275 terms

Information Technology

Module 41
STUDY
PLAY
Information Systems
processes data and transactions to provide users with the information they
need to plan, control and operate an organization
I/S Processes
a. Collecting transaction and other data

b. Entering it into the information system

c. Processing the data

d. Providing users with the information needed

e. Controlling the process
Office automation systems
Designed to improve productivity by supporting daily work of employees (e.g.,
word processing, spreadsheets, presentation tools, e-mail, electronic calendars, contact management software)
Transaction processing systems
Involve the daily processing of transactions (e.g., airplane reservation systems, payroll recording, cash receipts, cash disbursements)
Management reporting systems
Designed to help with the decision-making process by providing access to computer data
Management information systems
Systems designed to provide past, present and future information for planning, organizing and controlling the operations of the organization
Decision support systems
Computer-based information systems that combine models and data to resolve nonstructured problems with extensive user involvement
Expert systems
Computer systems that apply reasoning methods to data in a specific relatively structured area to render advice or recommendations, much like a human expert
Executive information systems
Computerized systems that are specifically designed to support executive work
System Development Lifecycle (SDLC)
(1) planning,
(2) analysis,
(3) design,
(4) development,
(5) testing,
(6) implementation,
(7) maintenance
Planning Phase
(1) Identify the problem(s) the proposed system will solve.
(2) Define the system to be developed. This involves identifying and selecting the system to be developed based on the strategic goals of the organization.
(3) Determine the project scope. This activity sets the project's boundaries by providing a clear
understanding of what the new system will do and how it will be evaluated. A project scope document is used to describe the project scope. During the process of systems design, the scope of the project may be revisited and revised.
(4) Develop a project plan. The project plan defines the activities that will be performed, and the individuals and resources that will be used. A project manager is the individual who develops the plan and tracks its progress. The plan establishes project milestones which set forth dates by which certain activities need to be performed.
(5) Evaluate the initial feasibility of the project. Feasibility analysis may involve multiple measures
including determining the project's technical, organizational, and economic feasibility.
Analysis Phase
Typically, processing,
data, and logic models are produced during this phase to help determine the system requirements. A needs
assessment may also be performed. A needs assessment involves determining the requirements for the system in terms of processes, data capture, information and reporting. Next, an analysis is performed on the existing system along the same dimensions. Then, a gap analysis is performed to examine the differences
(gaps) between the required system and the existing system. Finally priorities will be established for the gaps
(requirements) which will be documented in a requirements definition document, which will receive signoff from the end users.
Requirements Definition Document includes:
(1) Performance levels
(2) Reliability
(3) Quality
(4) Interfaces
(5) Security and privacy
(6) Constraints and limitations
(7) Functional capabilities
(8) Data structures and elements
Design Phase components
(1) Databases
(2) User interfaces for input and output
(3) Required reports
(4) Programs
(5) Infrastructure and controls
Development Phase
documents from the design phase are transformed into the actual system. In the design phase the platform on which the system is to operate is built or purchased off-the-shelf and customized and databases are developed
Testing Phase
(1) Unit testing. Unit testing involves testing the units or pieces of code.

(2) System testing. System testing involves testing of the integration of the units or pieces of code into a system.

(3) Integration testing. Integration testing involves testing whether the separate systems can work together.

(4) User acceptance testing. User acceptance testing determines whether the system meets the business
requirements and enables users to perform their jobs efficiently and effectively.
Implementation Phase
involves putting the system in operation by the users. In order to effectively implement the system detailed user documentation must be provided to the users, and the users must be adequately trained.
Parallel Implementation
This method uses both systems until it is determined that the new system is
operating properly. This has the advantage of a full operational test of the new system with less risk of a system disaster. The disadvantage of this method is the additional work and cost during the period in which both systems are operating
Plunge Implementation
Using this method the organization ceases using the old system and begins using
the new system immediately. This method is less costly than the parallel method but it has higher risk of a system breakdown.
Pilot Implementation
This method involves having a small group of individuals using the new system until it is seen to be working properly. This has the advantage of providing a partial operational test of
the new system at a lower cost than parallel implementation
Phased Implementation
This method involves installing the system in a series of phases
Maintenance Phase
This phase involves monitoring and supporting the new system. In this phase the organization provides ongoing training, help desk resources, and a system for making authorized and tested changes to the system
A software package that is used with a large set of
organized data that presents the computer as an expert on a particular topic is referred to as a(n)

a. Data mining.
b. Expert system.
c. Artificial intelligence.
d. Virtual reality.
(b) The requirement is to identify a type of software
package that uses a large set of organized data that presents the computer as an expert on a particular topic. Answer (b) is correct because an expert system presents the computer as such an expert. Answer (a) is incorrect because data mining
uses tools which look for trends or anomalies without advance knowledge of the meaning of the data. Answer (c) is incorrect because artificial intelligence is a branch of computer science
that involves computer programs that can solve specific problems creatively. Answer (d) is incorrect because virtual reality involves computer creation of an artificial, three dimension
world that may be interacted with.
Computer memory which is used to store programs that
must be accessed immediately by the central processing unit is

a. Primary storage.
b. Secondary storage.
c. Tertiary storage.
d. Tape storage.
(a) The requirement is to identify the type of computer
memory used to store programs that must be accessed immediately by the central processing unit. Answer (a) is correct because primary memory is quickly accessed and generally used to store programs that must be accessed immediately.
The most common output device is a(n)

a. Mouse.
b. Printer.
c. Expert system.
d. Keyboard.
(b) The requirement is to identify the most common
output device. Answer (b) is correct because a printer is a
common output device and because the other replies represent input, not output devices.
The part of the computer that does most of the data
processing is referred to as the

a. Analyzer.
b. Compiler.
c. CPU.
d. Printer.
Answer (c) is correct because the CPU, the central processing unit, does
the primary processing for a computer
An "office suite" of software is least likely to include a(n)

a. Database.
b. Operating system.
c. Spreadsheet.
d. Word processing.
Answer (b), operating systems, (e.g., Windows, Linux, Unix) is not ordinarily included in an office suite.
Software that performs a variety of general technical
computer-controlling operations is a(n)

a. Integrated "suite."
b. Shareware.
c. Database.
d. Operating system.
Answer (d) is correct because an operating system controls the execution of computer programs and may provide various services. Answer (a) is incorrect because an integrated "suite" (e.g., Microsoft Office) is a series of applications such as a word processor, database, and spreadsheet
Which of the following is not a part of the central
processing unit?

a. Control unit.
b. Arithmetic unit.
c. Logic unit.
d. Printer unit.
Answer (d) is correct because the printer is a separate output device.
MIPS stands for

a. Memory in protocol standards.
b. Millions of instructions per second.
c. Mitigating individualistic personnel standards.
d. Multiple input physical savings.
The requirement is to identify the meaning of MIPS.
Answer (b) is correct because MIPS is an abbreviation for
millions of instructions per second, a unit for measuring the execution speed of computers
Which of the following represents a type of application software that a large client is most likely to use?

a. Enterprise resource planning.
b. Operating system.
c. Central processing unit.
d. Value-added network.
Answer (a) is correct because enterprise resource planning
(ERP) software is a form of applications software that
provides relatively complete information systems for large and medium size organizations
Which of the following characteristics distinguishes
computer processing from manual processing?

a. Computer processing virtually eliminates the
occurrence of computational error normally associated
with manual processing.
b. Errors or fraud in computer processing will be
detected soon after their occurrences.
c. The potential for systematic error is ordinarily
greater in manual processing than in computerized
processing.
d. Most computer systems are designed so that
transaction trails useful for audit purposes do not
exist.
Answer (a) is correct because the high degree of accuracy of
computer computation virtually eliminates the occurrence of computational errors
A general type of IT system that is designed to improve the productivity of daily office work is referred to as a(n)

a. Office automation system.
b. Transaction processing system.
c. Decision support system.
d. Executive information system.
Answer (a) is correct because
office automation systems include the software tools of daily work, including word processing programs, spreadsheets, email, and electronic calendars
The Systems Development Life Cycle (SDLC) is
the traditional methodology for developing information
systems. In which phase of the SDLC would the activity of identifying the problem(s) that need to be solved most likely occur?

a. Analysis.
b. Implementaion.
c. Planning.
d. Development.
Answer (c) is correct because planning is the first phase of the SDLC and this information is needed before most of the analysis phase activities can be initiated.

