Binghamton University School of Management Accounting 581C Accounting Information Systems Fall 2011 Test 2 Chapters 7-10

Name Date

Record your answers on both the scan sheet and your test.

True/False Indicate whether the statement is true or false. ____ ____ ____ 1. Organizational governance is a process by which organizations select objectives, establish processes to achieve objectives, and monitor performance. 2. Under the Sarbanes Oxley Act of 2002, the section on Auditor Independence establishes an independent board to oversee public company audits. 3. A computer abuse technique called a back door involves a programmer's inserting special code or passwords in a computer program that will allow the programmer to bypass the security features of the program. 4. Segregation of duties consists of separating the four functions of authorizing events, executing events, recording events, and safeguarding the resources resulting from consummating the events. 5. Business continuity planning is the process that identifies events that may threaten an organization and provide a framework whereby the organization will continue to operate when the threatened event occurs or resume operations with a minimum of disruption. 6. A control matrix is a tool that assists in evaluating the potential effectiveness of control goals in a particular business process. 7. An exception and summary report reflects the events that were accepted or rejected by the system. 8. In a batch sequence check a computer program sorts the input documents into numerical order; checks the documents against the sequence number range; and reports missing, duplicate, and out-of-range data. 9. The order entry/sales (OE/S) process includes the first four steps in the order-to-cash process: presales activities; sales order processing; picking and packing the goods; and shipping.
Acctg 581C - Fall 2011 - Test 2 Chapters 7-10 - Que-A

____

____

____ ____ ____

____

Page 1 of 12
14 December 2011

____ 10. The OE/S process helps support the decision needs of the accounting department. ____ 11. For companies using enterprise systems, CRM systems often share the same underlying database. ____ 12. The completed picking ticket file provides an audit trail of authorized inventory transfers made between the warehouse and the shipping department. ____ 13. Optical character recognition (OCR) devices use light reflection to read differences in code patterns in order to identify a labeled item. ____ 14. One-for-one checking in the OE/S process is a control plan that simplifies the data entry process, and may prevent the customer service representative from omitting data, to fill in certain fields, and reject incorrectly formatted fields to reduce input errors. ____ 15. Customer credit check is a control plan that ensures that the organization protects its resources by dealing only with customers who have demonstrated an ability to satisfy their liabilities. ____ 16. A customer acknowledgement is sent to the billing department to notify them of a pending shipment. Multiple Choice Identify the choice that best completes the statement or answers the question. ____ 17. A process, effected by an entity's board of directors, management and other personnel, applied in strategy settings and across the enterprise, designed to identify potential events that may effect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives is: a. enterprise risk management b. internal control c. organizational governance d. risk assessment ____ 18. The ERM framework is comprised of eight components. Which component includes the policies and procedures established and implemented to help ensure the risk responses are effectively carried out? a. control activities b. event identification c. risk assessment d. risk response

____ 19. Approvals, authorizations, verifications, reconciliations, reviews of operating performance, security procedures, supervision, audit trails, and segregation of duties are examples of: a. control activities b. event identification c. monitoring d. risk response ____ 20. The major reasons for exercising control of the organization's business processes include: a. to provide reasonable assurance that the goals of the business are being achieved b. to mitigate risks of fraud and other intentional and unintentional acts c. to provide reasonable assurance that the company is in compliance with applicable legal and regulatory obligations d. all of the above ____ 21. The section of Sarbanes Oxley that prohibits a CPA firm that audits a public company from engaging in certain nonaudit services with the same client is: a. Title I Public Company Accounting Oversight Board b. Title II Auditor Independence c. Title III Corporate Responsibility d. Title IV Enhanced Financial Disclosures ____ 22. The section of Sarbanes Oxley that requires each annual report filed with the SEC to include an internal control report is: a. Title I Public Company Accounting Oversight Board b. Title II Auditor Independence c. Title III Corporate Responsibility d. Title IV Enhanced Financial Disclosures ____ 23. The section of Sarbanes Oxley that makes it a felony to knowingly destroy, alter, or create records and or documents with the intent to impede, obstruct, or influence an ongoing or contemplated federal investigation and offers legal protection to whistle blowers is: a. Title V Analysts Conflicts of Interests
Acctg 581C - Fall 2011 - Test 2 Chapters 7-10 - Que-A

