Question 1

What is a recovery operations center? What is its purpose?

Accepted Answer

A recovery operations center (ROC)or hot

Question 2

An advantage of a recovery operations center is that

Accepted Answer

A)  this is an inexpensive solution 
B)  the initial recovery period is very quick 
C)  the company has sole control over the administration of the center 
D)  none of the above are advantages of the recovery operations center 
A)  this is an inexpensive solution 
B)  the initial recovery period is very quick 
C)  the company has sole control over the administration of the center 
D)  none of the above are advantages of the recovery operations center

Question 3

Inherent risk

Accepted Answer

A)  exists because all control structures are flawed in some ways. 
B)  is the likelihood that material misstatements exist in the financial statements of the firm. 
C)  is associated with the unique characteristics of the business or industry of the client. 
D)  is the likelihood that the auditor will not find material misstatements. 
A)  exists because all control structures are flawed in some ways. 
B)  is the likelihood that material misstatements exist in the financial statements of the firm. 
C)  is associated with the unique characteristics of the business or industry of the client. 
D)  is the likelihood that the auditor will not find material misstatements.

Question 4

List three pairs of system functions that should be separated in the centralized computer services organization.Describe a risk exposure if the functions are not separated.

Accepted Answer

separate systems development from data p

Question 5

When planning the audit,information is gathered by all of the following methods except

Accepted Answer

A)  completing questionnaires 
B)  interviewing management 
C)  observing activities 
D)  confirming accounts receivable 
A)  completing questionnaires 
B)  interviewing management 
C)  observing activities 
D)  confirming accounts receivable

Question 6

Which of the following is not true?

Accepted Answer

A)  Management may outsource their organizations' IT functions, but they cannot outsource their management responsibilities for internal control. 
B)  section 404 requires the explicit testing of outsourced controls. 
C)  The SAS 70 report, which is prepared by the outsourcer's auditor, attests to the adequacy of the vendor's internal controls. 
D)  Auditors issue two types of SAS 70 reports: SAS 70 Type I report and SAS 70 Type II report. 
A)  Management may outsource their organizations' IT functions, but they cannot outsource their management responsibilities for internal control. 
B)  section 404 requires the explicit testing of outsourced controls. 
C)  The SAS 70 report, which is prepared by the outsourcer's auditor, attests to the adequacy of the vendor's internal controls. 
D)  Auditors issue two types of SAS 70 reports: SAS 70 Type I report and SAS 70 Type II report.

Question 7

Operations fraud includes

Accepted Answer

A)  altering program logic to cause the application to process data incorrectly 
B)  misusing the firm's computer resources 
C)  destroying or corrupting a program's logic using a computer virus 
D)  creating illegal programs that can access data files to alter, delete, or insert values 
A)  altering program logic to cause the application to process data incorrectly 
B)  misusing the firm's computer resources 
C)  destroying or corrupting a program's logic using a computer virus 
D)  creating illegal programs that can access data files to alter, delete, or insert values

Question 8

To ensure sound internal control,program coding and program processing should be separated.

Accepted Answer

A) True 
 B)False

Question 9

Define operational fraud.

Accepted Answer

Operations fraud is the misuse

Question 10

Briefly outline transaction cost economics as it relates to IT outsourcing.

Accepted Answer

Transaction cost economics theory is in

Question 11

Some companies separate systems analysis from programming/program maintenance.All of the following are control weaknesses that may occur with this organizational structure except

Accepted Answer

A)  systems documentation is inadequate because of pressures to begin coding a new program before documenting the current program 
B)  illegal lines of code are hidden among legitimate code and a fraud is covered up for a long period of time 
C)  a new systems analyst has difficulty in understanding the logic of the program 
D)  inadequate systems documentation is prepared because this provides a sense of job security to the programmer 
A)  systems documentation is inadequate because of pressures to begin coding a new program before documenting the current program 
B)  illegal lines of code are hidden among legitimate code and a fraud is covered up for a long period of time 
C)  a new systems analyst has difficulty in understanding the logic of the program 
D)  inadequate systems documentation is prepared because this provides a sense of job security to the programmer

Question 12

Both the SEC and the PCAOB require management to use the COSO framework for assessing internal control adequacy.

Accepted Answer

A) True 
 B)False

Question 13

Some systems professionals have unrestricted access to the organization's programs and data.

Accepted Answer

A) True 
 B)False

Question 14

Which of the following is not true?