Answer (a) is incorrect because analysis phase activities are generally dependent on knowing exactly what problem(s) need to be solved before an effort is made to determine the
requirements of a new system
Samco Inc. is in the process of designing a new customer relations system. In which phase of the development
life-cycle would a needs assessment most likely be
performed?

a. Analysis.
b. Design.
c. Development.
d. Testing.
Answer (a) is correct because in the analysis phase the team attempts to get an understanding of the requirements of the system
Which of the following system implementation models
has the advantage of achieving a full operational test of the new system before it is implemented?

a. Parallel implementation.
b. Plunge implementation.
c. Pilot implementation.
d. Phased implementation.
Answer (a) is correct because
with parallel implementation both systems are operated until it is determined that the new system is operating properly
Supercomputers
Extremely powerful, high-speed computers used for extremely high-volume and/or complex processing needs.
Mainframe Computers
Large, powerful, high-speed computers. While less powerful than supercomputers, they have traditionally been used for high-volume transaction processing. Clusters of
lower cost, less powerful "servers" are increasingly taking over the processing chores of mainframe
computers.
Severs
High-powered microcomputers that "serve" applications and data to clients that are connected via a network (e.g., web servers, database servers). Servers typically have greater capacity (faster processors, more RAM, more storage capacity) than their clients (microcomputers) and often act as a central repository for organizational data
Virtual Machine
Servers today are often configured as a "virtual machine," meaning multiple operating systems can coexist and operate simultaneously on the same machine. Virtual machines are appealing because they lower hardware costs and they create energy savings
Microcomputers
Designed to be used by one person at a time, they are often called personal computers. Typically used for word processing, e-mail, spreadsheets, surfing the web, creating and editing graphics, playing music, and gaming
Central Processing Unit(CPU)
The principal hardware components of a computer. It contains an arithmetic/logic unit, primary memory, and a control unit. The major function of the CPU is to fetch
stored instructions and data, decode the instructions, and carry out the instructions.
Magnetic Tape
Slowest type of storage available because data is stored sequentially. Primarily
used for archiving purposes today
Magnetic Disks
The most common storage medium in use on computers today. Magnetic disks are also called "hard disks" or "hard disk drives" (HDD). Data can be accessed directly
RAID (Redundant array of independent [previously, inexpensive] disks)
A way of storing
the same data redundantly on multiple magnetic disks

a] When originally recorded, data is written to multiple disks to decrease the likelihood of loss of data.

b] If a disk fails, at least one of the other disks has the information and continues operation.
Solid State Drives (SSDs)
Use microchips to store data and require no moving parts for read/ write operations. SSDs are faster and more expensive per gigabyte than CDs, DVDs, and HDDs.
SSDs are increasingly being used in place of HDDs in microcomputers but cost and limited capacity have constrained their adoption as a primary storage device. SSDs are more commonly
used for auxiliary storage. SSDs that are "pluggable" are often called "thumb drives," "flash drives," or "USB drives" (because they use a USB interface to "plug" into other devices).
Peripheral equipment
All non-CPU hardware that may be placed under the control of the central processor. Classified as online or off-line, this equipment consists of input, storage,
output, and communication.
Controllers
Hardware units designed to operate specific input-output units
Buffer
A temporary storage unit used to hold data during computer operations
Turnaround documents
Documents that are sent to the customer and returned as inputs (e.g., utility bills)
Enterprise Resource Planning(ERP)
Designed as relatively complete information system
"suites" for large and medium size organizations (e.g., human resources, financial applications, manufacturing, distribution). Major vendors are well known—SAP, PeopleSoft, Oracle, and J.D.
Edwards.

a] Advantages of ERP systems—Integration of various portions of the information system, direct electronic communication with suppliers and customers, increased responsiveness to information requests for decision-making

b] Disadvantages of ERP systems—Complexity, costs, integration with supplier and customer systems may be more difficult than anticipated
Object Program
The converted source program that was changed using a compiler to create a set of machine readable instructions that the CPU understands
Source Program
A program written in a language from which statements are translated into
machine language; computer programming has developed in "generations
Desk checking
Review of a program by the programmer for errors before the program is run and
debugged on the computer
Online transaction processing (OLTP)
1] Databases that support day-to-day operations

2] Examples: airline reservations systems, bank automatic teller systems, and Internet website
sales systems
Online analytical processing (OLAP)
A category of software technology that enables the user to query the system (retrieve data), and conduct an analysis, etc., ordinarily while the user is at a PC. The result is generated in seconds.
OLAP systems are primarily used for analytical analysis.

2] Uses statistical and graphical tools that provide users with various (often multidimensional) views of their data, and allows them to analyze the data in detail.

3] These techniques are used as decision support systems (computer-based information systems that combine models and data in an attempt to solve relatively unstructured problems with extensive user involvement).
Data Mining
Using sophisticated techniques from statistics, artificial intelligence and
computer graphics to explain, confirm and explore relationships among data (which is often stored in a data warehouse or data mart)
Business Intelligence
A combination of systems that help aggregate, access, and
analyze business data and assist in the business decision-making process.
Artificial Intelligence
Computer software designed to help humans make decisions. AI may be viewed as an attempt to model aspects of human thought on computers. AI ordinarily
deals with decisions that may be made using a relatively structured approach. It frequently involves using a computer to quickly solve a problem that a human could ultimately solve through extremely detailed analysis.
Expert System
One form of AI. A computerized information system that guides decision
processes within a well-defined area and allows decisions comparable to those of an expert. Expert knowledge is modeled into a mathematical system
Centralized
(a) Processing occurs at one location.

(b) Historically, this is the model used in which a mainframe computer processes data submitted to it
through terminals.

(c) Today, centralized vs. decentralized processing is often a matter of degree—how much is processed by a centralized computer vs. how much by decentralized computers.
Decentralized
(a) Processing (and data) are stored on computers at multiple locations.

(b) Ordinarily the computers involved are not interconnected by a network, so users at various sites cannot share data.

(c) May be viewed as a collection of independent databases, rather than a single database.

(d) End-user computing (Section C.4. below) is relatively decentralized.
Distributed
(a) Transactions for a single database are processed at various sites.

(b) Processing may be on either a batch or online real-time basis.

(c) An overall single database is ordinarily updated for these transactions and available at the various sites.
Bit
A binary digit (0 or 1) which is the smallest storage unit in a computer.
Byte
A group of adjacent bits (usually 8) that is treated as a single unit, or character, by the computer. Printable alphanumeric characters (e.g., A-Z, a-z, 0-9); special characters (e.g., $, %, !, @, etc.) and unprintable control codes
Field
A group of related characters (e.g., a social security number).
Record
An ordered set of logically related fields. For example, all payroll data (including the social security number field and others) relating to a single employee.
File
a group of related records (e.g., all the weekly pay records year-to-date), which is usually arranged
in sequence.
Table
A group of related records in a relational database with a unique identifier (primary key field) in each record.
Database
A group of related files or a group of related tables (if a relational database).
Traditional File Processing System
These systems focus upon data processing needs of individual departments. Each application program or system is developed to meet the needs of the particular
requesting department or user group. For accounting purposes these systems are often similar to traditional accounting systems, with files set up for operations such as purchasing, sales, cash receipts, cash disbursements, etc.
Advantages of Traditional Processing Systems
1] Currently operational for many existing (legacy) systems

2] Often cost effective for simple applications
Disadvantages of Traditional Processing Systems
1] Data files are dependent upon a particular application program.

2] In complex business situations there is much duplication of data between data files.

3] Each application must be developed individually.

4] Program maintenance is expensive.

5] Data may be isolated and difficult to share between functional areas.
Database System
Computer hardware and software that enables the database(s) to be implemented.
Database Management System
Software that provides a facility for communications between various applications programs (e.g., a payroll preparation program) and the database (e.g., a payroll master file containing the earnings records of the employees).
Data Independence
Basic to database systems is this concept which separates the data from the related application programs.
Data Modeling
Identifying and organizing a database's data, both logically and physically. A data model determines what information is to be contained in a database, how the information
will be used, and how the items in the database will be related to each other
Entity-Relationship Modeling
An approach to data modeling. The model (called the
entity-relationship diagram, or ERD) divides the database in two logical parts—entities
(e.g. "customer," "product") and relations ("buys," "pays for").
REA Data Model
data model designed for use in designing accounting information databases. REA is an acronym for the model's basic types of objects:

Resources— objects that have economic value,

Events—An organization's business activities,

Agents—People or organizations about which data is collected
Meta Data
Definitional data that provides information about or documentation of other
data managed within an application or environment. For example, data about data elements, records and data structures (length, fields, columns, etc.).
Hierarchical Structure
The data elements at one level "own" the data elements at the next lower level (think of an organization chart in which one manager supervises several assistants, who in turn
each supervise several lower level employees).
Networked Structure
Each data element can have several owners and can own several other elements
(think of a matrix-type structure in which various relationships can be supported.
Relational Structure
A database with the logical structure of a group of related spreadsheets. Each row
represents a record, which is an accumulation of all the fields related to the same identifier or key; each column represents a field common to all of the records.
Object-Relational Structure
Includes both relational and object-oriented features.
Distributed Structure
A single database that is spread physically across computers in multiple locations that are connected by a data communications link
Which computer application is most frequently used on
mainframe computers?

a. Databases.
b. Graphics.
c. Spreadsheets.
d. Word processing.
Answer (a) is correct because
with parallel implementation both systems are operated until it is determined that the new system is operating properly.
Which computer application is most frequently used to
analyze numbers and financial information?

