1.

Goals of ERP include all of the following except

a. improved customer service
b. improvements of legacy systems
c. reduced production time
d. increased production

ANS: B PTS: 1

2. Core applications are

a. sales and distribution
b. business planning
c. shop floor control and logistics
d. all of the above

ANS: D PTS: 1

3. Data warehousing processes do not include

a. modeling data
b. condensing data
c. extracting data
d. transforming data

ANS: B PTS: 1

4. Which of the following is usually not part of an ERP’s core applications?

a. OLTP applications
b. sales and distribution applications
c. business planning applications
d. OLAP applications

ANS: D PTS: 1

5. Which of the following is usually not part of an ERP’s OLAP applications?

a. Logistics
b. decision support systems
c. ad hoc analysis
d. what-if analysis

ANS: A PTS: 1

6. Which of the following statements is least likely to be true about a data warehouse?
a. It is constructed for quick searching and ad hoc queries.
b. It was an original part of all ERP systems.
c. It contains data that are normally extracted periodically from the operating databases.
d. It may be deployed by organizations that have not implemented an ERP.

ANS: B PTS: 1

7. Which of the following statements is not true?

a. In a typical two-tier client server system, the server handles both application and database
duties.
b. Client computers are responsible for presenting data to the user and passing user input
back to the server.
c. In three-tier client server architecture, one tier is for user presentations, one is for database
and applications, and the third is for Internet access.

Page 1 of 28
 d. The database and application functions are separate in the three-tier model.

ANS: C PTS: 1

8. Which statements about data warehousing is not correct?

a. The data warehouse should be separate from the operational system.
b. Data cleansing is a process of transforming data into standard form.
c. Drill-down is a data-mining tool available to users of OLAP.
d. Normalization is a requirement of databases included in a data warehouse.

ANS: D PTS: 1

9. Which statement about ERP installation is least accurate?

a. For the ERP to be successful, process reengineering must occur.
b. ERP fails because some important business process is not supported.
c. When a business is diversified, little is gained from ERP installation.
d. The phased-in approach is more suited to diversified businesses.

ANS: C PTS: 1

10. Which statement is true?

a. ERPs are infinitely scalable.
b. Performance problems usually stem from technical problems, not business process
reengineering.
c. The better ERP can handle any problems an organization can have.
d. ERP systems can be modified using bolt-on software.

ANS: D PTS: 1

11. The big bang method

a. is more ambitious than the phased-in method.
b. has been associated with many failures.
c. both a. and b.
d. neither a. nor b.

ANS: C PTS: 1

12. Legacy systems are

a. old manual systems that are still in place.
b. flat file mainframe systems developed before client-server computing became standard.
c. stable database systems after debugging.
d. advanced systems without a data warehouse.

ANS: B PTS: 1

13. A data mart is

a. another name for a data warehouse.
b. a database that provides data to an organization’s customers.
c. an enterprise resource planning system.
d. a data warehouse created for a single function or department.

ANS: D PTS: 1

14. Most ERPs are based on which network model?

Page 2 of 28
 a. peer to peer
b. client-server
c. ring topology
d. bus topology

ANS: B PTS: 1

15. On-line transaction processing programs

a. are bolt-on programs used with commercially available ERPs.
b. are available in two models–two-tier and three-tier.
c. handle large numbers of relatively simple transactions.
d. allow users to analyze complex data relationships.

ANS: C PTS: 1

16. Supply chain management software

a. is typically under the control of external partners in the chain.
b. links all of the partners in the chain, including vendors, carriers, third-party firms, and
information systems providers.
c. cannot be integrated into an overall ERP.
d. none of the above

ANS: B PTS: 1

17. The setup of a data warehouse includes

a. modeling the data
b. extracting data from operational databases
c. cleansing the data
d. all of the above

ANS: D PTS: 1

18. Extracting data for a data warehouse

a. cannot be done from flat files.
b. should only involve active files.
c. requires that the files be out of service.
d. follows the cleansing of data.

ANS: C PTS: 1

19. Data cleansing involves all of the following except

a. filtering out or repairing invalid data
b. summarizing data for ease of extraction
c. transforming data into standard business terms
d. formatting data from legacy systems

ANS: B PTS: 1

20. Which of the following is not a risk associated with ERP implementation?
a. Opposition to changes in the business culture
b. Choosing the wrong ERP
c. Choosing the wrong consultant.
d. All of these are risks associated with ERP implementations.

Page 3 of 28
 ANS: D PTS: 1

21. Closed database architecture is

a. a control technique intended to prevent unauthorized access from trading partners.
b. a limitation inherent in traditional information systems that prevents data sharing.
c. a data warehouse control that prevents unclean data from entering the warehouse.
d. a technique used to restrict access to data marts.
e. a database structure that many of the leading ERPs use to support OLTP applications.

ANS: B PTS: 1

22. Which of the following is NOT as a risk associated with ERP implementation?
a. A drop in firm performance after implementation because the firm looks and works
differently than it did while using a legacy system.
b. Implementing companies have found that staff members, employed by ERP consulting
firms, do not have sufficient experience in implementing new systems.
c. Implementing firms fail to select systems that properly support their business activities.
d. The selected system does not adequately meet the adopting firm’s economic growth.
e. ERPs are too large, complex, and generic for them to be well integrated into most
company cultures.

