized description of the data items stored in a database and their meaning
A description of record layouts used by application programs
A description of the privileges and security rules governing database users
Before and after images of updated records in a database
An organized description of the data items stored in a database and their meaning
A data dictionary is a repository of definitions of data contained in a database.
…..A source code application file definition describes the record layouts used by an application program.
……The data control language describes the privileges and security rules governing database users.
…..A database recovery log file records the before and after images of updated records in a database.
A data ___is a description of all data elements, stores, and flows in a system.
dictionary
An edit of individual transactions in a direct access file processing system usually:
takes place in a separate computer run.
takes place in an online mode as transactions are entered.
takes place during a backup procedure.
is not necessary.
takes place in an online mode as transactions are entered.
During data entry in an online system, the input data is compared with its expected format. IN ORDER TO EDIT, YOU HAVE TO BE IN ONLINE MODE DUH BITCH
Erroneous management decisions might be the result of incomplete information. The best control to detect a failure to process all valid transactions is:
periodic user submission of test data.
user review of selected output and transactions rejected by edit checks.
controlled output distribution.
decollation of output.
user review of selected output and transactions rejected by edit checks.
Review of selected output, with selection being made by use of appropriate edit checks, may provide reasonable assurance that only accurate data is processed and reported.
A type of flowchart representing areas of responsibility (such as departments) as columns is called horizontal or ________ flowcharts.
A \_\_\_\_graphically describes the relationship among the input, processing, and output functions of an accounting information system (AIS).
____is all information required by a computer operator to run a program
Document Flow chart
Document flowcharts, also called horizontal flowcharts, depict areas of responsibility such as departments arranged horizontally across the chart.
system flowchart
Operating documentation
Which of the following activities would most likely detect computer-related fraud?
Using data encryption
Performing validity checks
Conducting fraud-awareness training
Reviewing the systems-access log
review system access log
Which of the following tasks is least likely to be undertaken in the implementation phase of an accounting software application?
Obtain and install hardware.
Enter and verify test data.
Identify inputs and outputs.
Document user procedures.
Identify input and outputs
he implementation phase of an accounting software application would include obtaining and installing hardware, documenting user procedures, training users, and entering and verifying test data.
Identifying inputs and outputs would occur in the systems design and development phase, preceding implementation.
An enterprise resource planning (ERP) system has which of the following advantages over multiple independent functional systems?
Modifications that can be made to each module without affecting other modules
Increased responsiveness and flexibility while aiding in the decision-making process
Increased amount of data redundancy since more than one module contains the same information
Reduction in costs for implementation and training
Increased responsiveness and flexibility while aiding in the decision-making process
An enterprise resource planning (ERP) system integrates all aspects of an organization’s activities into one accounting information system.
By combining financial and nonfinancial information, the entity can be more flexible and responsive while having more information available for decision making.
An ____) system integrates all aspects of an organization’s activities into one accounting information system.
enterprise resource planning (ERP
THESE ARE COMPONENTS OF WHAT?
Collect and store important nonfinancial data, such as the time the activity occurred.
Integrate financial and nonfinancial operating data, as both are required for proper and complete performance evaluation.
Collect and store data from external sources, such as data about customer satisfaction, to determine if the company is meeting its customer’s requirements and expectations.
ERP System
maintain the accuracy of the inputs, files, and outputs for specific applications…..this is the primary objective of what?
application controls
Which of the following computerized control procedures would be most effective in ensuring that data uploaded from personal computers to a mainframe are complete and that no additional data are added?
Batch control totals, including control totals and hash totals
Batch control totals, including control totals and hash totals, is the best procedure because the batch control totals for the data transferred can be reconciled with the batch control totals in the existing file. This provides information on the completion of the data transfer.
Processing data through the use of simulated files provides an auditor with information about the operating effectiveness of control policies and procedures. One of the techniques involved in this approach makes use of:
controlled reprocessing.
an integrated test facility.
input validation.
program code checking.
an integrated test facility.