a. Computer graphics programs.
b. WAN applications.
c. Spreadsheets.
d. Word processing programs.
Answer (c) is correct because the purpose of a spreadsheet is generally to process numbers and financial information; for example, spreadsheets are often
used to perform "what if" analysis which makes various
assumptions with respect to a particular situation
Analysis of data in a database using tools which look for trends or anomalies without knowledge in advance of the meaning of the data is referred to as

a. Artificial intelligence.
b. Data mining.
c. Virtual reality.
d. Transitory analysis.
Answer (b) is correct because data mining uses tools which
look for trends or anomalies without such advance knowledge
The most common type of primary storage in a computer is referred to as

a. CMAN.
b. RAM.
c. ROM.
d. Flash memory.
Answer (b) is correct
because RAM (Random Access Memory) is the most common computer memory which can be used by programs to perform
necessary tasks; RAM allows information to be stored or
accessed in any order and all storage locations are equally
accessible
A set of step-by-step procedures used to accomplish a
task is a(n)

a. Algorithm.
b. Compilation master.
c. Linux.
d. Transistor.
Answer (a) is correct because an algorithm uses a step-by-step approach to accomplish a task.
Which of the following compiles a complete translation of a program in a high-level computer language before the program is run for the first time?

a. Visual Basic.
b. Java.
c. Algorithm.
d. Compiler.
Answer (d) is correct because a compiler decodes
instructions written in a higher order language and produces an assembly language program.
GUI is the abbreviation for

a. Grandfather, Uncle, Individual.
b. Graphical User Interface.
c. Graphics Utilization Institutes.
d. Grand Union Internet.
Answer (b), graphical user interface, is correct.
Unix is a(n)

a. Operating system.
b. Singular disk drive.
c. Central processing unit.
d. Logic unit.
Answer (a) is correct because Unix is a powerful operating
system, originally developed by AT&T Bell Labs, that is used by many users of high-end computing hardware
In a spreadsheet, each specific cell may be identified by a
specific

a. Address.
b. Column.
c. Row.
d. Diagonal.
Answer (a) is correct
because each cell has an address, composed of a combination of its column and row in the spreadsheet.
In a spreadsheet, which of the following is correct
concerning rows and columns?
Rows Columns
a. Numbered Numbered
b. Numbered Lettered
c. Lettered Numbered
d. Lettered Lettered
Answer (b) is correct because rows are numbered and
columns are lettered
Which of the following is least likely to be considered an
advantage of a database?

a. Easy to store large quantities of information.
b. Easy to retrieve information quickly.
c. Easy to organize and reorganize information.
d. Easy to distribute information to every possible user.
Answer (d) is correct because a database itself does not make it easy to distribute information to every possible user—information must still be distributed either electronically or physically.
Most current computers process data using which of the following formats?

a. Analog.
b. Digital.
c. Memory enhanced.
d. Organic.
Answer (b) is correct because most current computers process data using a digital approach in that they represent information
by numerical (binary) digits.
Which term below describes the technology that allows
multiple operating systems to run simultaneously on a single
computer?

a. Client.
b. Mainframe.
c. Linux.
d. Virtualization.
Answer (d) is correct
because virtualization software allows a single computer to run multiple operating systems simultaneously.
What type of secondary storage device requires no
moving parts for read/write operations?

a. Magnetic tape.
b. Compact discs.
c. Solid State drives.
d. RAID.
Answer (c) is correct because solid state devices store data on microchips and not a medium that must move to write or read data.
Another term for cloud-based storage is

a. RAID.
b. Solid state storage.
c. Analog.
d. Storage-as-a-Service.
Answer (d) is correct because Storage-as-a-Service is another term for cloud-based storage
The wireless input device that is used for inventory control and similar to bar-codes technology but does not
require line-of sight access is

a. MICR.
b. RFID.
c. Touch screen.
d. Point-of-sale recorders.
Answer (b) is the correct answer as Radio Frequency Identification (RFID) tags do not need to be seen by RFID readers to work.
The 2nd generation programming language that is
generally specific to a computer architecture (i.e., it is not portable) is

a. Binary.
b. Assembly language.
c. COBOL.
d. C++.
Answer (b) is correct as it is the only 2nd generation language listed.
The online analytical processing term that represents a combination of systems that help aggregate, access, and analyze business data and assist in the business decision making process is

a. Artificial intelligence.
b. Data mart.
c. Decision support system.
d. Business intelligence.
Answer (d) is correct as business intelligence is the combination of systems that help aggregate, access, and analyze business data.
What is the hierarchy of data organization, from smallest
to largest unit, for a relational database?

a. Bit, byte, field, record, table, database.
b. Byte, bit, record, field, table, database.
c. Byte, bit, table, field, record, database.
d. Database, table, field, record, byte, bit.
A
A current day instruction to a computer such as "Extract
all Customers where 'Name' is Smith" would most likely
relate to a

a. First generation programming language.
b. Fourth generation programming language.
c. Seventh generation programming language.
d. Ninth generation programming language.
Answer (b) is correct because fourth generation programs
ordinarily include instructions relatively close to human
languages—such as the instruction in this question.
Several language interfaces exist in a database
management system. These typically include a data
definition language (DDL), a data control language (DCL),
a data manipulation language (DML), and a database query
language (DQL). What language interface would a database administrator use to establish the structure of database tables?

a. DDL.
b. DCL.
c. DML.
d. DQL.
Answer (a) correct because DDL is used to define (i.e., determine) the
database.
Users making database queries often need to combine
several tables to get the information they want. One approach to combining tables is known as

a. Joining.
b. Merging.
c. Projecting.
d. Pointing.
Answer (a) is correct because joining is the combining of one or more tables based on matching criteria. For example, if a supplier table contains information about suppliers and a parts table contains information about parts, the two tables could be joined on supplier number (assuming both tables contained this attribute) to give information about the supplier of particular parts.
User acceptance testing is more important in an object oriented development process than in a traditional environment because of the implications of the

a. Absence of traditional design documents.
b. Lack of a tracking system for changes.
c. Potential for continuous monitoring.
d. Inheritance of properties in hierarchies.
Answer (d) is correct because user acceptance testing is more important in object-oriented development because of the fact that all objects in a class inherit the properties of the hierarchy, which means that changes to one object may affect other objects, which increases the importance of user acceptance
testing to verify correct functioning of the whole system.
A company's management has expressed concern over
the varied system architectures that the organization uses. Potential security and control concerns would include all of the following except:

a. Users may have different user ID codes and passwords
to remember for the several systems that they use.

b. There are difficulties in developing uniform security
standards for the various platforms.

c. Backup file storage administration is often
decentralized.

d. Having data distributed across many computers
throughout the organization increases the risk that
a single disaster would destroy large portions of the
organization's data.
Answer (d) is correct because the distribution of data
actually decreases this risk so this would not cause a control
concern; it is a potential advantage to distributed systems of various architectures versus centralized data in a single
mainframe computer.
All of the following are methods for distributing a
relational database across multiple servers except:

a. Snapshot (making a copy of the database for
distribution).

b. Replication (creating and maintaining replica copies at
multiple locations).

c. Normalization (separating the database into logical
tables for easier user processing).

d. Fragmentation (separating the database into parts and
distributing where they are needed).
Answer (c) is correct because normalization is a process of database design, not distribution
Client/server architecture may potentially involve a
variety of hardware, systems software, and application
software from many vendors. The best way to protect a client/ server system from unauthorized access is through

a. A combination of application and general access
control techniques.
b. Use of a commercially available authentication
system.
c. Encryption of all network traffic.
d. Thorough testing and evaluation of remote procedure calls.
Answer (a) is correct because since there is no perfect solution, this is the best way.
What technology is needed in order to convert a paper
document into a computer file?

a. Optical character recognition.
b. Electronic data interchange.
c. Bar-coding scanning.
d. Joining and merging.
Answer (a) is correct because optical character recognition (OCR) software converts images of paper documents, as read by a scanning device, into text document computer files.
Unauthorized alteration of online records can be
prevented by employing

a. Key verification.
b. Computer sequence checks.
c. Computer matching.
d. Database access controls.
Answer (d) is correct because users can gain access to
databases from terminals only through established recognition and authorization procedures, thus unauthorized access is prevented.
A manufacturer of complex electronic equipment such as
oscilloscopes and microscopes has been shipping its products
with thick paper manuals but wants to reduce the cost of
producing and shipping this documentation. Of the following, the best medium for the manufacturer to use to accomplish this is

a. Write-once-read-many.
b. Digital audio tape.
c. Compact disc/read-only memory.
d. Computer-output-to-microform.
Answer (c) is correct since a compact disc/read-only memory (CD-ROM) would be cheaper to produce and ship than the existing paper, yet would permit large volumes of text and images to be reproduced
Misstatements in a batch computer system caused by
incorrect programs or data may not be detected immediately because

a. Errors in some transactions may cause rejection of
other transactions in the batch.
b. The identification of errors in input data typically is
not part of the program.
c. There are time delays in processing transactions in a
batch system.
d. The processing of transactions in a batch system is not uniform.
Answer (c) is correct because batch programs are run periodically and thereby result in delays in processing;
accordingly, detection of misstatements may be delayed.
Which of the following is not a characteristic of a batch
processed computer system?