ANS: E PTS: 1

23. Which statement is LEAST accurate?

a. Implementing an ERP system has as much to do with changing the way an organization
does business than it does with technology.
b. The big-bang approach to ERP implementation is generally riskier than the phased in
approach.
c. To take full advantage of the ERP process, reengineering will need to occur.
d. A common reason for ERP failure is that the ERP does not support one or more important
business processes of the organization

ANS: D PTS: 1

24. Which of the following is NOT a reason that data warehouses be created and maintained separately from
operational databases?
a. It is impractical to keep both operational and archive data in the same database.
b. The continued influence of legacy systems.
c. A separate centralized data warehouse is an effective means of collecting data from
diverse sources.
d. All of these are reasons that data warehouses are maintained separately.

ANS: D PTS: 1

25. The big bang approach

a. is more ambitious and risky than the phased in approach.
b. is a popular alternative to the phase-in approach.
c. reduces the change of system failure.
d. all of the above.
e. none of the above.

Page 4 of 28
 ANS: A PTS: 1

26. Auditors of ERP systems

a. need not be concerned about segregation of duties because these systems possess strong computer controls.
b. focus on output controls such as independent verification to reconcile batch totals.
c. are concerned that managers fail to exercise adequate care in assigning permissions.
d. do not view the data warehouse as an audit or control issue at all because financial records are not stored
there.
e. need not review access levels granted to users because these are determined when the system is configured
and never change.

ANS: C PTS: 1

1.What do you call a system of computers that connects the internal users of an organization that is distributed over a
wide geographic area?
a. LAN
b. decentralized network
c. multidrop network
d. Intranet

ANS: D PTS: 1

2. Network protocols fulfill all of the following objectives except

a. facilitate physical connection between network devices
b. provide a basis for error checking and measuring network performance
c. promote compatibility among network devices
d. result in inflexible standards

ANS: D PTS: 1

3. To physically connect a workstation to a LAN requires a

a. file server
b. network interface card
c. multiplexer
d. bridge

ANS: B PTS: 1

4. Packet switching
a. combines the messages of multiple users into one packet for transmission. At the receiving
end, the packet is disassembled into the individual messages and distributed to the
intended users.
b. is a method for partitioning a database into packets for easy access where no identifiable
primary user exists in the organization.
c. is used to establish temporary connections between network devices for the duration of a
communication session.
d. is a denial of service technique that disassembles various incoming messages to targeted
users into small packages and then reassembles them in random order to create a useless
garbled message.

ANS: C PTS: 1

Page 5 of 28
 5. Protocols
a. facilitate the physical connection between the network devices.
b. synchronize the transfer of data between physical devices.
c. provide a basis for error checking and measuring network performance.
d. all of the above.

ANS: D PTS: 1

6. A virtual private network:

a. is a password-controlled network for private users rather than the general public.
b. is a private network within a public network.
c. is an Internet facility that links user sites locally and around the world.
d. defines the path to a facility or file on the web.
e. none of the above is true.

ANS: B PTS: 1

7. Which topology has a large central computer with direct connections to a periphery of smaller computers? Also in
this topology, the central computer manages and controls data communications among the network nodes.
a. star topology
b. bus topology
c. ring topology
d. client/server topology

ANS: A PTS: 1

8. A ping signal is used to initiate

a. URL masquerading
b. digital signature forging
c. Internet protocol spoofing
d. a smurf attack
e. none of the above is true

ANS: D PTS: 1

9. In a star topology, when the central site fails

a. individual workstations can communicate with each other
b. individual workstations can function locally but cannot communicate with other
workstations
c. individual workstations cannot function locally and cannot communicate with other
workstations
d. the functions of the central site are taken over by a designated workstation

ANS: B PTS: 1

10. Which of the following statements is correct? The client-server model

a. is best suited to the token-ring topology because the random-access method used by this
model detects data collisions.
b. distributes both data and processing tasks to the server’s node.
c. is most effective used with a bus topology.
d. is more efficient than the bus or ring topologies.

ANS: B PTS: 1

11. Sniffer software is

a. software used by malicious Web sites to sniff data from cookies stored on the user’s hard
drive

Page 6 of 28
 b. used by network administrators to analyze network traffic
c. used by bus topology Intranets to sniff for a carrier before transmitting a message to avoid
data collisions
d. illegal programs downloaded from the Net to sniff passwords from the encrypted data of
Internet customers

ANS: B PTS: 1

12. In a ring topology

a. all nodes are of equal status
b. nodes manage private programs and databases locally
c. shared resources are managed by a file server which is a node on the ring
d. all of the above

ANS: D PTS: 1

13. The client/server topology

a. increases the amount of data that is transmitted between the central file and the network
node
b. eliminates the need for nodes to communicate with each other
c. reduces the number of records that must be locked by having the file server perform record
searches
d. functions only with a ring and bus topology

ANS: C PTS: 1

14. The primary difference between a LAN and a WAN is

a. the geographical area covered by the network
b. the transmission technology used
c. the type of workstation used
d. the size of the company

ANS: A PTS: 1

15. A star topology is appropriate

a. for a wide area network with a mainframe for a central computer
b. for centralized databases only
c. for environments where network nodes routinely communicate with each other
d. when the central database does not have to be concurrent with the nodes

ANS: A PTS: 1

16. In a ring topology

a. the network consists of a central computer which manages all communications between
nodes
b. has a host computer connected to several levels of subordinate computers
c. all nodes are of equal status; responsibility for managing communications is distributed
among the nodes
d. information processing units rarely communicate with each other