Accepted Answer

A)  Large-scale IT outsourcing involves transferring specific assets to a vendor 
B)  Specific assets, while valuable to the client, are of little value to the vendor 
C)  Once an organization outsources its specific assets, it may not be able to return to its pre-outsource state. 
D)  Specific assets are of value to vendors because, once acquired, vendors can achieve economies of scale by employing them with other clients 
A)  Large-scale IT outsourcing involves transferring specific assets to a vendor 
B)  Specific assets, while valuable to the client, are of little value to the vendor 
C)  Once an organization outsources its specific assets, it may not be able to return to its pre-outsource state. 
D)  Specific assets are of value to vendors because, once acquired, vendors can achieve economies of scale by employing them with other clients

Question 15

COSO identifies two broad groupings of information system controls.What are they?

Accepted Answer

The answer of COSO identifies two broad groupings of information...

Question 16

Scavenging is a form of fraud in which the perpetrator uses a computer program to search for key terms in a database and then steal the data.

Accepted Answer

A) True 
 B)False

Question 17

In a computer-based information system,which of the following duties needs to be separated?

Accepted Answer

A)  program coding from program operations 
B)  program operations from program maintenance 
C)  program maintenance from program coding 
D)  all of the above duties should be separated 
A)  program coding from program operations 
B)  program operations from program maintenance 
C)  program maintenance from program coding 
D)  all of the above duties should be separated

Question 18

The distributed data processing approach carries some control implications of which accountants should be aware.Discuss two.

Accepted Answer

Incompatibility of hardware and software

Question 19

The PCAOB's standard No.2 specifically requires auditors to understand transaction flows in designing their test of controls.What steps does this entail?

Accepted Answer

This involves:
1.Selecting the financial

Question 20

Which organizational structure is most likely to result in good documentation procedures?

Accepted Answer

A)  separate systems development from systems maintenance 
B)  separate systems analysis from application programming 
C)  separate systems development from data processing 
D)  separate database administrator from data processing 
A)  separate systems development from systems maintenance 
B)  separate systems analysis from application programming 
C)  separate systems development from data processing 
D)  separate database administrator from data processing

What is a recovery operations center? What is its purpose?

An advantage of a recovery operations center is that

Inherent risk

List three pairs of system functions that should be separated in the centralized computer services organization.Describe a risk exposure if the functions are not separated.

When planning the audit,information is gathered by all of the following methods except

Which of the following is not true?

Operations fraud includes

To ensure sound internal control,program coding and program processing should be separated.

Define operational fraud.

Briefly outline transaction cost economics as it relates to IT outsourcing.

Some companies separate systems analysis from programming/program maintenance.All of the following are control weaknesses that may occur with this organizational structure except

Both the SEC and the PCAOB require management to use the COSO framework for assessing internal control adequacy.

Some systems professionals have unrestricted access to the organization's programs and data.

Which of the following is not true?

COSO identifies two broad groupings of information system controls.What are they?

Scavenging is a form of fraud in which the perpetrator uses a computer program to search for key terms in a database and then steal the data.

In a computer-based information system,which of the following duties needs to be separated?

The distributed data processing approach carries some control implications of which accountants should be aware.Discuss two.

The PCAOB's standard No.2 specifically requires auditors to understand transaction flows in designing their test of controls.What steps does this entail?

Which organizational structure is most likely to result in good documentation procedures?

The Information System: An Accountant’s Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

General Ledger, Financial Reporting, and Management Reporting Systems

Database Management Systems

The REA Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls : Security and Access

IT Controls : Systems Development Program Changes and Application Controls

Filters

Exam 15: IT Controls : Sarbanes-Oxley and IT Governance

What is a recovery operations center? What is its purpose?

An advantage of a recovery operations center is that

Inherent risk

List three pairs of system functions that should be separated in the centralized computer services organization.Describe a risk exposure if the functions are not separated.

When planning the audit,information is gathered by all of the following methods except

Which of the following is not true?

Operations fraud includes

To ensure sound internal control,program coding and program processing should be separated.

Define operational fraud.

Briefly outline transaction cost economics as it relates to IT outsourcing.

Some companies separate systems analysis from programming/program maintenance.All of the following are control weaknesses that may occur with this organizational structure except

Both the SEC and the PCAOB require management to use the COSO framework for assessing internal control adequacy.

Some systems professionals have unrestricted access to the organization's programs and data.

Which of the following is not true?

COSO identifies two broad groupings of information system controls.What are they?

Scavenging is a form of fraud in which the perpetrator uses a computer program to search for key terms in a database and then steal the data.

In a computer-based information system,which of the following duties needs to be separated?

The distributed data processing approach carries some control implications of which accountants should be aware.Discuss two.

The PCAOB's standard No.2 specifically requires auditors to understand transaction flows in designing their test of controls.What steps does this entail?

Which organizational structure is most likely to result in good documentation procedures?

The Information System: An Accountant’s Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

General Ledger, Financial Reporting, and Management Reporting Systems

Database Management Systems

The REA Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls : Security and Access

IT Controls : Systems Development Program Changes and Application Controls

Filters