33 terms

Chapter 13 BEC cpa 2011

The firewall system that limits access to a computer by routing users to replicated websites is
A proxy server

A proxy server maintains copies of websites to be accessed by specified
users. Outsiders are directed there, and more important information is not available from this
access point.
Which of the following environmental control risks is more likely with personal computers
than in a mainframe environment with dedicated terminals?

Copyright violations due to the use of unauthorized copies of A. purchased software.
B. Unauthorized access to data.
C. Lack of data availability due to inadequate data retention policies.
D. All of the answers are correct.
Answer (D) is correct. When personal computers are used, likely environmental control
risks include copyright violations that occur when unauthorized copies of software are
made or software is installed on multiple computers. Access to application programs and
related data by unauthorized persons is another concern because of lack of physical access
controls, application-level controls, and other controls found in mainframe environments.
Moreover, a personal computer environment may be characterized by inadequate backup,
recovery, and contingency planning that may result in an inability to re-create the system
or its data
A value-added network (VAN) is a privately owned network that performs which of the
following functions?
A. Route data transactions between trading partners.
B. Route data within a company's multiple networks.
C. Provide additional accuracy for data transmissions.
D. Provide services to send marketing data to customers
Answer (A)Value-added networks (VANs) are private networks that provide their
customers with reliable, high-speed, secure transmission of data. To compete with the Internet,
these third-party networks add value by providing their customers with error detection and
correction services, electronic mailbox facilities for EDI purposes, EDI translation, and
security for email and data transmissions.
Which of the following areas will usually experience an increase in risk as personal computers
replace mainframe environments?
I. Backup and recovery
II. Application development costs
III. Batch updating of records
IV. Access security
V. Copyright violations
Answer (D) is correct. Personal computer users may be unaware of the need to make
frequent file back-ups or lack the expertise or hardware to do so. Personal computer use
also usually results in an increase in security concerns. Another increased risk pertains to
copyright violations. Making unauthorized copies of software is fairly easy and sometimes
may be an informally accepted method of reducing software costs for personal computer
Gleim CPA Test Prep: Business
(80 questions)
Most client-server applications operate on a three-tiered architecture consisting of which of the
following layers?
Desktop client, application, A. and database.
A national retailer required more detailed data to help stock its stores with the right products
and to increase its turnover. Such data amounted to several gigabytes per day from each store.
A new high-speed company-wide network was needed to transmit and analyze the data. The
company wanted the features, functionality, and control of a sophisticated voice and data
network without the cost of the components or the staff to maintain it. Which of the following
options would be most suitable?
A virtual private network is a carrier-provided service in which the
public switched network provides capabilities similar to those of dedicated private lines but at
a lower cost. In effect, an unlimited number of virtual networks can be created from the single
common physical network. Virtual networks are made possible by intelligent networking
technology, which provides the means for routing telephone calls over the best paths without
dedicated lines. Thus, the telephone carrier serves as a PBX.
A distributed processing environment is most beneficial in which of the following situations?
Large volumes of data are generated at many locations and fast A. access is required.
B. Large volumes of data are generated centrally and fast access is not required.
Small volumes of data are generated at many locations, fast access is required, and
summaries of the data are needed promptly at a central site.
Small volumes of data are generated centrally, fast access is required, and summaries are
needed monthly at many locations.
Answer (A) is correct. Distributed processing involves decentralizing processing tasks
and data storage and assigning these functions to multiple computers, often in separate
locations. Therefore, a situation in which large volumes of data are generated at many
locations, with fast access being a necessity, would be benefited by a distributed
processing environment.
A limitation of using a PBX-based system for this network is that
The system cannot easily handle large volumes of data

A PBX has the advantage of using existing telephone lines and
therefore not needing special wiring. Moreover, equipment can be moved without
necessitating rewiring. However, because PBX-based systems use telephone wiring (most
often copper wire), they cannot easily handle large volumes of data.
The network signaling technology that makes the Internet possible is
Routers are highly intelligent networking devices that have tables
stored in memory that tell them the most efficient path along which each transmitted data
packet should be sent. Routing is what makes the Internet possible
Frame relay and asynchronous transfer mode (ATM) are examples of
Packet switched networks In packet switching, the data bits making up a message are broken
up into packets of predefined length. Each packet has a header containing the electronic
address of the device for which the message is intended. Frame relay and ATM
(asynchronous transfer mode) are examples of fast packet switched network protocols.
Common security issues that must be addressed with electronic commerce transactions include
Authentication, authorization, confidentiality, A. and verification.
Security issues in electronic commerce include
1. The correct identification of the transacting parties (authentication)
2. Determination of who may rightfully make binding agreements (authorization)
3. Protecting the confidentiality and integrity of information
4. Assuring the trustworthiness of listed prices and discounts
5. Providing evidence of the transmission and receipt of documents
6. Guarding against repudiation by the sender or recipient
7. The proper extent of verification of payment data
8. The best method of payment to avoid wrongdoing or disagreements
9. Lost or duplicated transactions
10. Determining who bears the risk of fraud
The best approach for minimizing the likelihood of EDI software incompatibilities leading to
unintelligible messages is for a company and its customers to
B. Agree to synchronize their updating of EDI-related software.