Page 3 of 12
14 December 2011

b. Title VIII Corporate and Criminal Fraud Accountability c. Title IX White-Collar Crime Penalty Enhancements d. Title XI Corporate Fraud and Accountability ____ 24. ____ are the policies and procedures that help ensure that the risk responses are effectively carried out. a. Control environment b. Risk assessment c. Control activities d. Monitoring ____ 25. A deliberate act or untruth intended to obtain unfair or unlawful gain is a(n): a. audit b. embezzlement c. fraud d. theft ____ 26. A control goal that is a measure of success in meeting a set of established goals is called: a. effectiveness b. Monitoring c. Efficiency d. Risk ____ 27. The information process control goal which relates to preventing fictitious events from being recorded is termed: a. ensure input validity b. ensure input accuracy c. ensure input completeness d. ensure effectiveness of operations ____ 28. Discrepancies between data items recorded by a system and the underlying economic events or objects they represent are a violation of the control goal of: a. ensure input validity b. ensure input completeness

c. ensure input accuracy d. ensure update completeness ____ 29. Control plans that relate to a multitude of goals and processes are called: a. business process control plans b. internal control systems c. pervasive control plans d. management control systems ____ 30. COBIT was developed to: a. provide guidance to managers, users, and auditors on the best practices for the management of information technology b. identify specific control plans that should be implemented to reduce the occurrence of fraud c. specify the components of an information system that should be installed in an e-commerce environment d. suggest the type of information that should be made available for management decision making ____ 31. This IT function's key control concern is that organization and IT strategic objectives are misaligned: a. CIO b. quality assurance c. IT steering committee d. systems development manager ____ 32. In an information systems organizational structure, the function of ____ is the central point from which to control data and is a central point of vulnerability. a. data control b. data entry c. data librarian d. database administration

Acctg 581C - Fall 2011 - Test 2 Chapters 7-10 - Que-A

Page 5 of 12
14 December 2011

____ 33. Which of the following is not one of COBIT's four broad IT control process domains? a. plan and organize b. acquire and implement c. repair and replace d. monitor and evaluate ____ 34. A warehouse clerk manually completing an order document and forwarding it to purchasing for approval is an example of: a. authorizing events b. executing events c. recording events d. safeguarding resources ____ 35. Specifications for availability, reliability, performance, capacity for growth, levels of user support, disaster recovery, security, minimal system functionality, and service charges are included in: a. application documentation b. service-level requirements c. business continuity plan d. security plan ____ 36. An employee of a warehouse is responsible for taking a computer-generated shipping list, pulling the items from the warehouse shelves and placing them on a cart which is transferred to shipping when the list is completely filled. This is an example of: a. authorizing events b. executing events c. recording events d. safeguarding resources ____ 37. An outside auditing firm annually supervises a physical count of the items in a retail store's shelf inventory. This is an example of: a. authorizing events b. executing events c. recording events

d. safeguarding resources ____ 38. When segregation of duties cannot be effectively implemented because the organization is too small, we may rely on a more intensive implementation of other control plans such as personnel control plans. This is called: a. collusion controls b. compensatory controls c. authorizing controls d. inventory controls

____ 39. Which of the following personnel security control plans is corrective in nature as opposed to being a preventive or detective control plan? a. rotation of duties b. fidelity bonding c. forced vacations d. performing scheduled evaluations ____ 40. A data replication strategy where all data changes are data stamped and saved to secondary systems as the changes are happening is called: a. mirror site b. electronic vaulting c. continuous data protection (CDP) d. Dumping ____ 41. Sending out an e-mail pretending to be a legitimate business asking for information about a person's account is called: a. dumpster diving b. phishing c. smoozing d. shoulder surfing ____ 42. The two primary steps in preparing the control matrix include:
Acctg 581C - Fall 2011 - Test 2 Chapters 7-10 - Que-A