Page 7 of 28
 ANS: C PTS: 1

17. A distributed denial of service (DDoS) attack

a. is more intensive that a Dos attack because it emanates from single source
b. may take the form of either a SYN flood or smurf attack
c. is so named because it effects many victims simultaneously, which are distributed across
the internet
d. turns the target victim's computers into zombies that are unable to access the Internet
e. none of the above is correct

ANS: B PTS: 1

18. Which method does not manage or control data collisions that might occur on a network?
a. Multiplexing
b. Polling
c. carrier sensing
d. token passing

ANS: A PTS: 1

19. All of the following are true about the Open System Interface (OSI) protocol except
a. within one node different layers communicate with other layers at that node
b. one protocol is developed and applied to all the OSI layers
c. specific layers are dedicated to hardware tasks and other layers are dedicated to software
tasks
d. layers at each node communicate logically with their counterpart layers across nodes

ANS: B PTS: 1

20. NNTP
a. is the document format used to produce Web pages.
b. controls Web browsers that access the Web.
c. is used to connect to Usenet groups on the Internet
d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.
e. is a low-level encryption scheme used to secure transmissions in higher-level (HTTP)
format.

ANS: C PTS: 1

21. Which of the following statements is correct? TCP/IP

a. is the basic protocol that permits communication between Internet sites.
b. controls Web browsers that access the WWW.
c. is the file format used to produce Web pages.
d. is a low-level encryption scheme used to secure transmissions in HTTP format.

ANS: A PTS: 1

22. FTP
a. is the document format used to produce Web pages.
b. controls Web browsers that access the Web.
c. is used to connect to Usenet groups on the Internet
d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.
e. is a low-level encryption scheme used to secure transmissions in higher-level () format.

ANS: D PTS: 1

23. IP spoofing

Page 8 of 28
 a. combines the messages of multiple users into a “spoofing packet” where the IP addresses
are interchanged and the messages are then distributes randomly among the targeted users.
b. is a form of masquerading to gain unauthorized access to a web server.
c. is used to establish temporary connections between network devices with different IP
addresses for the duration of a communication session.
d. is a temporary phenomenon that disrupts transaction processing. It will resolve itself when
the primary computer completes processing its transaction and releases the IP address
needed by other users.

ANS: B PTS: 1
24. HTML
a. is the document format used to produce Web pages.
b. controls Web browsers that access the Web.
c. is used to connect to Usenet groups on the Internet.
d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.
e. is a low-level encryption scheme used to secure transmissions in higher-level () format.

ANS: A PTS: 1

25. Which one of the following statements is correct?

a. Cookies always contain encrypted data.
b. Cookies are text files and never contain encrypted data.
c. Cookies contain the URLs of sites visited by the user.
d. Web browsers cannot function without cookies.

ANS: C PTS: 1

26. A message that is made to look as though it is coming from a trusted source but is not is called
a. a denial of service attack
b. digital signature forging
c. Internet protocol spoofing
d. URL masquerading

ANS: C PTS: 1

27. An IP Address:
a. defines the path to a facility or file on the web.
b. is the unique address that every computer node and host attached to the Internet must
have.
c. is represented by a 64-bit data packet.
d. is the address of the protocol rules and standards that governing the design of internet
hardware and software.
e. none of the above is true.

ANS: B PTS: 1

28. A digital signature is

a. the encrypted mathematical value of the message sender’s name
b. derived from the digest of a document that has been encrypted with the sender’s private
key
c. the computed digest of the sender’s digital certificate
d. allows digital messages to be sent over analog telephone lines

ANS: B PTS: 1

29. HTTP
a. is the document format used to produce Web pages.
b. controls Web browsers that access the Web.
c. is used to connect to Usenet groups on the Internet

Page 9 of 28
 d. is used to transfer text files, programs, spreadsheets, and databases across the Internet.
e. is a low-level encryption scheme used to secure transmissions in higher-level () format.

ANS: B PTS: 1

30. Which of the following statements is correct?

a. Packet switching combines the messages of multiple users into a “packet” for
transmission. At the receiving end, the packet is disassembled into the individual messages
and distributed to the intended users.
b. The decision to partition a database assumes that no identifiable primary user exists in the
organization.
c. Packet switching is used to establish temporary connections between network devices for
the duration of a communication session.
d. A deadlock is a temporary phenomenon that disrupts transaction processing. It will resolve
itself when the primary computer completes processing its transaction and releases the
data needed by other users.

ANS: C PTS: 1

31. The provision of computing power and disk space to client firms who access it from desktop PCs is known as
a. Computing-as-a-Service
b. Infrastructure-as-a-Service
c. Platform-as-a-Service
d. Software-as-a-Service

ANS: B PTS: 1

32. This class of cloud computing enables client firms to develop and deploy onto the cloud infrastructure consumer-
generated applications using facilities provided by the vendor.
a. Computing-as-a-Service
b. Infrastructure-as-a-Service
c. Platform-as-a-Service
d. Software-as-a-Service

ANS: C PTS: 1

33. Which of the following is not a key feature of cloud computing?

a. Acquisition of resources is rapid and infinitely scalable.
b. Client firms can acquire IT resources from vendors on demand and as needed.
c. Computing resources are pooled to meet the needs of multiple client firms.
d. Individual clients have control over the physical location of the service being provided.
1.When studying the detailed feasibility of a new project
a. prototyping does not affect the schedule feasibility analysis
b. the need for user training will influence the schedule feasibility analysis
c. protection from fraud and errors will influence the schedule feasibility analysis
d. a cost-benefit review will affect the schedule feasibility analysis
ANS: B PTS: 1