a. The collection of like transactions which are
sorted and processed sequentially against a master file.
b. Keypunching of transactions, followed by machine processing.
c. The production of numerous printouts.
d. The posting of a transaction, as it occurs, to several files, without intermediate printouts.
D
Able Co. uses an online sales order processing system
to process its sales transactions. Able's sales data are electronically sorted and subjected to edit checks. A direct output of the edit checks most likely would be a

a. Report of all missing sales invoices.
b. File of all rejected sales transactions.
c. Printout of all user code numbers and passwords.
d. List of all voided shipping documents.
Answer (b) is correct because an edit check will ordinarily
create an output file of rejected transactions.
First Federal S & L has an online real-time system, with
terminals installed in all of its branches. This system will not
accept a customer's cash withdrawal instructions in excess of $1,000 without the use of a "terminal audit key." After the transaction is authorized by a supervisor, the bank teller then processes the transaction with the audit key. This control can strengthened by

a. Online recording of the transaction on an audit
override sheet.
b. Increasing the dollar amount to $1,500.
c. Requiring manual, rather than online, recording of all
such transactions.
d. Using parallel simulation.
Answer (a) is correct because documentation of all situations
in which the "terminal audit key" has been used will improve the audit trail.
Mill Co. uses a batch processing method to process its sales transactions. Data on Mill's sales transaction tape are electronically sorted by customer number and are subjected to programmed edit checks in preparing its invoices, sales journals, and updated customer account balances. One of the direct outputs of the creation of this tape most likely would be a

a. Report showing exceptions and control totals.
b. Printout of the updated inventory records.
c. Report showing overdue accounts receivable.
d. Printout of the sales price master file.
Answer (a) is correct because the program will output both exceptions and control totals to determine whether all transactions have been processed properly
Where disk files are used, the grandfather-father-son
updating backup concept is relatively difficult to implement because the

a. Location of information points on disks is an
extremely time-consuming task.
b. Magnetic fields and other environmental factors cause
off-site storage to be impractical.
c. Information must be dumped in the form of hard copy if it is to be reviewed before used in updating.
d. Process of updating old records is destructive.
Answer (d) is correct because updating destroys the old records
In a computerized system, procedure or problem-oriented language is converted to machine language through a(n)

a. Interpreter.
b. Verifier.
c. Compiler.
d. Converter.
The requirement is to determine the item which
converts problem-oriented language to machine language. A compiler produces a machine-language object program from a source-program (i.e., problem oriented) language
What type of computer system is characterized by data that is assembled from more than one location and records that are updated immediately?

a. Microcomputer system.
b. Minicomputer system.
c. Batch processing system.
d. Online real-time system.
Answer (d) is correct
because online real-time systems typically allow access from multiple locations, and always have the immediate update of records.
Which of the following characteristics distinguishes
electronic data interchange (EDI) from other forms of
electronic commerce?

a. EDI transactions are formatted using the standards
that are uniform worldwide.
b. EDI transactions need not comply with generally accepted accounting principles.
c. EDI transactions ordinarily are processed without the
Internet.
d. EDI transactions are usually recorded without security and privacy concerns.
Answer (a) is correct because
EDI transactions are ordinarily formatted using one of the available uniform worldwide sets of standards.
Personal Area Network(PAN)
A computer network that is centered around an individual and the personal communication devices he/she uses. PANs can be associated with both wireless and wired communication devices (e.g., the Bluetooth devices we use with our mobile phones for driving; the USB devices that we connect to our computers).
Local Area Network(LAN)
Privately owned networks within a single building or campus of up to a few miles in size. Because this topic has been emphasized in AICPA materials, it is discussed further later in this module.
Metropolitan Area Network
A larger version of a LAN. For example, it might include a group of nearby offices within a city.
Wide Area Network(WAN)
Networks that span a large geographical area, often a country or continent. It is composed of a collection of computers and other hardware and software for running user programs
Web 2.0
blogs, wiki, twitter, RSS feeds
Intranet
A local network, usually limited to an organization, that uses internet-based technology to communicate within the organization
Extranet
Similar to an intranet, but includes an organization's external customers and/or suppliers in the network.
Overall Client-Server Systems
A networked computing model (usually a LAN) in which database software on a server performs database commands sent to it from client computers
File Servers
manages file operations and is shared by each of the client PCs (ordinarily attached to a LAN). The 3 responsibilities (input/output, processing, and storage) are divided in a manner in which most input/output, and processing occurs on client computers rather than on the server. The file server acts simply as a shared data storage device, with all data manipulations performed by client PCs
Database Server
Similar to file servers, but the server here contains the database management
system and thus performs more of the processing.
Three-Tier Architectures
The change from
the above systems is that this architecture includes another server layer in addition to the two tiers discussed above. For example, application programs (e.g., a transaction processing monitor that
controls the input of transactions to the database) may reside on the additional server rather than on the individual clients. This system of adding additional servers may generalize to additional tiers and thus become n-tier architecture i.e. print server, communications server, fax server, web server
Distributed Systems
These systems connect all company locations to form a distributed network in
which each location has its own input/output, processing, and storage capabilities. These local computers also pass data among themselves and possibly to a server (often referred to as a "host" in this context) for further processing. An illustration of this type of system is presented in the database section of this outline.
End-User Computing(EUC)
The end user is responsible for the development and execution of the computer
application that generates the information used by that same end user
Risks of EUC
(1) End-user applications are not always adequately tested before implemented.
(2) More client personnel need to understand control concepts.
(3) Management often does not review the results of applications appropriately.
(4) Old or existing applications may not be updated for current applicability and accuracy
Risks of Electronic Commerce IT Systems
(1) security,
(2) availability,
(3) processing integrity,
(4) online privacy, and
(5) confidentiality
Algorithm
A detailed sequence of actions to perform to accomplish some task (in this case to
encrypt and/or decode data).
Private Key System
An encryption system in which both the sender and receiver have access to
the electronic key, but do not allow others access. The primary disadvantage is that both parties must have the key.
System Overhead
rate of processing slowed down due to encryption/decryption etc
Electronic Data Interchange(EDI)
electronic exchange of business transactions, in a standard format, from one entity's computer to another entity's computer through an electronic communications network.
Point-to-Point
A direct computer-to-computer private network link. Automakers and government have traditionally used this method.
Advantages of Point-to-Point
a] No reliance on third parties for computer processing.

b] Organization controls who has access to the network.

c] Organization can enforce proprietary (its own) software standard in dealings with all trading partners.

d] Timeliness of delivery may be improved since no third party is involved.
Disadvantage of Point-to-Point
a] Must establish connection with each trading partner

b] High initial cost

c] Computer scheduling issues

d] Need for common protocols between partners

e] Need for hardware and software compatibility
Value-Added Network(VAN)
a privately owned network that routes the EDI transactions between trading
partners and in many cases provides translation, storage, and other processing. It is designed and maintained by an independent company that offers specialized support to improve the transmission effectiveness of a network. It alleviates problems related to interorganizational
communication that results from the use of differing hardware and software
Advantages of VAN
a] Reduces communication and data protocol problems since VANs can deal with differing protocols (eliminating need for trading partners to agree on them).

b] Partners do not have to establish the numerous point-to-point connections.

c] Reduces scheduling problems since receiver can request delivery of transactions when it wishes.

d] In some cases, VAN translates application to a standard format the partner does not have to reformat.

e] VAN can provide increased security.
Disadvantages of VAN
a] Cost of VAN

b] Dependence upon VAN's systems and controls

c] Possible loss of data confidentiality
Advantages of Public Network
a] Avoids cost of proprietary lines

b] Avoids cost of VAN

c] Directly communicates transactions to trading partners

d] Software is being developed which allows communication between differing systems.
Disadvantages of Public Network
a] Possible loss of data confidentiality on the Internet

b] Computer or transmission disruption

c] Hackers and viruses

d] Attempted electronic frauds
Proprietary Network
In some circumstances (e.g., health care, banking) organizations have developed their own network for their own transactions. These systems are costly to develop and operate (because of proprietary lines), although they are often extremely reliable.
Benefits of EDI
1] Quick response and access to information
2] Cost efficiency
3] Reduced paperwork
4] Accuracy and reduced errors and error-correction costs
5] Better communications and customer service
6] Necessary to remain competitive
Exposures of EDI
1] Total dependence upon computer system for operation
2] Possible loss of confidentiality of sensitive information
3] Increased opportunity for unauthorized transactions and fraud
4] Concentration of control among a few people involved in EDI
5] Reliance on third parties (trading partners, VAN)
6] Data processing, application and communications errors
7] Potential legal liability due to errors
8] Potential loss of audit trails and information needed by management due to limited retention policies
9] Reliance on trading partner's system
Telecommunications Enables:
(1) Electronic data interchange
(2) Electronic funds transfer
(3) Point of sale systems
(4) Commercial databases
(5) Airline reservation systems
Telecommunication Controls
(1) System integrity at remote sites
(2) Data entry
(3) Central computer security
(4) Dial-in security
(5) Transmission accuracy and completeness
(6) Physical security over telecommunications facilities
A computer that is designed to provide software and other
applications to other computers is referred to as a

a. Microcomputer.
b. Network computer.
c. Server.
d. Supercomputer.
Answer (c) is correct because a server provides other computers ("clients") with access to files and printers as shared resources to a computer network.
Which is least likely to be considered a component of a
computer network?