Page 7 of 12
14 December 2011

a. specifying control goals, identifying recommended control plans b. specifying control plans, specifying input goals c. specifying the control environment, identifying information process goals d. specifying control procedures, identifying process goals ____ 43. The purpose of ____ control goals is to ensure that all resources used throughout the business process are being employed in the most productive manner. a. efficiency b. effectiveness c. security d. input ____ 44. In the control matrix, the rows represent: a. control goals of the operations process b. recommended control plans including both present and missing controls c. control goals of the information process d. control goals of the management process ____ 45. Which of the following is a control plan that controls the entry of data by defining the acceptable format of each data field? a. document design b. written approval c. preformatted screens d. online prompting ____ 46. Which of the following reflects a summarization of any numeric data field within the input document or record? a. reasonableness check or limit check b. document/record hash totals c. mathematical accuracy check d. check digit ____ 47. A control whose primary purpose is to ensure greater input accuracy is: a. written approvals

b. preformatted screens c. confirm input acceptance d. all of these ensure greater input accuracy ____ 48. A control in which two people key the same inputs into a system where they are compared is called: a. online prompting b. key verification c. computer matching procedures d. a redundancy check ____ 49. A sales representative enters the customer's account number and the system retrieves certain data about the customer from master data. This control plan addresses all of the control goals except: a. ensure efficient employment of resources b. ensure effectiveness of operations (timeliness) c. ensure input accuracy d. ensure update completeness ____ 50. Which batch control total generally has no other purpose than control? a. dollar totals b. record counts c. hash totals d. item counts ____ 51. The grouping of customers into categories based on key characteristics is called: a. itemization b. Identification c. segmentation d. sales-force automation ____ 52. Analytical applications, which include ____, are intended to allow the use of sophisticated statistical and other analytical software to help an organization's members develop insights about customers, processes, and markets.
Acctg 581C - Fall 2011 - Test 2 Chapters 7-10 - Que-A

Page 9 of 12
14 December 2011

a. data mining b. data entry c. e-commerce modules d. market segmentation models ____ 53. Assuming that we separate the shipping and billing processes, which of the following data stores would you expect to be updated by an OE/S process called execute shipping notice? a. accounts receivable master data b. sales order master data c. inventory master data d. both B and C ____ 54. The section of Sarbanes Oxley that establishes an independent board to oversee public company audits is: a. Title I Public Company Accounting Oversight Board b. Title II Auditor Independence c. Title III Corporate Responsibility d. Title IV Enhanced Financial Disclosures ____ 55. The section of Sarbanes Oxley that requires a company's CEO and CFO to certify quarterly and annual reports is: a. Title I Public Company Accounting Oversight Board b. Title II Auditor Independence c. Title III Corporate Responsibility d. Title IV Enhanced Financial Disclosures ____ 56. In a control matrix the coding P-1 means: a. process 1 b. process 1 is present c. process 1 is missing d. none of the above ____ 57. A written approval in the form of a signature or initials on a document indicating that a person has authorized the event is directed primarily at achieving the control goal of:

a. ensure input validity b. ensure input completeness c. ensure input accuracy d. ensure update accuracy ____ 58. At the time that the shipping notice is prepared and disseminated, two data stores within the OE/S process are normally updated. Those two data stores are the: a. customer master data and accounts receivable master data b. accounts receivable master data and sales order master data c. accounts receivable master data and marketing data d. sales order master data and inventory master data ____ 59. In constructing a control matrix for an OE/S process, the principal data input(s) to the information system likely would be: a. customer inquiries and customer order inputs b. customer inquiries and shipping notice inputs c. customer order and shipping notice inputs d. customer order only ____ 60. In the OE/S process, the document that represents an independent authorization to ship goods to the customer is the: a. bill of lading b. sales order c. customer acknowledgement d. shipping notice

Acctg 581C - Fall 2011 - Test 2 Chapters 7-10 - Que-A

Page 11 of 12
14 December 2011