Information System Flashcards Preview

CPA Exam - BEC > Information System > Flashcards

Flashcards in Information System Deck (39):
1

One important purpose of COBIT is to
A. Guide managers, users, and auditors to adopt best practices related to the management of information technology.
B. Identify specific control plans that should be implemented to reduce the occurrences of fraud.
C. Specify the components of an information system that should be installed in an e-commerce environment.
D. Suggest the type of information that should be made available for management decision-making.

A. Guide managers, users, and auditors to adopt best practices related to the management of information technology.


This is one important purpose of COBIT.

2

COBIT

COBIT (Control Objectives for Information and Related Technologies) is a good-practice framework created by international professional association ISACA for information technology (IT) management and IT governance.

3

In COBIT, the process of ensuring security and continuous service falls within the _______ control process domain.
A. Acquire and implement.
B. Deliver and support.
C. Monitor and evaluate.
D. Plan and organize.

B. Deliver and support.


The process of security and continuous service does fall within the deliver and support control process domain.

4

One important purpose of COBIT is to
A. Guide managers, users, and auditors to adopt best practices related to the management of information technology.
B. Identify specific control plans that should be implemented to reduce the occurrences of fraud.
C. Specify the components of an information system that should be installed in an e-commerce environment.
D. Suggest the type of information that should be made available for management decision-making.

A. Guide managers, users, and auditors to adopt best practices related to the management of information technology.


This is one important purpose of COBIT.

5

Which of the following is true of enterprise resource planning (ERP) systems?

I. The online analytical processing system (OLAP) provides data warehouse capabilities for the ERP system.

II. The ability of an ERP system to provide an integrated view of transactions in all parts of the system is a function of the online transaction processing (OLTP) system.
A. I only.
B. II only.
C. Both I and II.
D. Neither I nor II.

A. I only.


The online analytical processing system (OLAP) incorporates data warehouse and data mining capabilities within the ERP.

The online transaction processing system (OLTP) records the day-to-day operational transactions and enhances the visibility of these transactions throughout the system. It is primarily the OLAP and not the OLTP, that provides an integrated view of transactions in all parts of the system. The OLTP is primary concerned with collecting data (and not analyzing it) across the organization.

6

A client would like to implement a management information system that integrates all functional areas within an organization to allow information exchange and collaboration among all parties involved in business operations. Which of the following systems is most effective for this application?
A. A decision support system.
B. An executive support system.
C. An office automation system.
D. An enterprise resource planning system.

D. An enterprise resource planning system.


ERPs provide transaction processing, management support, and decision-making support in a single, integrated package. By integrating all data and processes of an organization into a unified system, ERPs attempt to eliminate many of the problems faced by organizations when they attempt to consolidate information from operations in multiple departments, regions, or divisions. This is the correct answer since facilitating information exchange and collaboration is the primary purpose of the proposed system.

7

In DRP (disaster recovery plan), top priority is given to which activities?
A. Accounting.
B. Manufacturing.
C. Mission critical.
D. Business critical.

C. Mission critical.

Mission critical tasks are given first priority in DRP.

8

In DRP (disaster recovery plan), the lowest priority is given to which activities?
A. Accounting.
B. Manufacturing.
C. Mission critical.
D. Task critical.

C. Mission critical.

9

A controller is developing a disaster recovery plan for a corporation's computer systems. In the event of a disaster that makes the company's facilities unusable, the controller has arranged for the use of an alternate location and the delivery of duplicate computer hardware to this alternate location. Which of the following recovery plans would best describe this arrangement?

A. Hot site.
B. Cold site.
C. Back-up site procedures.
D. Hot spare site agreement.

B. Cold site.


In a cold site approach to disaster recovery, hardware and records are delivered after the occurrence of a disaster. This approach is less expensive, but more risky than a hot site approach.

10

DRP

disaster recovery plan

11

Which of the following information technology (IT) departmental responsibilities should be delegated to separate individuals?
A. Network maintenance and wireless access.
B. Data entry and antivirus management.
C. Data entry and application programming.
D. Data entry and quality assurance.

C. Data entry and application programming.


The separation of the data entry function from the application programming function is critical to the segregation of duties within an IT department. This is because if one both enters data and changes the programs into which those data are entered, one can perpetrate consequential financial frauds. This is why data entry occurs within the operations unit of an IT department and application development occurs within the development function of an IT department. These functions must be kept separate and their duties segregated. Therefore, this is the best answer to the question.

12

In a large multinational organization, which of the following job responsibilities should be assigned to the network administrator?
A. Managing remote access.
B. Developing application programs.
C. Reviewing security policy.
D. Installing operating system upgrades.

