Deck 7: Control Activities

A) Hardware controls that are built into the computer by the computer manufacturer.
B) Backup copies of data and program files that are stored away from originals.
C) Personnel, who are independent of data input, perform parallel simulations.
D) System flowcharts that provide accurate descriptions of input and output operations.

A) Oversight
B) Isolation
C) Redundancy
D) Accountability

A) Shipping
B) Sales order processing
C) Billing (sometimes called customer invoicing)
D) Cash receipts

A) All information processing activities
B) The flow of data in and among individual applications
C) The assignment and supervision of personnel
D) Accounting systems that use databases

A) To verify that the user is entitled to enter transaction data
B) To verify the identity of the user
C) To verify that the user can access data files
D) To verify that the transaction was authorized

A) Processing has been performed as intended without omission or double counting of transactions.
B) Only authorized persons have access to files.
C) Data have been correctly entered.
D) Coding of data internal to the computer did not change when the data were moved from one internal storage location to another.

A) A parity check
B) A personal identification code
C) A self-diagnosis test
D) An echo check

A) User authentication, encryption, firewall, automatic log off
B) Encryption, batch controls, directory and file attributes
C) User authentication, user rights, callback device, check digit
D) Segregation of duties, user authentication, automatic rollback

A) To create an audit trail for detecting access violations
B) To plan for access security
C) To encrypt data for high-level protection
D) To store user authentication codes

A) Operator action
B) Output
C) Processing
D) Input

A) Hardware malfunction
B) Input errors
C) Disruption to the processing activities as a result of natural disasters
D) Fraud

A) Smith
B) 123456789
C) tuttle236cog
D) ssssssssssss

A) Transactions will be recorded to permit preparation of financial statements.
B) All risks will be eliminated.
C) Access to assets will be permitted only in accordance with management's authorization.
D) The recorded accountability for assets will be compared with the existing assets at periodic intervals.

A) The design and implementation is performed in accordance with management's specific authorization.
B) Any and all changes in application programs have the authorization and approval of management.
C) Provisions exist to protect data files from unauthorized access, modification, or destruction.
D) Application developers test their own new or modified applications before the applications are implemented.

A) The segregation of authorization of transactions, custody of related assets, and modification or creation of related data and program files (or paper- based records).
B) The requirement that each employee take a vacation each year.
C) The establishment of an internal auditing department.
D) The bonding of personnel in positions that necessitate handling cash and negotiable securities.

A) Monitoring compliance with internal controls
B) Limiting direct access to assets by physical isolation and security devices
C) Establishing budgets or standards and identifying variances from these budgets or standards
D) Supporting employees with the resources necessary to discharge their responsibilities

A) Bonding of employees
B) Segregation of duties
C) Rotation of assignments
D) Enforced vacations

A) Weekly payroll totaling $10,000
B) Cash disbursement for $1,000
C) $2,000 write-down of obsolete inventory
D) $500 credit sale to a new customer

A) Approval of credit from issuance of sales orders
B) Shipment of goods and entry of shipping transaction data
C) Receipt of cash and maintenance of the cash account
D) All of the above are proper segregation of duties.

A) Receiving department and quality control personnel
B) Purchasing agent and quality control personnel
C) Employee who initiated the order and quality control personnel
D) Quality control personnel

A) Dual read check
B) Valid code check
C) Valid character check
D) Reasonableness test

A) Control total validation routines
B) Hash totals
C) Output controls
D) Input verification controls

A) Treasurer and upper management
B) Controller and upper management
C) Sales department and upper management
D) Credit department and upper management

A) Data verification control
B) Data capture control
C) Classification and identification control
D) Hash control

A) Private
B) Public
C) Digital
D) Both A and B

A) Sequence check
B) Record check
C) Self-checking digit
D) Field-length check

A) The system checks that a numerical amount in a field does not exceed some predetermined amount.
B) As the system corrects errors and data are successfully resubmitted, the causes of the errors are printed out.
C) The system returns an error message if the value entered in a field does not match one in a reference file of permissible values.
D) After transaction data are entered, certain data are sent back to the workstation for comparison with data originally sent.