a. Applications programs.
b. Computers.
c. Software.
d. Routers.
Answer (a) is least likely because application program is a program that gives a computer instructions that provide the user with
tools to accomplish a specific task (e.g., a word processing
application).
The network most frequently used for private operations
designed to link computers within widely separated portions of an organization is referred to as a(n)

a. Bulletin board service.
b. Local area network.
c. Wide area network.
d. Zero base network.
Answer (c) is correct because a wide area network is used to
span a wide geographical space to link together portions of an organization.
A set of rules for exchanging data between two computers is a

a. Communicator.
b. Operating system.
c. Protocol.
d. Transmission speed.
Answer (c) is correct because a protocol is such a set of rules.
A web page is most frequently created using

a. Java or C++.
b. Visual Basic.
c. SQL.
d. HTML or XML.
Answer (d) is correct
because HTML (hypertext markup language) or XML
(extensible markup language) are used to develop hypertext
documents such as webpages.
Laptop computers provide automation outside of
the normal office location. Which of the following would
provide the least security for sensitive data stored on a laptop computer?

a. Encryption of data files on the laptop computer.
b. Setting up a password for the screensaver program on
the laptop computer.
c. Using a laptop computer with a removable hard disk
drive.
d. Using a locking device that can secure the laptop
computer to an immovable object.
Answer (b) is correct because password protection for a screensaver program can be easily bypassed
When developing a new computer system that will handle customer orders and process customer payments, a high-level systems design phase would include determination of which of
the following?

a. How the new system will affect current inventory and
general ledger systems.
b. How the file layouts will be structured for the
customer order records.
c. Whether to purchase a turn-key system or modify an
existing system.
d. Whether formal approval by top management is
needed for the new system.
Answer (c) is correct because
the determination of what type of system to obtain is made during the high-level design phase.
A company using EDI made it a practice to track the
functional acknowledgments from trading partners and to
issue warning messages if acknowledgments did not occur within a reasonable length of time. What risk was the company attempting to address by this practice?

a. Transactions that have not originated from a legitimate
trading partner may be inserted into the EDI network.

b. Transmission of EDI transactions to trading partners may sometimes fail.

c. There may be disagreement between the parties as to whether the EDI transactions form a legal contract.

d. EDI data may not be accurately and completely
processed by the EDI software.
Answer (b) is correct because tracking of customers'
functional acknowledgments, when required, will help to
ensure successful transmission of EDI transactions
Management is concerned that data uploaded from a
microcomputer to the company's mainframe system in batch processing may be erroneous. Which of the following controls would best address this issue?

a. The mainframe computer should be backed up on a
regular basis.
b. Two persons should be present at the microcomputer
when it is uploading data.
c. The mainframe computer should subject the data to
the same edits and validation routines that online data
entry would require.
d. The users should be required to review a random
sample of processed data.
Answer (c) is correct because this could help prevent data errors.
One major category of computer viruses is programs that attach themselves to other programs, thus infecting the other programs. While many of these viruses are relatively harmless, some have the potential to cause significant damage.

Which of the following is an indication that a computer
virus of this category is present?

a. Frequent power surges that harm computer equipment.
b. Unexplainable losses of or changes to data.
c. Inadequate backup, recovery, and contingency plans.
d. Numerous copyright violations due to unauthorized
use of purchased software.
Answer (b) is correct because unexplainable losses of or changes to data files are symptomatic of a virus attack.
One major category of computer viruses is programs that attach themselves to other programs, thus infecting the other programs. While many of these viruses are relatively harmless, some have the potential to cause significant damage.

Which of the following operating procedures increases an organization's exposure to computer viruses?

a. Encryption of data files.
b. Frequent backup of files.
c. Downloading public-domain software from electronic
bulletin boards.
d. Installing original copies of purchased software on
hard disk drives.
Answer (c) is correct because there is a risk that downloaded public-domain software may be contaminated with a virus.
Which of the following is a risk that is higher when an
electronic funds transfer (EFT) system is used?

a. Improper change control procedures.
b. Unauthorized access and activity.
c. Insufficient online edit checks.
d. Inadequate backups and disaster recovery procedures.
Answer (b) is correct because
unauthorized access is a risk which is higher in an EFT
environment.
The use of message encryption software

a. Guarantees the secrecy of data.
b. Requires manual distribution of keys.
c. Increases system overhead.
d. Reduces the need for periodic password changes.
Answer (c) is correct because the machine instructions necessary to encrypt and decrypt data constitute system overhead, which
means that processing may be slowed down.
A company's management is concerned about PC data eavesdropping and wants to maintain the confidentiality of its information as it is transmitted. The company should utilize

a. Data encryption.
b. Dial-back systems.
c. Message acknowledgement procedures.
d. Password codes.
Answer (a) is correct because data encryption prevents eavesdropping by using codes to ensure that data transmissions are protected from unauthorized tampering or electronic eavesdropping
Which of the following is likely to be a benefit of
electronic data interchange (EDI)?

a. Increased transmission speed of actual documents.
b. Improved business relationships with trading
partners.
c. Decreased liability related to protection of proprietary
business data.
d. Decreased requirements for backup and contingency
planning.
Answer (b) is correct because improved business relationships with trading partners is a benefit of EDI
The internal auditor is reviewing a new policy on
electronic mail. Appropriate elements of such a policy would include all of the following except:

a. Erasing all employee's electronic mail immediately
upon employment termination.
b. Encrypting electronic mail messages when transmitted
over phone lines.
c. Limiting the number of electronic mail packages
adopted by the organization.
d. Directing that personnel do not send highly sensitive
or confidential messages using electronic mail.
Answer (a) is correct because the company should have access to the business related
e-mail that is left behind. Access to e-mail can also be
critical in business or possible criminal investigations. The
privacy concerns of the individual case must be mitigated by compelling business interests: the need to follow up on business e-mail and to assist in investigations.
Which of the following risks is most likely to be encountered in an end-user computing (EUC) environment as
compared to a mainframe computer system?

a. Inability to afford adequate uninterruptible power
supply systems.
b. User input screens without a graphical user interface
(GUI).
c. Applications that are difficult to integrate with other information systems.
d. Lack of adequate utility programs.
Answer (c) is correct because this risk is considered unique to end-user computing (EUC) system development.
Which of the following risks is not greater in an electronic funds transfer (EFT) environment than in a manual
system using paper transactions?

a. Unauthorized access and activity.
b. Duplicate transaction processing.
c. Higher cost per transaction.
d. Inadequate backup and recovery capabilities.
Answer (c) is correct because
per transaction costs are lower with electronic funds transfer
Methods to minimize the installation of unlicensed
microcomputer software include all of the following except:

a. Employee awareness programs.
b. Regular audits for unlicensed software.
c. Regular monitoring of network access and start-up
scripts.
d. An organizational policy that includes software
licensing requirements.
Answer (c) is correct because this technique will not affect introduction of unlicensed software
In traditional information systems, computer operators are generally responsible for backing up software and data files on a regular basis. In distributed or cooperative systems, ensuring that adequate backups are taken is the responsibility of

a. User management.
b. Systems programmers.
c. Data entry clerks.
d. Tape librarians.
Answer (a) is correct because in distributed or cooperative systems, the responsibility for
ensuring that adequate backups are taken is the responsibility of user management because the systems are under the
control of users.
An auditor is least likely to find that a client's data is
input through

a. Magnetic tape reader.
b. Dynamic linking character reader.
c. Point-of-sale recorders.
d. Touch sensitive screens.
Answer (b) is correct because
the term "dynamic linking character reader" is a combination of terms that has no real meaning. The other three terms all represent methods of data input.
End-user computing is an example of which of the following?

a. Client/server processing.
b. A distributed system.
c. Data mining.
d. Decentralized processing.
Answer (d) is correct because
end-user computing involves individual users performing
the development and execution of computer applications in a decentralized manner.
End-user computing is most likely to occur on which of
the following types of computers?

a. Mainframe.
b. Minicomputers.
c. Personal computers.
d. Personal reference assistants.
Answer (c) is correct because end-user computing involves individual users performing the development and execution of computer
applications in a decentralized manner and these individuals
are most likely to be using personal computers.
Which of the following statements is correct regarding the Internet as a commercially viable network?

