Question 1

Tests of controls include

Accepted Answer

A)  confirming accounts receivable 
B)  counting inventory 
C)  completing questionnaires 
D)  counting cash 
A)  confirming accounts receivable 
B)  counting inventory 
C)  completing questionnaires 
D)  counting cash

Question 2

What primary IT functions must be separated in a centralized firm?

Accepted Answer

separate systems development f

Question 3

Computer fraud can take on many forms, including each of the following except

Accepted Answer

A)  theft or illegal use of computer-readable information 
B)  theft, misuse, or misappropriation of computer equipment 
C)  theft, misuse, or misappropriation of assets by altering computer-readable records and files 
D)  theft, misuse, or misappropriation of printer supplies 
A)  theft or illegal use of computer-readable information 
B)  theft, misuse, or misappropriation of computer equipment 
C)  theft, misuse, or misappropriation of assets by altering computer-readable records and files 
D)  theft, misuse, or misappropriation of printer supplies

Question 4

The most common access point for perpetrating computer fraud is at the data collection stage.

Accepted Answer

A) True 
 B)False

Question 5

Application controls apply to a wide range of exposures that threaten the integrity of all programs processed within the computer environment.

Accepted Answer

A) True 
 B)False

Question 6

The database administrator should be separated from systems development.

Accepted Answer

A) True 
 B)False

Question 7

What are commodity IT assets?

Accepted Answer

Commodity IT assets are not unique to a

Question 8

Discuss the key features of Section 302 of the Sarbanes-Oxley Act.

Accepted Answer

Section 302 requires corporate managemen

Question 9

List three pairs of system functions that should be separated in the centralized computer services organization. Describe a risk exposure if the functions are not separated.
Functions to Separate
Risk Exposure
__________________________
__________________________
__________________________
__________________________
__________________________
__________________________

Accepted Answer

separate systems development from data p

Question 10

Name three forms of computer fraud.

Accepted Answer

Computer fraud includes:
The theft, misu

Question 11

For most companies, which of the following is the least critical application for disaster recovery purposes?

Accepted Answer

A)  month-end adjustments 
B)  accounts receivable 
C)  accounts payable 
D)  order entry/billing 
A)  month-end adjustments 
B)  accounts receivable 
C)  accounts payable 
D)  order entry/billing

Question 12

Prior to SOX, external auditors were required to be familiar with the client organization's internal controls, but not test them. Explain.

Accepted Answer

Auditors had the option of not relying o

Question 13

The same internal control objectives apply to manual and computer-based information systems.

Accepted Answer

A) True 
 B)False

Question 14

Which organizational structure is most likely to result in good documentation procedures?

Accepted Answer

A)  separate systems development from systems maintenance 
B)  separate systems analysis from application programming 
C)  separate systems development from data processing 
D)  separate database administrator from data processing 
A)  separate systems development from systems maintenance 
B)  separate systems analysis from application programming 
C)  separate systems development from data processing 
D)  separate database administrator from data processing

Question 15

Which of the following is not true?

Accepted Answer

A)  Management may outsource their organizations' IT functions, but they cannot outsource their management responsibilities for internal control. 
B)  Section 404 requires the explicit testing of outsourced controls. 
C)  The SAS 70 report, which is prepared by the outsourcer's auditor, attests to the adequacy of the vendor's internal controls. 
D)  Auditors issue two types of SAS 70 reports: SAS 70 Type I report and SAS 70 Type II report. 
A)  Management may outsource their organizations' IT functions, but they cannot outsource their management responsibilities for internal control. 
B)  Section 404 requires the explicit testing of outsourced controls. 
C)  The SAS 70 report, which is prepared by the outsourcer's auditor, attests to the adequacy of the vendor's internal controls. 
D)  Auditors issue two types of SAS 70 reports: SAS 70 Type I report and SAS 70 Type II report.

Question 16

What is program fraud?

Accepted Answer

Program fraud involves making

Question 17

Briefly explain how a SSAE 16 report is used in assessing internal controls of outsourced facilities.