An integrated test facility allows an auditor to introduce test data (simulated files) into an actual processing run to test the processing of that data. This provides evidence about operating effectiveness of the software.
“Input validation” is incorrect because input validation is a control that improves the accuracy of data entry, but does not provide information about control effectiveness
The purpose of a software monitor is to:
test for controls in computer programs.
collect data on the use of various hardware components during a computer run.
help application programmers to write error-free code.
provide self-documenting modules.
collect data on the use of various hardware components during a computer run.
The purpose of a software monitor is to collect data on the use of various hardware components during a computer run.
Tests for controls are the responsibility of the auditor who usually develops them. The other answer choices are not functions of software monitors. These functions can be performed by other utility-like software.
____provides the basic building blocks for cloud IT and typically provides access to IT assets from a cloud provider who charges on a pay-as-you-go basis.
IaaS (Infrastructure as aService)
___refers to cloud computing services that supply an on-demand environment for developing, testing, delivering, and managing software applications, allowing developers to focus on creating and delivering those applications rather than worrying about resource procurement, capacity planning, software maintenance, or infrastructure management.
PLatform as a service (PAAS)
Which of the following control activities should be taken to reduce the risk of incorrect processing in a newly installed computerized accounting system?
Segregation of duties
Ensure proper authorization of transactions
Adequately safeguard assets
Independently verify the transactions
Independently verify the transactions
Key verification is having another employee independently re-enter transactions, then programming the software to compare the inputs, looking for errors. . Check digit verification uses an extra character in numbers such as account numbers and part numbers. The software recomputes the extra character and flags incorrect numbers. Either type of verification will reduce the risk of incorrect processing.
Proper authorization doesn’t prevent ERRORs. This is like saying they authorize 2+2=4…but you were looking for a letter rather than a number.
Which of the following database controls would be most effective in maintaining a segregation of duties appropriate to the users’ reporting structure within an organization?
Access security features
Software change control procedures
Dependency checks
Backup and recovery procedures
Access security features
Access security features restrict users to functions and data compatible with organizational structure.
Software change control procedures provide controls over software changes for application development functions.
Access time in relation to computer processing is the amount of time it takes to:
transmit data from a remote terminal to a central computer.
complete a transaction from initial input to output.
perform a computer instruction.
retrieve data from memory.
retrieve data from memory.
Access time in relation to computer processing specifically refers to the amount of time it takes for a computer to seek out and find data or, as stated in the problem, “to retrieve data from memory.”
Completing a transaction from initial input to output and performing computer instructions are processing operations and the time it takes to perform them is called processing time
Which of the following information technology (IT) departmental responsibilities should be delegated to separate individuals? (segregation of duties)
Network maintenance and wireless access
Data entry and antivirus management
Data entry and application programming
Data entry and quality assurance
Data entry and application programming
If the same person did data entry and application programming, fraudulent data could be entered into the system and the application program could be structured to defeat controls that would detect the fraud.
Your firm has recently converted its purchasing cycle from a manual process to an online computer system. Which of the following is a probable result associated with conversion to the new automated system?
Processing errors are increased.
The nature of the firm’s risk exposure is reduced.
Processing time is increased.
Traditional duties are less segregated.
Traditional duties are less segregated.
Conversion to automated data processing usually reduces the existing segregation of duties because the computer combines many functions which previously could have been performed by separate persons. Thus, an individual with access to the various computer functions could perform incompatible duties.
, has little or no effect on the types of risk to which the firm is exposed,
Which of the following is a tool that is useful in conducting a preliminary analysis of internal controls in an organization or organizational unit?
Flowcharting
Gantt charts
Ratio analysis
Statistical analysis
flow chart
Flowcharts are useful in evaluating processes and controls in an organization or unit. They present a pictorial overview of the processes and controls.
A customer intended to order 100 units of product Z96014, but incorrectly ordered nonexistent product Z96015. Which of the following controls most likely would detect this error?