a. Organizations must use firewalls if they wish to
maintain security over internal data.
b. Companies must apply to the Internet to gain
permission to create a homepage to engage in
electronic commerce.
c. Companies that wish to engage in electronic
commerce on the Internet must meet required security
standards established by the coalition of Internet
providers.
d. All of the above.
Answer (a) is correct because companies that wish to maintain adequate security must use firewalls to protect data from being accessed by unauthorized users
To reduce security exposure when transmitting proprietary data over communication lines, a company should use

a. Asynchronous modems.
b. Authentic techniques.
c. Call-back procedures.
d. Cryptographic devices.
Answer (d) is correct
because cryptographic devices protect data in transmission
over communication lines.
Securing client/server systems is a complex task because of all of the following factors except:

a. The use of relational databases.
b. The number of access points.
c. Concurrent operation of multiple user sessions.
d. Widespread data access and update capabilities.
Answer (a) is correct because client/server implementation
does not necessarily use relational databases
Which of the following would an auditor ordinarily
consider the greatest risk regarding an entity's use of electronic data interchange (EDI)?

a. Authorization of EDI transactions.
b. Duplication of EDI transmissions.
c. Improper distribution of EDI transactions.
d. Elimination of paper documents.
Answer (c) is correct
because an EDI system must include controls to make certain that EDI transactions are processed by the proper entity, using the proper accounts.
Which of the following characteristics distinguish
electronic data interchange (EDI) from other forms of
electronic commerce?

a. The cost of sending EDI transactions using a value-added network (VAN) is less than the cost of using the
Internet.
b. Software maintenance contracts are unnecessary
because translation software for EDI transactions need
not be updated.
c. EDI commerce is ordinarily conducted without
establishing legally binding contracts between trading
partners.
d. EDI transactions are formatted using strict standards that have been agreed to worldwide.
Answer (d) is correct
because standards for EDI transactions, within any one group of trading partners, have been agreed upon so as to allow the system to function efficiently.
Which of the following is considered a component of a
local area network?

a. Program flowchart.
b. Loop verification.
c. Transmission media.
d. Input routine.
Answer (c) is correct because a local area network requires that data be transmitted from one computer to another through some form of transmission media.
Which of the following represents an additional cost
of transmitting business transactions by means of electronic data interchange (EDI) rather than in a traditional paper
environment?

a. Redundant data checks are needed to verify that
individual EDI transactions are not recorded twice.
b. Internal audit work is needed because the potential for random data entry errors is increased.
c. Translation software is needed to convert transactions from the entity's internal format to a standard EDI format.
d. More supervisory personnel are needed because the amount of data entry is greater in an EDI system.
Answer (c) is correct because such transactions must be translated to allow transmission. Answer (a) is
incorrect because no particular controls are required for redundant data checks under EDI as compared to a traditional
paper environment.
Many entities use the Internet as a network to transmit electronic data interchange (EDI) transactions. An advantage
of using the Internet for electronic commerce rather than a traditional value-added network (VAN) is that the Internet

a. Permits EDI transactions to be sent to trading partners
as transactions occur.
b. Automatically batches EDI transactions to multiple
trading partners.
c. Possesses superior characteristics regarding disaster recovery.
d. Converts EDI transactions to a standard format
without translation software.
Answer (a) is correct because such simultaneous processing of transactions is more likely under an Internet system in which lines are often available at a fixed or nearly fixed rate.
Which of the following is not considered an exposure
involved with electronic data interchange (EDI) systems as
compared to other systems?

a. Increased reliance upon computer systems.
b. Delayed transaction processing time.
c. Possible loss of confidentiality of information.
d. Increased reliance upon third parties.
Answer (b) is correct because
EDI ordinarily decreases transaction processing time; it
does not delay transaction processing time
Which of the following statements is correct concerning internal control when a client is using an electronic data interchange system for its sales?

a. Controls should be established over determining that all suppliers are included in the system.
b. Encryption controls may help to assure that messages
are unreadable to unauthorized persons.
c. A value-added-network (VAN) must be used to assure
proper control.
d. Attention must be paid to both the electronic and
"paper" versions of transactions.
Answer (b) is correct because encryption controls are designed to assure that messages are unreadable to unauthorized persons and
to thereby control the transactions.
Which of the following statements most likely represents a disadvantage for an entity that keeps microcomputer prepared
data files rather than manually prepared files?

a. Random error associated with processing similar
transactions in different ways is usually greater.
b. It is usually more difficult to compare recorded
accountability with physical count of assets.
c. Attention is focused on the accuracy of the
programming process rather than errors in individual
transactions.
d. It is usually easier for unauthorized persons to access and alter the files.
Answer (d) is correct because persons with computer skills may be able to improperly access and alter microcomputer files. When a system is prepared manually
such manipulations may be more obvious
Which of the following is usually a benefit of transmitting transactions in an electronic data interchange (EDI) environment?

a. A compressed business cycle with lower year-end
receivables balances.
b. A reduced need to test computer controls related to
sales and collections transactions.
c. An increased opportunity to apply statistical sampling
techniques to account balances.
d. No need to rely on third-party service providers to
ensure security.
Answer (a) is correct because the speed at which transactions can occur and be processed electronically
results in lower year-end receivables since payments occur so quickly.
Which of the following is a network node that is used
to improve network traffic and to set up as a boundary that prevents traffic from one segment to cross over to another?

a. Router.
b. Gateway.
c. Firewall.
d. Heuristic.
Answer (c) is correct because a firewall is a computer that
provides a defense between one network (inside the firewall) and another network (outside the firewall) that could pose a threat to the inside network
Which of the following is an example of how specific
controls in a database environment may differ from controls in a nondatabase environment?

a. Controls should exist to ensure that users have access
to and can update only the data elements that they
have been authorized to access.
b. Controls over data sharing by diverse users within an
entity should be the same for every user.
c. The employee who manages the computer hardware should also develop and debug the computer
programs.
d. Controls can provide assurance that all processed
transactions are authorized, but cannot verify that all
authorized transactions are processed.
Answer (a) is correct because a primary control within a database environment is to appropriately control access and updating by the many users; in most nondatabase environments there are
ordinarily far fewer users who are able to directly access and
update data
A retail entity uses electronic data interchange (EDI) in
executing and recording most of its purchase transactions.
The entity's auditor recognized that the documentation of the
transactions will be retained for only a short period of time. To compensate for this limitation, the auditor most likely would

a. Increase the sample of EDI transactions to be selected
for cutoff tests.
b. Perform tests several times during the year, rather than
only at year-end.
c. Plan to make a 100% count of the entity's inventory at
or near the year-end.
d. Decrease the assessed level of control risk for the
existence or occurrence assertion.
Answer (b) is correct because performing tests throughout
the year will allow the auditor to examine transaction
documentation before the transactions are destroyed
Which of the following is an encryption feature that
can be used to authenticate the originator of a document and ensure that the message is intact and has not been tampered with?

a. Heuristic terminal.
b. Perimeter switch.
c. Default settings.
d. Digital signatures.
Answer (d) is correct because digital signatures are used in electronic commerce to authenticate the originator
and to ensure that the message has not been tampered with
In building an electronic data interchange (EDI) system,
what process is used to determine which elements in the entity's computer system correspond to the standard data elements?

a. Mapping.
b. Translation.
c. Encryption.
d. Decoding.
Answer (a) is correct because mapping, or "data mapping," is the processes of selecting the appropriate data fields from the various application databases and passing them to the EDI translation software
Which of the following passwords would be most difficult to crack?

a. OrCa!FlSi
b. language
c. 12 HOUSE 24
d. pass56word
Answer (a) is correct because OrCA!FlSi does not seem like a password that one would guess or even recall if seen briefly.
Which of the following is a password security problem?

a. Users are assigned passwords when accounts are
created, but do not change them.
b. Users have accounts on several systems with different
passwords.
c. Users copy their passwords on note paper, which is
kept in their wallets.
d. Users select passwords that are not listed in any
online dictionary.
Answer (a) is correct
because individuals have a tendency to not change passwords, and over time, others may be able to identify them.
Many of the Web 2.0 applications rely on an XML-based application that facilitates the sharing and syndication of web content, by subscription, Which of the applications below represents this XML application?

a. Wiki.
b. Blog.
c. RSS/Atom Feeds.
d. Twitter.
Answer (c) is correct because RSS feeds (and Atom feeds) are XML applications that are designed specifically for sharing and syndication of web content. The acronym RSS refers to Really Simple Syndication. (Atom feeds are similar to RSS feeds).
Control Objectives for Information & Related Technology (COBIT)
a. Meeting stakeholder needs.
b. Covering the enterprise end-to-end.
c. Applying a single integrated framework.
d. Enabling a holistic approach.
e. Separating governance from management.
System Development Lifecycle
(1) Software concept—identify the need for the new system.
(2) Requirements analysis—determine the needs of the users.
(3) Architectural design—determining the hardware, software, people, etc. needed.
(4) Coding and debugging—acquiring and testing the software.
(5) System testing—testing and evaluating the functionality of the system.
Systems Analysis
The systems analyst analyzes the present user environment and requirements and may:

(1) recommend specific changes,
(2) recommend the purchase of a newsystem, or
(3) design a new information system.