EDI entails the exchange of common business data converted into
standard message formats. Thus, two crucial requirements are that the participants agree
on transaction formats and that translation software be developed to convert messages into
a form understandable by other companies. Thus, if one company changes its software, its
trading partners also must do so.
Organizations that move to implement EDI often use value-added networks (VANs). Which of
the following is not normally performed by a VAN?
A. Store electronic purchase orders
B. Provide Common interfaces across org'z
C. Maintain log of transactions with trading partner
D. Provide translations form clients computer applications to standard protocol used for edi communication
Answer (D) is correct. Companies must purchase their own software to translate their
data to a national standard protocol for EDI purposes, either ANSI X.12 in the U.S. or
UN/EDIFACT in Europe and most of the rest of the world. Once the data are in the
standard format, the VAN handles all aspects of the communication. VANs are privatelyowned
telecommunications carriers that sell capacity to outside users. Among other
things, a VAN provides a mailbox service permitting EDI messages to be sent, sorted, and
held until needed in the recipient's computer system.
Regardless of whether a company develops, buys, leases, or pays for the use of the software for
EDI transmissions, internal audit should be responsible for evaluating whether the software
Meets business objectives.

An EDI application should meet business objectives and satisfy
user and control requirements. The internal auditors should consider the organization's
important EDI applications because they represent significant risk exposures and control
problems. This role is within the scope of work of the internal auditors, who are charged
with examining and evaluating internal control and the quality of performance in carrying
out assigned responsibilities.
Suppose a company begins bar coding raw materials and production, implements EDI with
suppliers and customers, and invests in new automated equipment for production. A risk
associated with these changes is that
The risk is dysfunctional behavior; e.g., machine operators may
persist in maximizing throughput rather than producing high quality products to order.
The changes may be overwhelming if careful attention is not given to managing both their
technical and behavioral aspects, including involving employees in planning for the
Which of the following is normally a benefit of using electronic funds transfer (EFT)?
A. Improvement of the audit trail for cash receipts and disbursements.
B. Creation of self-monitoring access controls.
C. Reduction of the frequency of data entry errors.
D. Off-site storage of source documents for cash transactions.
Answer (C) is correct. The processing and transmission of electronic transactions, such as
EFTs, virtually eliminates human interaction. This process not only helps eliminate errors but
also allows for the rapid detection and recovery from errors when they do occur.
The Electronic Fund Transfer Act (EFTA) is consumer legislation that would not apply to
transactions originated through
A. Point-of-sale terminals (POS).
B. Automated tellers (ATM).
C. Machine-generated checks.
D. Transfers by telephone (or pay-by-phone).
An electronic fund transfer is a "transfer of funds, other than a
transaction originated by check, draft, or similar paper instrument, initiated through an
electronic terminal, telephonic instrument, or computer or magnetic tape so as to order,
instruct, or authorize a financial institution to debit or credit an accoun
Which of the following is usually a benefit of using electronic funds transfer (EFT) for
international cash transactions?
A. Creation of multilingual disaster recovery plans.
B. Reduction in the frequency of data entry errors.
C. Off-site storage of foreign source documents.
D. Improvement in the audit trail for cash transactions.
Answer (B) is correct. The use of EFT eliminates the need for several manual data entry
operations, reducing the potential for data entry errors.
Place the following sequence of events in an AIS in the proper logical order:
I. Trial balances are prepared .
II. The transaction data from source documents is entered into the AIS by an end user.
III. Financial reports are generated.
IV. These transactions are recorded in the appropriate journal.
V. The original paper source documents are filed .
VI. The transactions are posted to the general and subsidiary ledgers.
a. V, II , VI , IV, I, III.
b. II, V, VI , IV, I, III.
c. II , V, IV, VI, I, III.
d. V, II , VI , IV, III , I.
Choice "c" is correct. The sequence of events in an AIS is as follows :
Online transaction processing (OL TP) systems playa strategic role in electronic commerce. One of the key
features of OL TP systems is:
a. Selection of products from previously distributed catalogs.
b. Postal confirmation of transactions within three days of execution.
c. Immediate real time processing of transactions.
d. Inspection of other consumer purchases as a basis for recommendations.
A distributed processing environment would be most beneficial in which of the following situations?
a. Large volumes of data are generated at many locations and fast access is required.
b. Large volumes of data are generated centrally and fast access is not required.
c. Small volumes of data are generated at many locations, fast access is required , and summaries of the
data are needed promptly at a central site.
d. Small volumes of data are generated centrally, fast access is required , and summaries are needed
monthly at many locations.
Choice "a" is correct. A distributed (or decentralized) processing environment would be the most beneficial
when large volumes of data are generated at many (remote) locations and fast access to the data is required .
In centralized processing, there is always some delay (however small these days) in transmitting large
volumes of data or transactions to the central site to be processed and then to be able to access the
processed information.
Which of the following are components of a Business Information System (BIS)?
a. Hardware, software, and reports.
b. Hardware, software, network, people, and data.
c. Software, reports, data, and networks.
d. Queries, data, reports, and people.
Choice "b" is correct. One of the most basic and vital information technology components of any business is
that of the software known specifically as the "Business Information System." Hardware, software, network,
people, and data are components of BIS.