Check digit verification
A check digit is a specific type of input control, consisting of a single digit in an identification code that is computed from the other digits in the field. If the identification code is mis-keyed, a formula or algorithm will reveal that the check digit is not correct, and the incorrect part number will be identified.
Hash totals are a nonsense total; for example, the sum of the digits of a series of invoice numbers. There is no series of numbers to total in this question.
What are the 5 components of data processing cyle
collection refinement processing maintenance output
Which of the following is not an attribute of a relational database?
A primary key uniquely identifies a specific row in a table.
A foreign key is an attribute in one table that is a primary key in another.
Other non-key attributes in each table store important information about that entity.
Each column contains information about a specific item.
Each column contains information about a specific item.
In a relational database, each row (not column) contains information about a separate entity. Each column contains information about entity attributes.
In a relational database, a primary key uniquely identifies a specific row in a table. Other non-key attributes in each table store important information about that entity. A foreign key is an attribute in one table and a primary key in another.
RELATIONAL DATABASES
Most new database systems are relational databases that store data as ___. Each ___in a relational table contains data about a separate entity
Each ___in a table contains information about entity attributes
Relational database tables have THREE attributes:
- ___key uniquely identifies a specific row
- ____key is an attribute in one table thats a primary key in another
- Other____attributes in each table store important info about that entity
____ is the process of following guideliens for properly designing a relational database.
TABLES , Row
column
Primary Key
Foreign key
non-key attributes
Normalization
In a continuous improvement environment, automated monitoring of controls is mandatory
false -it is optional
A corrective control solves problems after they are discovered. Which of the following is the best example of a corrective control?
Storing backup copies of important files in a secure off-site location
Preparing bank reconciliations
Preparing monthly trial balances
Segregating employees’ duties so no one can commit and conceal a fraud
Storing backup copies of important files in a secure off-site location
Storing backup copies of files is a corrective control. Bank reconciliations and monthly trial balances are detective controls, and segregating employees is a preventive control.
___controls, which help solve problems after they are discovered.
Corrective
A fast-growing service company is developing its information technology internally. What is the first step in the company’s systems development life cycle?
Analysis
Implementation
Testing
Design
analysis
System analysis is the first step in the system development life cycle. This is where the information necessary to decide whether to purchase or develop a system is gathered
____controls are a system designed to monitor the sending of data from one place to another by means of a signal over a channel.
Data transmission
Which of the following is not a standard procedure in reviewing and reconciling data when following output controls?
Monitor the data communicator network to assess weaknesses that need improvement
Have data control compare output control totals to input control totals
Have data control review all output for accuracy
Have all users review data control for accuracy
Monitor the data communicator network to assess weaknesses that need improvement
Monitoring the data communicator network is a data transmission control, not an output control.
Output controls include users reviewing data control for accuracy, data control reviewing all output for accuracy, and data control comparing output control totals to input control totals.
A systems program:
manipulates application programs.
employs complex mathematical algorithms.
is used in systems analysis and design activities.
manipulates transaction data in one of many applications
manipulates app programs
By definition, systems software consists of programs that act on the instructions provided in application programs. Stated another way, a systems program manipulates application programs.
Employee numbers have all numeric characters. To prevent the input of alphabetic characters, what technique should be used?
CHECK DIGIT
False - Field Check
With a field check, the computer checks that the characters entered are the proper type (e.g., alpha or numeric).
Management reporting systems:
rely on internally generated data.
rely on both internally generated and externally generated data.
rely on externally generated data.
gather operating data but do not capture financial data.
rely on both internally generated and externally generated data.
Management reporting systems rely on a mix of internal and external data. They also combine financial and operational data so that managers have flexibility in determining the information that they will use for decision making.
Read a transaction file from an old master file
When primary keys match, it updates the old master file record
Creates a new master file w/ an updated version
THIS IS WHAT
Batch Processing
Caputes data electronically & edits for accuracy/completeness
Processes info requests from users by locating gdesired info and displaying it in a specified format
WHAT IS THIS
Real Time Processing