The analyst is in constant contact with user departments and programming staff to ensure the users' actual and ongoing needs are being met. A system flowchart is a tool used by the analyst to define the systems requirements.
Systems Programming
The systems programmer is responsible for implementing, modifying, and debugging the software necessary for making the hardware work (such as the operating system, telecommunications monitor, and the database management system). For some companies the term "software engineer" is viewed as similar or identical to that of systems programmer
Applications Programming
The applications programmer is responsible for writing, testing, and debugging the application programs from the specifications (whether general or specific) provided by the systems analyst.
Database Administration
responsible for maintaining the database and restricting access to the database to authorized personnel
Computer General Control Activities
control program development,
program changes, computer operations, and access to programs and data.
These control activities increase the assurance that programmed control
activities operate effectively during the period
Program Control Activities
relate to specific computer
applications and are embedded in the computer program used in the financial reporting system.
Manual Follow-Up of Computer Exception Reports
involves employee follow-up of items listed on computer exception reports. The effectiveness of application control activities that involve manual follow-up of computer reports depends on the effectiveness of both the programmed control activities that produce the exception report and the manual follow-up activities.
User Control Activities to Test the Completeness and Accuracy of Computer Processed Transactions
represent manual checks of computer output against source document or other input, and thus provide assurance that programmed aspects of the accounting system and control activities
have operated effectively
General Control Activities
(a) developing new programs and systems,
(b) changing existing programs and systems,
(c) controlling access
to programs and data, and
(d) controlling computer operations
Segregation Controls
(a) User departments participate in systems design.
(b) Both users and information systems personnel test new systems.
(c) Management, users, and information systems personnel approve new systems before they are
placed into operation.
(d) All master and transaction file conversions should be controlled to prevent unauthorized changes and to verify the accuracy of the results.
(e) Programs and systems should be properly documented (see Section F).
Check Digit
An extra digit added to an identification number to detect certain types of data
transmission errors.
Control, batch, or proof total
A total of one numerical field for all the records of a batch that normally would be added, (e.g., total sales dollars)
Hash Total
A control total where the total is meaningless for financial purposes (e.g., a
mathematical sum of employee social security numbers).
Limit (reasonableness) test
A test of the reasonableness of a field of data, given a predetermined upper and/or lower limit (e.g., for a field that indicates auditing exam scores, a limit check would
test for scores over 100).
Menu Driven Input
As input is entered, the operator responds to a menu prompting the proper
response (e.g., What score did you get on the Auditing part of the CPA Exam [75-100]?).
Field Check
A control that limits the types of characters accepted into a specific data field (e.g., a
pay rate should include only numerical data).
Validity Check
A control that allows only "valid" transactions or data to be entered into the system (e.g., a field indicating sex of an individual where 1 = female and 2 = male—if the field is
coded in any other manner it would not be accepted).
Grandfather-father-son Method
A master file (e.g., accounts receivable) is updated with the day's transaction files (e.g., files of cash receipts and
credit sales). After the update, the new file master file is the son. The file from which the father was developed with the transaction files of the appropriate day is the grandfather. The grandfather and son files are stored in different locations. If the son were destroyed, for example, it could be reconstructed by rerunning the father file and the related transaction files
Which of the following is not one of the five principles of
COBIT 5?

a. Meeting stakeholder needs.
b. Business processes.
c. Covering the enterprise end-to-end.
d. Applying a single integrated framework.
Answer B
The Control Objectives for Information and Related
Technology (COBIT) framework has been established by:

a. The American Institute of Certified Public
Accountants.
b. The Information Technology Institute.
c. The Information Systems Audit and Control Association.
d. The Committee of Sponsoring Organizations.
Answer C
Which of the following procedures would an entity most likely include in its computer disaster recovery plan?

a. Develop an auxiliary power supply to provide uninterrupted electricity.
b. Store duplicate copies of critical files in a location
away from the computer center.
c. Maintain a listing of entity passwords with the network manager.
d. Translate data for storage purposes with a cryptographic secret code.
Answer (b) is correct because duplicate copies of critical files
will allow an entity to reconstruct the data whose original files have been lost or damaged.
A company is concerned that a power outage or disaster could impair the computer hardware's ability to function as designed. The company desires off-site backup
hardware facilities that are fully configured and ready to
operate within several hours. The company most likely
should consider a

a. Cold site.
b. Cool site.
c. Warm site.
d. Hot site.
Answer (d) is correct because a hot site is a site that is already configured to meet
a user's requirements.
Which of the following procedures would an entity most likely include in its disaster recovery plan?

a. Convert all data from EDI format to an internal company format.
b. Maintain a Trojan horse program to prevent illicit
activity.
c. Develop an auxiliary power supply to provide
uninterrupted electricity.
d. Store duplicate copies of files in a location away from
the computer center.
Answer (d) is correct because storing duplicate copies of files
in a different location will allow recovery of contaminated original files
Almost all commercially marketed software is
Copyrighted Copy protected
a. Yes Yes
b. Yes No
c. No Yes
d. No No
Answer (b) is correct because while almost all such software is copyrighted, much of it is not copy protected.
A widely used disaster recovery approach includes

a. Encryption.
b. Firewalls.
c. Regular backups.
d. Surge protectors.
Answer C
A "hot site" is most frequently associated with

a. Disaster recovery.
b. Online relational database design.
c. Source programs.
d. Temperature control for computer.
Answer A
Output controls ensure that the results of computer
processing are accurate, complete, and properly distributed. Which of the following is not a typical output control?

a. Reviewing the computer processing logs to determine
that all of the correct computer jobs executed
properly.
b. Matching input data with information on master files
and placing unmatched items in a suspense file.
c. Periodically reconciling output reports to make sure
that totals, formats, and critical details are correct and
agree with input.
d. Maintaining formal procedures and documentation
specifying authorized recipients of output reports,
checks, or other critical documents.
Answer (b) is correct because
matching the input data with information held on master or
suspense files is a processing control, not an output control,
to ensure that data are complete and accurate during updating.
Minimizing the likelihood of unauthorized editing of
production programs, job control language, and operating system software can best be accomplished by

a. Database access reviews.
b. Compliance reviews.
c. Good change-control procedures.
d. Effective network security software.
Answer (c) is correct because program change control comprises:

(1) maintaining records of
change authorizations, code changes, and test results;
(2) adhering to a systems development methodology (including documentation;
(3) authorizing changeovers of subsidiary and headquarters' interfaces; and
(4) restricting access to authorized source and executable codes.
Some companies have replaced mainframe computers with microcomputers and networks because the smaller
computers could do the same work at less cost. Assuming that management of a company decided to launch a downsizing project, what should be done with respect to mainframe applications such as the general ledger system?

a. Plan for rapid conversion of all mainframe applications to run on a microcomputer
network.
b. Consider the general ledger system as an initial candidate for conversion.
c. Defer any modification of the general ledger system
until it is clearly inadequate.
d. Integrate downsized applications with stable
mainframe applications.
Answer (d) is correct
because mainframe applications represent a significant investment and may still provide adequate service. The fact that mainframes can provide a stable platform for enterprise
applications may be an advantage while exploring other nonmainframe options.
A corporation receives the majority of its revenue
from top-secret military contracts with the government. Which of the following would be of greatest concern to an auditor reviewing a policy about selling the company's used
microcomputers to outside parties?

a. Whether deleted files on the hard disk drive have been
completely erased.
b. Whether the computer has viruses.
c. Whether all software on the computer is properly
licensed.
d. Whether the computer has terminal emulation
software on it.
Answer A
A manufacturer is considering using bar-code identification for recording information on parts used by the manufacturer. A reason to use bar codes rather than other
means of identification is to ensure that

a. The movement of all parts is recorded.
b. The movement of parts is easily and quickly recorded.
c. Vendors use the same part numbers.
d. Vendors use the same identification methods.
Answer B
A company often revises its production processes. The
changes may entail revisions to processing programs. Ensuring that changes have a minimal impact on processing and result in minimal risk to the system is a function of

a. Security administration.
b. Change control.
c. Problem tracking.
d. Problem-escalation procedures.
Answer (b) is correct because change control is the process of authorizing, developing, testing, and installing coded changes so as to minimize the impact on processing and the risk to the system.
Pirated software obtained through the Internet may lead to civil lawsuits or criminal prosecution. Of the following, which would reduce an organization's risk in this area?