A) A logic check
B) A combination check
C) A valid code check
D) A parity check

A) Treasurer
B) Originating department manager
C) Controller
D) Employee who initiates the order

A) The payroll department
B) The personnel department
C) An employee's immediate supervisor
D) The controller

A) Validation of transactions
B) Segregation of duties
C) Authorization of transactions
D) Processing of all transactions

A) The output quantity was stated in hexadecimal numbers.
B) The computer malfunctioned during execution.
C) The printer malfunctioned and the "R" should have been a decimal point.
D) The system did not contain a verification control for input data.

A) To ensure that all authorized transactions are processed once and only once
B) To ensure that as a batch transmittal ticket progresses through the various processing stages it is not altered
C) To verify the accuracy and completeness of programmed processing
D) To ensure that an initial computation is correct and has not been altered during processing

A) Anticipation of contents
B) Sequence check
C) Reasonableness test
D) Smartcard

A) Treasurer and upper management
B) Controller and upper management
C) Sales department and upper management
D) Credit department and upper management

A) Vendor account numbers
B) Dollar amounts of vendor invoices
C) Number of vendor invoices in batch
D) Number of inventory items purchased

A) Input control
B) Processing control
C) Output control
D) Access control

A) Check digit analysis
B) Control total analysis
C) Validity analysis
D) Hash total analysis

A) The cash disbursements clerk
B) The treasurer
C) The credit manager
D) The purchasing agent

A) A periodic analysis of the scrap sales and the repairs and maintenance accounts.
B) The segregation of duties between those authorized to dispose of equipment and those authorized to enter the disposition transaction.
C) The use of serial numbers to identify equipment that can be sold.
D) A periodic comparison of equipment removal work orders with the authorizing documentation.

A) The digital certificate is used for encryption.
B) The private key is used for decryption.
C) The public key is used for decryption.
D) The digital certificate is used for decryption.

A) Abuse is handled as an internal matter.
B) Hesitant disclosure of abuse due to embarrassment.
C) Documentation of abuses hasn't caught up with actual abuses.
D) Most computer crime is not caught and/or reported.

A) Hypothetical data are used to test programmed controls and logic.
B) The auditor uses another program to test actual data and compare them to the company's results.
C) Artificial data are used to test the accounting information system.
D) A module is inserted into the application to monitor and collect data.

A) Processing data in the wrong sequence.
B) Losing data between processing functions.
C) Assigning a valid code to the wrong customer.
D) Entering an invalid customer code.

A) Auditing around the computer.
B) Auditing with the computer.
C) Auditing through the computer.
D) B and C only.
E) All of the above. E

A) The corporate charter, policies, and bylaws of the corporation.
B) The issues surrounding IT management and security.
C) The entire organization's management of resources and risks.
D) All of these are included in IT governance.

A) Printout of all user IDs and passwords.
B) Report of all missing sales invoices.
C) List of all voided shipping documents.
D) Report of all rejected sales transactions.

A) General controls.
B) Application controls.
C) Change controls.
D) IT audit controls.

A) Much emphasis is placed on the encryption side of cryptography.
B) When using private and public keys, the decrypting key is never sent anywhere.
C) A solution to the problem of securing data that leave their original location is the private key.
D) Locating encryption keys on Web servers is not as difficult as once believed.

A) Access security.
B) Passwords.
C) Input controls.
D) All of the above.
E) None of the above. C

A) Business risk.
B) Information access risk.
C) General controls risk.
D) All of the above.

A) Power and space are available at the site to set up processing equipment on short notice (e.g., after a disaster)..
B) The site is located in another branch of the company in a neighboring county.
C) The system is configured in a manner similar to the normal day-to-day processing and is available for immediate use.
D) All of the above are advantages of having a hot site.

A) An alternative means to continue processing after disaster.
B) A strong audit trail for all transactions.
C) Required employee training and periodic testing of the plan.
D) All of the above should be included in the disaster recovery plan.