2. Protection from inadvertent disclosures of confidential information is part of the detailed

a. operational feasibility study
b. schedule feasibility study
c. legal feasibility study
d. economic feasibility study
ANS: C PTS: 1

3. A cost-benefit analysis is a part of the detailed

a. operational feasibility study
b. schedule feasibility study
c. legal feasibility study
d. economic feasibility study

Page 10 of 28
ANS: D PTS: 1

Page 11 of 28
4. Examples of one-time costs include all of the following except
a. hardware acquisition
b. insurance
c. site preparation
d. programming
ANS: B PTS: 1

5. Examples of recurring costs include

a. software acquisition
b. data conversion
c. personnel costs
d. systems design
ANS: C PTS: 1

6. Site preparation costs include all of the following except

a. crane used to install equipment
b. freight charges
c. supplies
d. reinforcement of the building floor
ANS: C PTS: 1

7. The testing of individual program modules is a part of

a. software acquisition costs
b. systems design costs
c. data conversion costs
d. programming costs
ANS: D PTS: 1

8. When implementing a new system, the costs associated with transferring data from one storage medium to
another is an example of
a. a recurring cost
b. a data conversion cost
c. a systems design cost
d. a programming cost
ANS: B PTS: 1

9. An example of a tangible benefit is

a. increased customer satisfaction
b. more current information
c. reduced inventories
d. faster response to competitor actions
ANS: C PTS: 1

Page 12 of 28
10. An example of an intangible benefit is
a. expansion into other markets
b. reduction in supplies and overhead
c. more efficient operations
d. reduced equipment maintenance
ANS: C PTS: 1

11. A tangible benefit

a. can be measured and expressed in financial terms
b. might increase revenues
c. might decrease costs
d. all of the above
ANS: D PTS: 1

12. Intangible benefits

a. are easily measured
b. are of relatively little importance in making information system decisions
c. are sometimes estimated using customer satisfaction surveys
d. when measured, do not lend themselves to manipulation
ANS: C PTS: 1

13. Which technique is least likely to be used to quantify intangible benefits?

a. opinion surveys
b. simulation models
c. professional judgment
d. review of accounting transaction data
ANS: D PTS: 1

14. The formal product of the systems evaluation and selection phase of the Systems Development Life Cycle is
a. the report of systems analysis
b. the systems selection report
c. the detailed system design
d. the systems plan
ANS: B PTS: 1

15. One-time costs include all of the following except

a. site preparation
b. insurance
c. programming and testing
d. data conversion
ANS: B PTS: 1

Page 13 of 28
16. Recurring costs include all of the following except
a. data conversion
b. software maintenance
c. insurance
d. supplies
ANS: A PTS: 1

17. All of the following are reasons why new systems fail except
a. the user is not involved in the development of the system
b. system requirements are not clearly specified
c. systems analysts rely on prototyping models
d. system development techniques are ineffective
ANS: C PTS: 1

18. The systems steering committee is responsible for all of the following except
a. assigning priorities
b. determining whether and when to terminate systems projects
c. analyzing the technical feasibility of the project
d. budgeting funds for systems development
ANS: C PTS: 1

19. Strategic systems planning is important because the plan

a. provides authorization control for the Systems Development Life Cycle
b. will eliminate any crisis component in systems development
c. provides a static goal to be attained within a five-year period
d. all of the above
ANS: A PTS: 1

20. Project feasibility includes all of the following except

a. technical feasibility
b. conceptual feasibility
c. operational feasibility
d. schedule feasibility
ANS: B PTS: 1

21. The degree of compatibility between the firm’s existing procedures and personnel skills and the requirements of
the new system is called
a. technical feasibility
b. operational feasibility
c. schedule feasibility
d. legal feasibility
ANS: B PTS: 1

22. The ability of a system to protect individual privacy and confidentiality is an example of
a. schedule feasibility
b. operational feasibility
c. legal feasibility
d. economic feasibility
ANS: C PTS: 1

23. The systems project proposal

a. provides management with a basis for deciding whether or not to proceed with the project
b. supplies an input to the project planning activity
c. links the objectives of the proposed system to the system’s scheduling requirements

Page 14 of 28
 d. prioritizes the proposal in relation to other system proposals
ANS: A PTS: 1

24. Which step is not used to evaluate a systems proposal? An analysis of the project’s
a. feasibility factors
b. ability to eliminate nonessential activities and costs
c. ability to provide a competitive advantage to the firm
d. use of Computer Aided Software Engineering (CASE) tools in developing the system
proposal
ANS: D PTS: 1

25. Reasons that a new systems implementation may be unsuccessful include all of the following except
a. organizational restructuring required by the new system results in displaced workers
b. end users do not understand the strategic merits of the new system
c. employees are not trained to use the system
d. system development team members include representatives from end-user departments
ANS: D PTS: 1

26. Typically a systems analysis

a. results in a formal project schedule
b. does not include a review of the current system
c. identifies user needs and specifies system requirements
d. is performed by the internal auditor
ANS: C PTS: 1

27. A disadvantage of surveying the current system is

a. it constrains the generation of ideas about the new system
b. it highlights elements of the current system that are worth preserving
c. it pinpoints the causes of the current problems
d. all of the above are advantages of surveying the current system
ANS: A PTS: 1