I. Maintain a log of all software purchases.
II. Audit individual computers to identify software on the
computers.
III. Establish a corporate software policy.
IV. Provide original software diskettes to each user.

a. I and IV only.
b. I, II, and III only.
c. II and IV only.
d. II and III only.
Answer B
Good planning will help an organization restore
computer operations after a processing outage. Good recovery planning should ensure that

a. Backup/restart procedures have been built into job
streams and programs.
b. Change control procedures cannot be bypassed by
operating personnel.
c. Planned changes in equipment capacities are
compatible with projected workloads.
d. Service level agreements with owners of applications
are documented.
Answer A
In a large organization, the biggest risk in not having an
adequately staffed information center help desk is

a. Increased difficulty in performing application audits.
b. Inadequate documentation for application systems.
c. Increased likelihood of use of unauthorized program
code.
d. Persistent errors in user interaction with systems.
Answer D
To properly control access to accounting database files,
the database administrator should ensure that database system features are in place to permit

a. Read-only access to the database files.
b. Updating from privileged utilities.
c. Access only to authorized logical views.
d. User updates of their access profiles.
Answer C
When evaluating internal control of an entity that
processes sales transactions on the Internet, an auditor would be most concerned about the

a. Lack of sales invoice documents as an audit trail.
b. Potential for computer disruptions in recording sales.
c. Inability to establish an integrated test facility.
d. Frequency of archiving and data retention.
Answer B
Which of the following statements is correct concerning internal control in an electronic data interchange (EDI) system?

a. Preventive controls generally are more important than detective controls in EDI systems.
b. Control objectives for EDI systems generally are
different from the objectives for other information
systems.
c. Internal controls in EDI systems rarely permit control
risk to be assessed at below the maximum.
d. Internal controls related to the segregation of duties
generally are the most important controls in EDI systems.
Answer A
Which of the following statements is correct concerning the security of messages in an electronic data interchange (EDI) system?

a. When the confidentiality of data is the primary risk,
message authentication is the preferred control rather
than encryption.
b. Encryption performed by physically secure hardware
devices is more secure than encryption performed by
software.
c. Message authentication in EDI systems performs
the same function as segregation of duties in other
information systems.
d. Security at the transaction phase in EDI systems is not
necessary because problems at that level will usually
be identified by the service provider.
Answer B
Which of the following is an essential element of the
audit trail in an electronic data interchange (EDI) system?

a. Disaster recovery plans that ensure proper backup of
files.
b. Encrypted hash totals that authenticate messages.
c. Activity logs that indicate failed transactions.
d. Hardware security modules that store sensitive
data.
Answer C
Which of the following are essential elements of the
audit trail in an electronic data interchange (EDI) system?

a. Network and sender/recipient acknowledgments.
b. Message directories and header segments.
c. Contingency and disaster recovery plans.
d. Trading partner security and mailbox codes.
Answer A
To avoid invalid data input, a bank added an extra number at the end of each account number and subjected the
new number to an algorithm. This technique is known as

a. Optical character recognition.
b. A check digit.
c. A dependency check.
d. A format check.
Answer B
Preventing someone with sufficient technical skill from
circumventing security procedures and making changes to production programs is best accomplished by

a. Reviewing reports of jobs completed.
b. Comparing production programs with independently
controlled copies.
c. Running test data periodically.
d. Providing suitable segregation of duties.
Answer D
Computer program libraries can best be kept secure by

a. Installing a logging system for program access.
b. Monitoring physical access to program library
media.
c. Restricting physical and logical access.
d. Denying access from remote terminals.
C
Which of the following security controls would best
prevent unauthorized access to sensitive data through
an unattended data terminal directly connected to a
mainframe?

a. Use of a screen saver with a password.
b. Use of workstation scripts.
c. Encryption of data files.
d. Automatic log-off of inactive users.
D
An entity has the following invoices in a batch:
Invoice # Product Quantity Unit price
201 F10 150 $5.00
202 G15 200 $10.00
203 H20 250 $25.00
204 K35 300 $30.00
Which of the following most likely represents a hash total?

a. FGHK80
b. 4
c. 204
d. 810
D
A customer intended to order 100 units of product Z96014, but incorrectly ordered nonexistent product Z96015.
Which of the following controls most likely would detect this error?

a. Check digit verification.
b. Record count.
c. Hash total.
d. Redundant data check.
A
In entering the billing address for a new client in Emil
Company's computerized database, a clerk erroneously entered a nonexistent zip code. As a result, the first month's bill mailed to the new client was returned to Emil Company. Which one of the following would most likely have led to discovery of the
error at the time of entry into Emil Company's computerized database?

a. Limit test.
b. Validity test.
c. Parity test.
d. Record count test.
B
Which of the following controls is a processing control designed to ensure the reliability and accuracy of data processing?

Limit test Validity check test
a. Yes Yes
b. No No
c. No Yes
d. Yes No
A
Which of the following activities would most likely be
performed in the information systems department?

a. Initiation of changes to master records.
b. Conversion of information to machine-readable form.
c. Correction of transactional errors.
d. Initiation of changes to existing applications.
B
The use of a header label in conjunction with magnetic
tape is most likely to prevent errors by the

a. Computer operator.
b. Keypunch operator.
c. Computer programmer.
d. Maintenance technician.
A - header label and magnetic tape is used by Computer operator, programmer just writes programs
For the accounting system of Acme Company, the amounts of cash disbursements entered into a terminal are
transmitted to the computer that immediately transmits the amounts back to the terminal for display on the terminal screen. This display enables the operator to

a. Establish the validity of the account number.
b. Verify the amount was entered accurately.
c. Verify the authorization of the disbursement.
d. Prevent the overpayment of the account.
B
When computer programs or files can be accessed from
terminals, users should be required to enter a(n)

a. Parity check.
b. Personal identification code
c. Self-diagnosis test.
d. Echo check.
B
The possibility of erasing a large amount of information
stored on magnetic tape most likely would be reduced by the use of
a. File protection rings.
b. Check digits.
c. Completeness tests.
d. Conversion verification.
A
Which of the following controls most likely would
assure that an entity can reconstruct its financial records?

a. Hardware controls are built into the computer by the
computer manufacturer.
b. Backup diskettes or tapes of files are stored away from
originals.
c. Personnel who are independent of data input perform parallel simulations.
d. System flowcharts provide accurate descriptions of
input and output operations.
B
Which of the following input controls is a numeric value
computed to provide assurance that the original value has not been altered in construction or transmission?

a. Hash total.
b. Parity check.
c. Encryption.
d. Check digit.
D
Which of the following is an example of a validity
check?

a. The computer ensures that a numerical amount in a
record does not exceed some predetermined
amount.
b. As the computer corrects errors and data are
successfully resubmitted to the system, the causes of
the errors are printed out.
c. The computer flags any transmission for which the
control field value did not match that of an existing
file record.
d. After data for a transaction are entered, the computer
sends certain data back to the terminal for comparison
with data originally sent.
C
Which of the following is a computer test made to
ascertain whether a given characteristic belongs to the group?

a. Parity check.
b. Validity check.
c. Echo check.
d. Limit check.
B
A control feature in an electronic data processing system
requires the central processing unit (CPU) to send signals to
the printer to activate the print mechanism for each character.
The print mechanism, just prior to printing, sends a signal back
to the CPU verifying that the proper print position has been
activated. This type of hardware control is referred to as

a. Echo control.
b. Validity control.
c. Signal control.
d. Check digit control.
A
Which of the following is an example of a check digit?

a. An agreement of the total number of employees to the
total number of checks printed by the computer.
b. An algebraically determined number produced by the other digits of the employee number.
c. A logic test that ensures all employee numbers are
nine digits.
d. A limit check that an employee's hours do not exceed fifty hours per workweek.
B
Which of the following most likely represents a
significant deficiency in internal control?

a. The systems analyst reviews applications of
data processing and maintains systems
documentation.
b. The systems programmer designs systems for computerized applications and maintains output
controls.
c. The control clerk establishes control over data
received by the information systems department and
reconciles control totals after processing.
d. The accounts payable clerk prepares data for computer processing and enters the data into the computer.
Answer (b) is correct because the systems programmer should not maintain custody of output in a computerized system. At a minimum,
the programming, operating, and library functions should be segregated in such computer systems.
Internal control is ineffective when computer department
personnel

a. Participate in computer software acquisition decisions.
b. Design documentation for computerized systems.
c. Originate changes in master files.
d. Provide physical security for program files.
C
Which of the following activities most likely would
detect whether payroll data were altered during processing?

a. Monitor authorized distribution of data control
sheets.
b. Use test data to verify the performance of edit routines.
c. Examine source documents for approval by supervisors.
d. Segregate duties between approval of hardware and
software specifications.
Answer (b) is correct because test data may be used to provide evidence on whether edit routines (routines to check the validity and accuracy of input data) are operating and have not been altered.
An auditor's flowchart of a client's accounting system is
a diagrammatic representation that depicts the auditor's

a. Assessment of control risk.
b. Identification of weaknesses in the system.
c. Assessment of the control environment's effectiveness.
d. Understanding of the system.
D
A well-prepared flowchart should make it easier for the
auditor to

a. Prepare audit procedure manuals.
b. Prepare detailed job descriptions.
c. Trace the origin and disposition of documents.
d. Assess the degree of accuracy of financial data.
C
Square with squiggly bottom
physical document
Trapezoid
Human/Manual Operation
Rectangle
Computer process input into useful information
Diamond
Decision
Cylinder
Harddisk Storage
Half Cylinder
Online Storage
Rhombus
Input/Output of a process
Upside Down Triangle
file or mailing of document
Circle
on page connector
Home base
off page connector
YOU MIGHT ALSO LIKE...