A) Perpetrate and conceal errors and inappropriate acts.
B) Record both cash receipts and cash disbursements.
C) Journalize entries and prepare financial statements.
D) Establish control activities and authorize transactions.

A) Determine which vendors and employees have the same addresses.
B) Determine potential invoices for review.
C) Determine unusual relationships between high dollar amounts and past due invoices.
D) Determine which invoices are open and are past due.

A) Erasing all data on the computer by the fraud perpetrator makes it impossible for the forensics expert to extract evidence.
B) Computer forensic experts collect evidence and information for use in fraud cases using legally accepted methods.
C) Computer forensics experts are NOT allowed to train the company's employees.
D) All of these statements are true.

A) Direct access to securities in the safety deposit box is limited to only one corporate office.
B) Personnel who post investment security transactions in the general ledger master file are prohibited from updating the investment securities master files
C) The purchase and sale of investment securities are executed upon the specific authorization of the board of directors.
D) The balances in the investment security master file are periodically compared with the physical investment securities by independent personnel.

A) Bonding of employees.
B) Segregation of duties.
C) Rotation of assignments.
D) Enforced vacations.

A) Permit reconstruction of the master file if needed.
B) Match logical relationships to detect errors in the master file records.
C) Verify run-to-run totals.
D) Match logical relationships to detect errors in the master file records.

A) On-screen applications, operating system-based firewalls, and general firewalls.
B) On-screen applications, offline firewalls, and applications-based firewalls.
C) Screen routers, offline firewalls, and general firewalls.
D) Screen routers, operating system-based firewalls, and applications-based firewalls.

A) An application control.
B) An automated preventive control.
C) A general control.
D) An automated application control.

A) File attributes.
B) Uninterruptible power supply.
C) Auxiliary power supply.
D) Firewall.

A) Including a check digit in the inventory part number.
B) Requiring separate authorization for input of adjustment transactions.
C) Including a parity check on the inventory part number.
D) Providing an edit check for the validity of the inventory part number.

A) Validity check.
B) Range check.
C) Reasonableness test.
D) Parity check.

A) Initiate all applications development; set priorities for implementing, applications; develop system security.
B) Assign duties to systems personnel; prepare and monitor application implementation plans; prepare system flowcharts.
C) Establish/approve information processing policies, system projects, and priorities for implementing systems; evaluate effectiveness of processing operations; monitor processing activities.
D) Decide on specific information needs; prepare detailed plans for system evaluations; set priorities for developing applications; decide what computer hardware will be purchased.

A) Automatic rollback.
B) Record count and control total.
C) Anticipation and hash total.
D) Concurrence and sequence number.

A) Authorization of transactions from the custody of related assets.
B) Operational responsibility from recordkeeping responsibility.
C) Human resources function from the controllership function.
D) Administrative controls from the internal accounting controls.

A) Having a strong internal control system
B) Having well-documented management policies and procedures.
C) Having regular assessments of the risks to information assets.
D) Having a documented and regularly tested disaster recovery plan.

A) Controls related to the flow of data in and among support applications.
B) Controls related to the reliability and consistency of the processing environment.
C) Controls that separate functions that are not compatible.
D) Controls to authorize staff to use specific programs.

A) Conducted as a separate project by IT auditors and supervisory personnel.
B) Conducted on an ongoing basis by flagging items that should be investigated.
C) Conducted as a separate project by IT auditors and supervisory personnel or conducted on an ongoing basis by flagging items that should be investigated.
D) None of these is a valid method for monitoring internal control.

A) Separation of the authorization and modification functions of purchasing.
B) Alarms and surveillance cameras for the warehouse.
C) Back-ups of all master files.
D) All of the above.

A) Information processing.
B) Physical controls.
C) Performance reviews.
D) Segregation of duties.
E) A, B, and D only. F. All of the above.

A) Isolation and accountability.
B) Redundancy and oversight.
C) Comparison and assistance.
D) A and B only.
E) All of the above. E