Page 15 of 28
28. Systems analysis involves all of the following except
a. gathering facts
b. surveying the current system
c. redesigning bottleneck activities
d. reviewing key documents
ANS: C PTS: 1

29. The systems analysis report does not

a. identify user needs
b. specify requirements for the new system
c. formally state the goals and objectives of the system
d. specify the system processing methods
ANS: D PTS: 1

30. After the systems analysis phase of the System Development Life Cycle (SDLC) is complete, the company will
have a formal systems analysis report on
a. the conceptual design of the new system
b. an evaluation of the new system
c. users’ needs and requirements for the new system
d. a comparison of alternative implementation procedures for the new system
ANS: C PTS: 1

31. The accountant’s role in systems analysis includes all of the following except
a. specify audit trail requirements
b. prepare data gathering questionnaires
c. suggest inclusion of advanced audit features
d. ensure mandated procedures are part of the design
ANS: B PTS: 1

32. The role of the steering committee includes

a. designing the system outputs
b. resolving conflicts that arise from a new system
c. selecting the programming techniques to be used
d. approving the accounting procedures to be implemented
ANS: B PTS: 1

33. Project planning includes all of the following except

a. specifying system objectives
b. preparing a formal project proposal
c. selecting hardware vendors
d. producing a project schedule
ANS: C PTS: 1

Page 16 of 28
34. Aspects of project feasibility include all of the following except
a. technical feasibility
b. economic feasibility
c. logistic feasibility
d. schedule feasibility
ANS: C PTS: 1

35. Which of the following is not a tool of systems analysts?

a. observation
b. task participation
c. audit reports
d. personal interviews
ANS: C PTS: 1

36. When developing the conceptual design of a system,

a. all similarities and differences between competing systems are highlighted
b. structure diagrams are commonly used
c. the format for input screens and source documents is decided
d. inputs, processes, and outputs that distinguish one alternative from another are identified
ANS: D PTS: 1

37. The role of the accountant/internal auditor in the conceptual design phase of the Systems Development Life Cycle
includes all of the following except
a. the accountant is responsible for designing the physical system
b. the accountant is responsible to ensure that audit trails are preserved
c. the internal auditor is responsible to confirm that embedded audit modules are included in
the conceptual design
d. the accountant is responsible to make sure that the accounting conventions that apply to
the module are considered by the system designers
ANS: A PTS: 1

1. Which statement is not true?

a. prototypes do not include internal control features
b. a prototype is an inexpensive, simplified model of a system
c. a throwaway prototype is discarded after the requirements are established
d. systems designers always discard prototypes and do not develop them into finished
systems
ANS: D PTS: 1

2. Which statement is not true? Computer Aided Software Engineering (CASE) technology
a. is commercially available software
b. reduces the productivity but increases the quality of the work of systems professionals
c. expedites the System Development Life Cycle
d. consists of upper and lower tools
ANS: B PTS: 1

3. The central repository of the Computer Aided Software Engineering (CASE) system contains
a. the program code
b. user prototype screens
c. data flow diagrams
d. all of the above
ANS: D PTS: 1

Page 17 of 28
 4. Which is not a level of a data flow diagram?
a. conceptual level
b. context level
c. intermediate level
d. elementary level
ANS: A PTS: 1

5. Which level of a data flow diagram is used to produce program code and database tables?
a. context level
b. elementary level
c. intermediate level
d. prototype level
ANS: B PTS: 1

6. In a Computer Aided Software Engineering (CASE) environment, a structure diagram

a. presents an overview model of the primary transactions processed
b. graphically depicts the iceberg effect
c. presents a model of the program code that constitutes the physical system
d. is prepared by the systems analyst
ANS: C PTS: 1

7. An advantage of the Computer Aided Software Engineering (CASE) model tool, which transforms the structure
diagram into machine language, is
a. it facilitates the auditors review of the system
b. it ensures that firm will use a specific CASE tool and vendor
c. it forces all system changes to be made through the data flow diagrams
d. it reduces the analysis required in designing the system
ANS: C PTS: 1

8. When maintaining a system that was developed using Computer Aided Software Engineering (CASE) tools,
a. the programmer must thoroughly review the program code
b. changes should be made directly to the structure diagram
c. significantly less time is required compared to maintenance activities for a system
developed without using Computer Aided Software Engineering (CASE) tools
d. the need for testing the modified application is eliminated
ANS: C PTS: 1

9. Which of the following is an advantage of the Computer Aided Software Engineering (CASE) approach?
a. the ability to easily revise the model during the development stage
b. the requirement that all program code and documentation be regenerated for each module
c. the cost of software engineering programs
d. user involvement is restricted to final stages of development
ANS: A PTS: 1

10. Which of the following is a disadvantage of the Computer Aided Software Engineering (CASE) approach?
a. source code produced by CASE tools is less efficient than code written by a skilled
programmer
b. alternative designs cannot be reviewed prior to implementation
c. system users are reluctant to become involved with the CASE approach
d. maintenance costs are increased
ANS: A PTS: 1

11. Which statement is not correct? The structured design approach

a. is a top-down approach
b. is documented by data flow diagrams and structure diagrams
c. assembles reusable modules rather than creating systems from scratch

Page 18 of 28
 d. starts with an abstract description of the system and redefines it to produce a more detailed
description of the system
ANS: C PTS: 1