Accepted Answer

The internal controls over the outsource

Question 18

The PCAOB's standard No. 5 specifically requires auditors to understand transaction flows in designing their test of controls. What steps does this entail?

Accepted Answer

This involves:
1. Selecting the financia

Question 19

All of the following are recommended features of a fire protection system for a computer center except

Accepted Answer

A)  clearly marked exits 
B)  an elaborate water sprinkler system 
C)  manual fire extinguishers in strategic locations 
D)  automatic and manual alarms in strategic locations 
A)  clearly marked exits 
B)  an elaborate water sprinkler system 
C)  manual fire extinguishers in strategic locations 
D)  automatic and manual alarms in strategic locations

Question 20

Explain how IT outsourcing can lead to loss of strategic advantage.

Accepted Answer

Alignment between IT strategy and busine

Tests of controls include

What primary IT functions must be separated in a centralized firm?

Computer fraud can take on many forms, including each of the following except

The most common access point for perpetrating computer fraud is at the data collection stage.

Application controls apply to a wide range of exposures that threaten the integrity of all programs processed within the computer environment.

The database administrator should be separated from systems development.

What are commodity IT assets?

Discuss the key features of Section 302 of the Sarbanes-Oxley Act.

List three pairs of system functions that should be separated in the centralized computer services organization. Describe a risk exposure if the functions are not separated. Functions to Separate Risk Exposure

Name three forms of computer fraud.

For most companies, which of the following is the least critical application for disaster recovery purposes?

Prior to SOX, external auditors were required to be familiar with the client organization's internal controls, but not test them. Explain.

The same internal control objectives apply to manual and computer-based information systems.

Which organizational structure is most likely to result in good documentation procedures?

Which of the following is not true?

What is program fraud?

Briefly explain how a SSAE 16 report is used in assessing internal controls of outsourced facilities.

The PCAOB's standard No. 5 specifically requires auditors to understand transaction flows in designing their test of controls. What steps does this entail?

All of the following are recommended features of a fire protection system for a computer center except

Explain how IT outsourcing can lead to loss of strategic advantage.

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting, and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls Part II: Security and Access

IT Controls Part III: Systems Development, Program Changes, and Application Controls

Filters

Exam 15: IT Controls Part I: Sarbanes-Oxley and It Governance

Tests of controls include

What primary IT functions must be separated in a centralized firm?

Computer fraud can take on many forms, including each of the following except

The most common access point for perpetrating computer fraud is at the data collection stage.

Application controls apply to a wide range of exposures that threaten the integrity of all programs processed within the computer environment.

The database administrator should be separated from systems development.

What are commodity IT assets?

Discuss the key features of Section 302 of the Sarbanes-Oxley Act.

Name three forms of computer fraud.

For most companies, which of the following is the least critical application for disaster recovery purposes?

Prior to SOX, external auditors were required to be familiar with the client organization's internal controls, but not test them. Explain.

The same internal control objectives apply to manual and computer-based information systems.

Which organizational structure is most likely to result in good documentation procedures?

Which of the following is not true?

What is program fraud?

Briefly explain how a SSAE 16 report is used in assessing internal controls of outsourced facilities.

The PCAOB's standard No. 5 specifically requires auditors to understand transaction flows in designing their test of controls. What steps does this entail?

All of the following are recommended features of a fire protection system for a computer center except

Explain how IT outsourcing can lead to loss of strategic advantage.

The Information System: an Accountants Perspective

Introduction to Transaction Processing

Ethics, Fraud, and Internal Control

The Revenue Cycle

The Expenditure Cycle Part I: Purchases and Cash Disbursements Procedures

The Expenditure Cycle Part II: Payroll Processing and Fixed Asset Procedures

The Conversion Cycle

Financial Reporting, and Management Reporting Systems

Database Management Systems

The Rea Approach to Business Process Modeling

Enterprise Resource Planning Systems

Electronic Commerce Systems

Managing the Systems Development Life Cycle

Construct, Deliver, and Maintain Systems Projects

IT Controls Part II: Security and Access

IT Controls Part III: Systems Development, Program Changes, and Application Controls

Filters