A. Managing remote access.

Managing remote access is an appropriate responsibility for a network administrator.

13

IT people controls are mostly
A. Application, Corrective.
B. General, Corrective.
C. General, Detective.
D. General, Preventive.

D. General, Preventive.

Most IT people controls are general and preventive. For example, the segregation of duties prevents employees from making unauthorized changes to program and data files.

14

In a large firm, the custody of an entity's data is most appropriately maintained by which of the following personnel?
A. Data librarian.
B. Systems analyst.
C. Computer operator.
D. Computer programmer.

A. Data librarian.


The data librarian is the person who should maintain the custody of an entity's data in a large firm.

15

To maintain effective segregation of duties within the information technology function, an application programmer should have which of the following responsibilities?
A. Modify and adapt operating system software.
B. Correct detected data entry errors for the cash disbursement system.
C. Code approved changes to a payroll program.
D. Maintain custody of the billing program code and its documentation.

C. Code approved changes to a payroll program.


This is an appropriate responsibility for an application programmer.

16

In an e-commerce environment that requires that the information technology (IT) system be available on a continuous basis, more emphasis will be placed on which of the following aspects of the planning than in a traditional organization?
A. Maintain appropriate written source documents so the data can be re-entered if it is lost or compromised.
B. Maintain redundant systems for instant availability to assure the flow of transactions.
C. Review additional expenses to obtain the required amount of business interruption insurance coverage for the organization.
D. Assure that appropriate data backups are stored in an off-site location.

B. Maintain redundant systems for instant availability to assure the flow of transactions.


This is the best answer since system redundancy is essential to ensuring business continuity.

17

What is an example of the use of the cloud to access software and programs?
A. IaaS
B. PaaS
C. SaaS
D. SAP

C. SaaS


SaaS is the use of the cloud to access software.

18

Credit Card International developed a management reporting software package that enables members interactively to query a data warehouse and drill down into transaction and trend information via various network set-ups. What type of management reporting system has Credit Card International developed?
A. On-line analytical processing system.
B. On-line transaction-processing system.
C. On-line executive information system.
D. On-line information storage system.

A. On-line analytical processing system.


On-line analytical processing systems (OLAPs) are an increasingly important multidimensional analytical tool. An OLAP is a modification and expansion of an on-line transaction processing system to provide the capabilities and functionalities identified in this question.

19

Which of the following is true of enterprise resource planning (ERP) systems?

I. The online analytical processing system (OLAP) provides data warehouse capabilities for the ERP system.

II. The ability of an ERP system to provide an integrated view of transactions in all parts of the system is a function of the online transaction processing (OLTP) system.
A. I only.
B. II only.
C. Both I and II.
D. Neither I nor II.

A. I only.


The online analytical processing system (OLAP) incorporates data warehouse and data mining capabilities within the ERP.

The online transaction processing system (OLTP) records the day-to-day operational transactions and enhances the visibility of these transactions throughout the system. It is primarily the OLAP and not the OLTP, that provides an integrated view of transactions in all parts of the system. The OLTP is primary concerned with collecting data (and not analyzing it) across the organization.

20

Which of the following roles is responsible for prioritizing systems development proposals?
A. IT Steering Committee.
B. Lead systems analyst.
C. Application programmers.
D. End users.

A. IT Steering Committee.


This group's principal duty is to approve and prioritize systems proposals for development.

21

Which of the following is responsible for identifying problems and proposing initial solutions?
A. IT Steering Committee.
B. Lead systems analyst.
C. Application programmers.
D. End users.

D. End users.


This group has the primary responsibility of identifying problems and proposing initial solutions.

22

Which of the following is responsible for designing, creating, and testing programs?
A. IT Steering Committee.
B. Lead systems analyst.
C. Application programmers.
D. End users.

C. Application programmers.

23

Which of the following types of documentation would a computer operator use to determine how to set up and run a specific computer application.
A. Program documentation.
B. Run manual.
C. Systems documentation.
D. Data flow diagrams.

B. Run manual.

24

Rose and McMullin, a regional public accounting firm, has recently accepted a contract to audit On-the-Spot, Inc., a mobile vending service that provides vending machines for large events. On-the-Spot uses a computerized accounting system, portions of which were developed internally to integrate with a standard financial reporting system that was purchased from a type of documentation will be most useful to Rose and McMullin in determining how the system as a whole is constructed?
A. Operator documentation.
B. Program documentation.
C. Systems documentation.
D. User documentation.

C. Systems documentation.


Systems documentation provides an overview of the program and data files, processing logic, and interactions with each of the other programs and systems and is appropriate for the auditor to use as a means of gaining familiarity with the system.