12. The benefits of the object-oriented approach to systems design include all of the following except
a. this approach does not require input from accountants and auditors
b. development time is reduced
c. a standard module once tested does not have to be retested until changes are made
d. system maintenance activities are simplified
ANS: A PTS: 1

13. In the object-oriented systems design approach, the employee pay rate is an example of
a. an object
b. an attribute
c. an operation
d. a class
ANS: B PTS: 1

14. Ms. Andrews is a customer of the Edsell Company. In the object-oriented design approach
a. Ms. Andrews is an instance in the object class accounts receivable
b. the amount Ms. Andrews owes the Edsell Company is an operation
c. determining the amount past due is an attribute
d. the object class accounts receivable inherits all the attributes of Ms. Andrews
ANS: A PTS: 1

15. In the object-oriented systems design approach,

a. objects possess two characteristics–attributes and instances
b. an instance is a logical grouping of individual objects
c. inheritance means that each object instance inherits the attributes and operations of the
class to which it belongs
d. operations performed on objects always change attributes
ANS: C PTS: 1

16. Which statement is not correct? In the object-oriented design approach

a. a single change to an attribute or operation in one object class is automatically changed for
all the object instances and subclasses that inherit the attribute
b. each module can inherit from other modules the attributes and operations it requires
c. the entity relationship diagram is used to create a program which can be used in other
systems
d. the control module must be recreated for each program
ANS: D PTS: 1

17. Evaluators of the detailed feasibility study should not include

a. the internal auditor
b. the project manager
c. a user representative
d. the system designer
ANS: D PTS: 1

18. A commercial software system that is completely finished, tested, and ready for implementation is called a
a. backbone system
b. vendor-supported system
c. benchmark system
d. turnkey system
ANS: D PTS: 1

Page 19 of 28
19. Which of the following is not an advantage of commercial software? Commercial software
a. can be installed faster than a custom system
b. can be easily modified to the user’s exact specifications
c. is significantly less expensive than a system developed in-house
d. is less likely to have errors than an equivalent system developed in-house
ANS: B PTS: 1

20. Which step is least likely to occur when choosing a commercial software package?
a. a detailed review of the source code
b. contact with user groups
c. preparation of a request for proposal
d. comparison of the results of a benchmark problem
ANS: A PTS: 1

21. The output of the detailed design phase of the Systems Development Life Cycle (SDLC) is a
a. fully documented system report
b. systems selection report
c. detailed design report
d. systems analysis report
ANS: C PTS: 1

22. The detailed design report contains all of the following except
a. input screen formats
b. alternative conceptual designs
c. report layouts
d. process logic
ANS: B PTS: 1

23. When each element of information supports the user’s decision or task, the output is said to possess
a. completeness
b. summarization
c. conciseness
d. relevance
ANS: D PTS: 1

24. There is often a conflict between the attributes of

a. timeliness and conciseness
b. accuracy and timeliness
c. relevance and summarization
d. completeness and exceptions orientation
ANS: B PTS: 1

25. A report of accounts that are past due has many information attributes. The most important attribute is
a. summarization
b. timeliness
c. conciseness
d. exception orientation
ANS: D PTS: 1

26. When hardcopy forms are used as the source for electronic data input,
a. a paper audit trail is maintained
b. economies of scale in data collection are avoided
c. input errors are reduced
d. a point-of-sale terminal is required

Page 20 of 28
 ANS: A PTS: 1

27. The most important design element for a hardcopy form that is used for electronic data input is that
a. the form is a standard size
b. the source document and the input screen are identical
c. instructions use active voice
d. sufficient copies of the form are prepared
ANS: B PTS: 1

28. Which of the following is not one of the problems that accounts for most systems failures?
a. poorly specified systems requirements
b. ineffective development techniques
c. lack of user involvement in systems development
d. insufficient dollar investment in the new system
ANS: D PTS: 1

29. Which statement is not true?

a. loosely coupled modules are independent of other modules
b. cohesive modules perform a single, well-defined task
c. maintenance of a module with weak cohesion is simple
d. an error made in a tightly coupled module will affect other modules
ANS: C PTS: 1

30. Translating the system modules into pseudocode

a. occurs in the implementation phase of the Systems Development Life Cycle
b. expresses the detailed logic of the module in programming language
c. discourages end users from becoming actively involved in designing the system
d. permits individuals with few technical skills to understand the logic of the module
ANS: D PTS: 1

31. Which statement is not true? A systems design walkthrough

a. is conducted by a quality assurance group
b. occurs just after system implementation
c. simulates the operation of the system in order to uncover errors and omissions
d. reduces costs by reducing the amount of reprogramming
ANS: B PTS: 1

32. System documentation is designed for all of the following groups except
a. systems designers and programmers
b. end users
c. accountants
d. all of the above require systems documentation
ANS: D PTS: 1

33. Which type of documentation shows the detailed relationship of input files, programs, and output files?
a. structure diagrams

Page 21 of 28
 b. overview diagram
c. system flowchart
d. program flowchart
ANS: C PTS: 1

34. Typical contents of a run manual include all of the following except
a. run schedule
b. logic flowchart
c. file requirements
d. explanation of error messages
ANS: B PTS: 1

35. Computer operators should have access to all of the following types of documentation except
a. a list of users who receive output
b. a program code listing
c. a list of all master files used in the system
d. a list of required hardware devices
ANS: B PTS: 1