Business Information Systems (BIS) allow a business to perform the following functions on data:
a. Distribute, collect, report, and transform.
b. Process, report, and store.
c. Initiate, process, distribute, transform, and store.
d. Collect, process, store, transform , and distribute.
Choice "d" is correct. Business Information Systems allow a business to perform the following functions on
data: collect, process, store, transform , and distribute.
Which of the following technologies can be used, under an open architecture, to facilitate data aggregation ,
transfer, and connectivity between disparate or stand-alone systems?
a. Linux.
b. XBRL.
c. HTTP.
d. CAT5.
Choice "b" is correct. XBRL, the acronym for eXtensible Business Reporting Language, is derived from XML
(eXtensible markup language). XBRL is an open, royalty-free, Internet-based information standard for
business reporting of all kinds. XBRL labels data so that they are provided with context that remains with
them and brings conformity to the names by which they are recognized by disparate software.
During the annual audit, it was learned from an interview with the controller that the accounting system was
programmed to use a batch processing method and a detailed posting type. This would mean that individual
transactions were:
a. Posted upon entry, and each transaction had its own line entry in the appropriate ledger.
b. Assigned to groups before posting , and each transaction had its own line entry in the appropriate ledger.
c. Posted upon entry, and each transaction group had a cumulative entry total in the appropriate ledger.
d. Assigned to groups before posting , and each transaction group had a cumulative entry total in the
appropriate ledger.
Choice "b" is correct. With batch processing, input documents/transactions are collected and grouped by type
of transaction. These groups (called batches) are processed periodically (e.g., daily, weekly, monthly, etc.).
Examp/e: A payroll system might use batch processing. Time sheets are batched in groups (batches), and
inputted as single transactions. The individual transactions are then posted to a payroll record for tax and
financial reporting
Which of the following statements is not correct for segregation of duties in an IT environment?
a. The IT department is a support group in that it normally does not initiate or authorize transactions.
b. Segregation of duties in an IT environment normally revolves around granting and/or restricting access to
production data and/or production programs.
c. The duties of system analysts and application programmers should never be combined.
d. Segregation of duties in an IT environment is defined as dividing responsibilities for different portions of a
transaction among several different people.
Choice "c" is correct as it is the only incorrect statement. The duties of system analysts and application
programmers can be, and often are, combined . The duties of system programmers and application
programmers should not be combined
Which of the following areas of responsibility are normally assigned to a systems programmer in a computer
system environment?
a. Systems analysis and applications programming.
b. Data communications hardware and software.
c. Operating systems and compilers.
d. Computer operations.
Choice "c" is correct. This is exactly what systems programmers do; they work with operating systems and
compilers, etc.
Abbie mails her phone bill in every month with a remittance advice to the phone company. The remittance
advice includes machine readable code that automates the input of the receipt. The remittance advice is
sometimes referred with the following term :
Choice "c" is correct. Machine readable companion documents such as the remittance advice that goes with
various bill payments are referred to as turnaround documents. These documents improve data input
Which of the following is the responsibility of an MIS or EDP steering committee?
a. A steering committee plan shows how a project will be completed, including the modules or tasks to be
performed and who will perform them, the dates they should be completed, and project costs.
b. A steering committee must develop clear specifications. Before third parties bid on a project, clear
specifications must be developed, including exact descriptions and definitions of the system, explicit
deadlines, and precise acceptance criteria.
c. A steering committee should be formed to guide and oversee systems development and acquisition.
d. Steering committee must assess the operations of IT using system performance measurements.
Common measurements include: throughput (output per unit of time), utilization (percentage of time the
system is being productively used), and response time (how long it takes the system to respond).
Choice "c" is correct. A steering committee has broad objectives that include the oversight of systems
development and acquisition after an assessment of data proceeding needs.
Which of the following is considered an application input control?
a. Run control total.
b. Edit check.
c. Report distribution log.
d. Exception report.
Choice "b" is correct. An edit check is an application input control that validates data before the data is
successfully inputted. Batches containing transactions with errors, incorrect batch totals, and batches where
debits do not equal credits are written to a suspended transaction file . These transactions are then corrected
and resubmitted . All transactions must be corrected and resubmitted before end-of-month processing can
Which of the following items would be most critical to include in a systems specification document for a
financial report?
a. Cost-benefit analysis.
b. Data elements needed.
c. Training requirements.
d. Communication change management considerations.
Choice "b" is correct. Data elements should always be included in the system specification document for a
financial report. Data elements define the building blocks of the information provided in a financial report.
Program modification controls do what?
a. are controls over the modification of programs being used in production applications.
b. include both controls that attempt to prevent changes by unauthorized personnel and controls that track program changes so that there are an exact record of what versions what programs were running.
c. program change control software normally a software change management tool and a change request tracking tool.
What is Public key infrastructure?
PkI refers to the system and processes used to issue and manage asymmetric keys and digital certificates