25

Management of a company has a lack of segregation of duties within the application environment, with programmers having access to development and production. The programmers have the ability to implement application code changes into production without monitoring or a quality assurance function. This is considered a deficiency in which of the following areas?
A. Change control.
B. Management override.
C. Data integrity.
D. Computer operations.

A. Change control.


The management of changes to applications is part of the Source Program Library Management System (SPLMS).

26

The requirements definition document is signed at this stage:
A. Planning and feasibility.
B. Analysis.
C. Design and development.
D. Implementation.

B. Analysis.

27

Which of the following is responsible for overall program logic and functionality?
A. IT Steering Committee.
B. Lead systems analyst.
C. Application programmers.
D. End users.

B. Lead systems analyst.

This individual is usually responsible for all direct contact with the end user and for developing overall programming logic and functionality.

28

Which of the following roles is responsible for prioritizing systems development proposals?
A. IT Steering Committee.
B. Lead systems analyst.
C. Application programmers.
D. End users.

A. IT Steering Committee.

This group's principal duty is to approve and prioritize systems proposals for development.

29

Which of the following is considered an application input control?
A. Run control total.
B. Edit check.
C. Report distribution log.
D. Exception report.

B. Edit check.

An edit check is an application input control. Therefore, this is the best answer to this question.

30

What is the primary objective of data security controls?
A. To establish a framework for controlling the design, security, and use of computer programs throughout an organization.
B. To ensure that storage media are subject to authorization prior to access, change, or destruction.
C. To formalize standards, rules, and procedures to ensure that the organization's controls are properly executed.
D. To monitor the use of system software to prevent unauthorized access to system software and computer programs.

B. To ensure that storage media are subject to authorization prior to access, change, or destruction.



Ensuring that accessing, changing, or destroying storage media is subject to authorization is, in fact, a primary objective of data security controls.

31

An audit trail is considered what type of control?
A. Input.
B. Processing.
C. Output.
D. Software.

B. Processing.

32

This is an example of B2G
A. Amazon.
B. Municipal audit procurement.
C. Online chemical sales.
D. RAID.

B. Municipal audit procurement.


Municipal audit procurement is an example of business to government e-commerce.

33

Which of the following is not an example of an e-commerce system?
A. Customer relationship management (CRM).
B. Electronic data interchange (EDI).
C. Supply chain management (SCM).
D. Electronic funds transfer (EFT).

A. Customer relationship management (CRM).


Customer relationship management (CRM) systems are e-business systems, but are not e-commerce systems, because they are used primarily for internal operations.

34

Which of the following is an example of a non-financial transaction?
A. Sending a purchase order to a vendor to purchase items for re-sale.
B. Creating a cash receipt to mark receipt of a customer payment.
C. Preparing a payroll check to send to an employee in payment of the current month's wages.
D. Approving a vendor invoice for payment.

A. Sending a purchase order to a vendor to purchase items for re-sale.


Sending a purchase order to a vendor to purchase items for re-sale is an example of a non-financial transaction, as it does not require a debit/credit entry in the accounting system (there is no completed transaction, just a request for a transaction).

35

This system is sometimes also called a TPS.
A. Operational system.
B. MIS.
C. DSS.
D. ESS.

A. Operational system.

Operational systems are sometimes called TPS (transaction processing systems).

36

QuikStop, Inc., a local convenience store chain, is planning to install point-of-sale (POS) systems in all eight of its locations by the end of the year. In the first year or so of operation, QuikStop can reasonably expect to experience all of the following except
A. Increases in order processing efficiency.
B. Increases in order processing accuracy.
C. Decreases in total inventory carrying costs.
D. Decreases in total inventory order costs.

D. Decreases in total inventory order costs.


The reduction in inventory levels results in more frequent ordering for smaller quantities. This, in turn, leads to higher total inventory order costs.

37

Which of the following statements is true regarding small business computing?
A. Independent third-party review is especially important.
B. Backup procedures are important.
C. Additional supervision of computing may be necessary.
D. All of the above.

D. All of the above.


All of the above statements are true.

38

Which of the following is not a benefit of mobile computing?
A. Reduced usability issues.
B. Cheaper data capture.
C. Better organizational information quality .
D. Better integration with cloud-based system applications.

A. Reduced usability issues.


Mobile computing increases, not decreases, usability issues since systems must be redesigned for display and data entry on small screens.

39

Which of the following statements is true regarding small business computing?
A. General IT controls are less important in a small business computing environment.
B. Spreadsheets should be reviewed and tested by an independent third party.
C. The centralized IT department should be the primary source of control.
D. All of the above.

B. Spreadsheets should be reviewed and tested by an independent third party.