36. Which task is not essential during a data conversion procedure?

a. decomposing the system
b. validating the database
c. reconciliation of new and old databases
d. backing up the original files
ANS: A PTS: 1

37. When converting to a new system, which cutover method is the most conservative?
a. cold turkey cutover
b. phased cutover
c. parallel operation cutover
d. data coupling cutover
ANS: C PTS: 1

38. What is not true about data modeling?

a. Relationships are the degree of association between two entities.
b. Attributes are data that describe the characteristics or properties of entities.
c. Entities are resources, events, or agents involved in the business.
d. Modeling is the task of formalizing the data requirements of the business process as a
physical model.
ANS: D PTS: 1

1.Which of the following is NOT an implication of section 302 of the Sarbanes-Oxley Act?
a. Auditors must determine, whether changes in internal control has, or is likely to,
materially affect internal control over financial reporting.
b. Auditors must interview management regarding significant changes in the design or
operation of internal control that occurred since the last audit.
c. Corporate management (including the CEO) must certify monthly and annually their
organization’s internal controls over financial reporting.
d. Management must disclose any material changes in the company’s internal controls that
have occurred during the most recent fiscal quarter.
ANS: C PTS: 1

2. Which of the following is NOT a requirement in management’s report on the effectiveness of internal controls
over financial reporting?
a. A statement of management’s responsibility for establishing and maintaining adequate
internal control user satisfaction.
b. A statement that the organization’s internal auditors has issued an attestation report on

Page 22 of 28
 management’s assessment of the company’s internal controls.
c. A statement identifying the framework used by management to conduct their assessment
of internal controls.
d. An explicit written conclusion as to the effectiveness of internal control over financial
reporting.
ANS: B PTS: 1

3. In a computer-based information system, which of the following duties needs to be separated?

a. program coding from program operations
b. program operations from program maintenance
c. program maintenance from program coding
d. all of the above duties should be separated
ANS: D PTS: 1

4. Supervision in a computerized environment is more complex than in a manual environment for all of the
following reasons except
a. rapid turnover of systems professionals complicates management's task of assessing the
competence and honesty of prospective employees
b. many systems professionals have direct and unrestricted access to the organization's
programs and data
c. rapid changes in technology make staffing the systems environment challenging
d. systems professionals and their supervisors work at the same physical location
ANS: D PTS: 1

5. Adequate backups will protect against all of the following except

a. natural disasters such as fires
b. unauthorized access
c. data corruption caused by program errors
d. system crashes
ANS: B PTS: 1

6. Which is the most critical segregation of duties in the centralized computer services function?
a. systems development from data processing
b. data operations from data librarian
c. data preparation from data control
d. data control from data librarian
ANS: A PTS: 1

7. Systems development is separated from data processing activities because failure to do so

a. weakens database access security
b. allows programmers access to make unauthorized changes to applications during
execution
c. results in inadequate documentation
d. results in master files being inadvertently erased
ANS: B PTS: 1

8. Which organizational structure is most likely to result in good documentation procedures?

a. separate systems development from systems maintenance
b. separate systems analysis from application programming
c. separate systems development from data processing
d. separate database administrator from data processing
ANS: A PTS: 1

9. All of the following are control risks associated with the distributed data processing structure except
a. lack of separation of duties
b. system incompatibilities

Page 23 of 28
 c. system interdependency
d. lack of documentation standards
ANS: C PTS: 1

10. Which of the following is not an essential feature of a disaster recovery plan?
a. off-site storage of backups
b. computer services function
c. second site backup
d. critical applications identified
ANS: B PTS: 1

11. A cold site backup approach is also known as

a. internally provided backup
b. recovery operations center
c. empty shell
d. mutual aid pact
ANS: C PTS: 1

12. The major disadvantage of an empty shell solution as a second site backup is
a. the host site may be unwilling to disrupt its processing needs to process the critical
applications of the disaster stricken company
b. intense competition for shell resources during a widespread disaster
c. maintenance of excess hardware capacity
d. the control of the shell site is an administrative drain on the company
ANS: B PTS: 1

13. An advantage of a recovery operations center is that

a. this is an inexpensive solution
b. the initial recovery period is very quick
c. the company has sole control over the administration of the center
d. none of the above are advantages of the recovery operations center
ANS: B PTS: 1

14. For most companies, which of the following is the least critical application for disaster recovery purposes?
a. month-end adjustments
b. accounts receivable
c. accounts payable
d. order entry/billing
ANS: A PTS: 1

15. The least important item to store off-site in case of an emergency is

a. backups of systems software
b. backups of application software
c. documentation and blank forms
d. results of the latest test of the disaster recovery program
ANS: D PTS: 1

16. Some companies separate systems analysis from programming/program maintenance. All of the following are
control weaknesses that may occur with this organizational structure except
a. systems documentation is inadequate because of pressures to begin coding a new program
before documenting the current program
b. illegal lines of code are hidden among legitimate code and a fraud is covered up for a long
period of time
c. a new systems analyst has difficulty in understanding the logic of the program

Page 24 of 28
 d. inadequate systems documentation is prepared because this provides a sense of job
security to the programmer
ANS: C PTS: 1

17. All of the following are recommended features of a fire protection system for a computer center except
a. clearly marked exits
b. an elaborate water sprinkler system
c. manual fire extinguishers in strategic locations
d. automatic and manual alarms in strategic locations
ANS: B PTS: 1

18. Which concept is not an integral part of an audit?

a. evaluating internal controls
b. preparing financial statements
c. expressing an opinion
d. analyzing financial data
ANS: B PTS: 1

19. Which statement is not true?

a. Auditors must maintain independence.
b. IT auditors attest to the integrity of the computer system.
c. IT auditing is independent of the general financial audit.
d. IT auditing can be performed by both external and internal auditors.
ANS: C PTS: 1

20. Typically, internal auditors perform all of the following tasks except
a. IT audits
b. evaluation of operational efficiency
c. review of compliance with legal obligations
d. internal auditors perform all of the above tasks
ANS: D PTS: 1

21. The fundamental difference between internal and external auditing is that
a. internal auditors represent the interests of the organization and external auditors represent
outsiders
b. internal auditors perform IT audits and external auditors perform financial statement audits
c. internal auditors focus on financial statement audits and external auditors focus on
operational audits and financial statement audits
d. external auditors assist internal auditors but internal auditors cannot assist external
auditors
ANS: A PTS: 1

22. Internal auditors assist external auditors with financial audits to

a. reduce audit fees
b. ensure independence
c. represent the interests of management
d. None of the above. Internal auditors are not permitted to assist external auditors with
financial audits.
ANS: A PTS: 1

23. Which statement is not correct?

a. Auditors gather evidence using tests of controls and substantive tests.
b. The most important element in determining the level of materiality is the mathematical
formula.
c. Auditors express an opinion in their audit report.
d. Auditors compare evidence to established criteria.

Page 25 of 28
 ANS: B PTS: 1

24. All of the following are steps in an IT audit except

a. substantive testing
b. tests of controls
c. post-audit testing
d. audit planning
ANS: C PTS: 1

25. When planning the audit, information is gathered by all of the following methods except
a. completing questionnaires
b. interviewing management
c. observing activities
d. confirming accounts receivable
ANS: D PTS: 1

26. Substantive tests include

a. examining the safety deposit box for stock certificates
b. reviewing systems documentation
c. completing questionnaires
d. observation
ANS: A PTS: 1

27. Tests of controls include

a. confirming accounts receivable
b. counting inventory
c. completing questionnaires
d. counting cash
ANS: C PTS: 1

28. All of the following are components of audit risk except

a. control risk
b. legal risk
c. detection risk
d. inherent risk
ANS: B PTS: 1

29. Control risk is

a. the probability that the auditor will render an unqualified opinion on financial statements
that are materially misstated
b. associated with the unique characteristics of the business or industry of the client
c. the likelihood that the control structure is flawed because controls are either absent or
inadequate to prevent or detect errors in the accounts
d. the risk that auditors are willing to take that errors not detected or prevented by the control
structure will also not be detected by the auditor
ANS: C PTS: 1

30. All of the following tests of controls will provide evidence about the physical security of the computer center
except
a. review of fire marshal records
b. review of the test of the backup power supply
c. verification of the second site backup location
d. observation of procedures surrounding visitor access to the computer center
ANS: C PTS: 1

Page 26 of 28
 31. All of the following tests of controls will provide evidence about the adequacy of the disaster recovery plan
except
a. inspection of the second site backup
b. analysis of the fire detection system at the primary site
c. review of the critical applications list
d. composition of the disaster recovery team
ANS: B PTS: 1

32. Which of the following is true?

a. In the CBIS environment, auditors gather evidence relating only to the contents of
databases, not the reliability of the computer system.
b. Conducting an audit is a systematic and logical process that applies to all forms of
information systems.
c. Substantive tests establish whether internal controls are functioning properly.
d. IT auditors prepare the audit report if the system is computerized.
ANS: B PTS: 1
33. Inherent risk
a. exists because all control structures are flawed in some ways.
b. is the likelihood that material misstatements exist in the financial statements of the firm.
c. is associated with the unique characteristics of the business or industry of the client.
d. is the likelihood that the auditor will not find material misstatements.
ANS: C PTS: 1

34. Which of the following is not a generally accepted auditing standard general standard?
a. The auditor must have adequate technical training and proficiency.
b. The auditor must obtain sufficient, competent evidence.
c. The auditor must have independence of mental attitude.
d. All of the above are generally accepted auditing standard general standards.
ANS: B PTS: 1

35. The financial statements of an organization reflect a set of management assertions about the financial health of the
business. All of the following describe types of assertions except
a. that all of the assets and equities on the balance sheet exist
b. that all employees are properly trained to carry out their assigned duties
c. that all transactions on the income statement actually occurred
d. that all allocated amounts such as depreciation are calculated on a systematic and rational
basis
ANS: B PTS: 1

36. Which of the following is not an advantage of distributed data processing?

a. ability to backup computing facilities
b. improved user satisfaction
c. efficient use of resources
d. all of the above are advantages of distributed data processing
ANS: C PTS: 1

37 . Operations fraud includes

a. altering program logic to cause the application to process data incorrectly
b. misusing the firm’s computer resources
c. destroying or corrupting a program’s logic using a computer virus
d. creating illegal programs that can access data files to alter, delete, or insert values
ANS: B PTS: 1

38. Segregation of duties in the computer-based information system includes

a. separating the programmer from the computer operator
b. preventing management override
c. separating the inventory process from the billing process
d. performing independent verifications by the computer operator

Page 27 of 28
ANS: A PTS: 1

Page 28 of 28