Information Technology Auditing Final
Test Solutions
Course Introduction
Information Technology Auditing explores the principles, methodologies, and practices involved in evaluating and ensuring the integrity, security, and reliability of information systems within organizations. The course covers audit planning, risk assessment, internal controls, regulatory compliance, and standards such as COBIT, ISO, and NIST. Students learn to identify vulnerabilities, assess controls, and recommend improvements to safeguard digital assets and support effective IT governance, leveraging real-world case studies to develop practical audit skills and an understanding of contemporary challenges in the rapidly evolving IT landscape.
Recommended Textbook
Accounting Information Systems 14th Edition by Marshall B. Romney
Available Study Resources on Quizplus
22 Chapters
2238 Verified Questions
2238 Flashcards
Source URL: https://quizplus.com/study-set/3303
Page 2
Chapter 1: Conceptual Foundations of Accounting Information Systems
Available Study Resources on Quizplus for this Chatper
115 Verified Questions
115 Flashcards
Source URL: https://quizplus.com/quiz/65544
Sample Questions
Q1) Data must be converted into information to be considered useful and meaningful for decision making.There are seven characteristics that make information both useful and meaningful.If the information is free from error or bias,it is representative of the characteristic of A)reliability.
B)relevance.
C)verifiability.
D)truthful.
Answer: A
Q2) What is a key decision that needs to be made with regards to paying vendors for goods and services?
A)which credit cards to accept
B)which employees to hire
C)which vendors to pay
D)how much capital to acquire
Answer: C
Q3) Define an accounting information system.
Answer: An AIS is a system that collects,records,stores,and processes data to produce information for decision makers.
Page 3
To view all questions and flashcards with answers, click on the resource link above.
Chapter 2: Overview of Transaction Processing and Enterprise Resource Planning Systems
Available Study Resources on Quizplus for this Chatper
107 Verified Questions
107 Flashcards
Source URL: https://quizplus.com/quiz/65533
Sample Questions
Q1) Which of the following is an example of an ERP system?
A)Alexis uses a computerized information system to keep track of all the financial data generated by her bakery.She is considering opening a new bakery on the east side of town.
B)Betty has a system that keeps track of the accounts payable and receivable for her plumbing business.At the end of the year,the system helps her to prepare her taxes in just two hours.
C)Charlie keeps records of all his business records in a shoe box.Each week he enters all of the data into spreadsheets that automatically generate purchase orders,based on predetermined inventory reorder points.Production quotas for the coming week are also automatically generated based on customer orders.
D)Doug is a freelance photographer.He keeps records of all expenses and revenues on his cell phone and then e-mails them to himself every month.The files are stored on his personal computer and backed up to CD quarterly.
Answer: C
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Systems Documentation Techniques
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/65529
Sample Questions
Q1) A flowchart that depicts the relationships among the input,processing,and output of an AIS is
A)an internal control flowchart.
B)a document flowchart.
C)a system flowchart.
D)a program flowchart.
Answer: C
Q2) A Business Process Diagram (BPD)provides the reader an easily understood ________ of what takes place in a business process.
A)narrative
B)decision flow
C)pictorial view
D)data flow
Answer: C
Q3) More than one arrow is needed between symbols on a DFD if
A)data elements always flow together.
B)data elements flow at different times.
C)data elements flow to different locations.
D)there is no guideline on use of single or multiple arrows.
Answer: B
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Relational Databases
Available Study Resources on Quizplus for this Chatper
113 Verified Questions
113 Flashcards
Source URL: https://quizplus.com/quiz/65528
Sample Questions
Q1) Which of the statements below is incorrect?
A)Semantic data modeling facilitates the efficient design of databases.
B)Semantic data modeling facilitates communicating with the intended users of the system.
C)Semantic data modeling allows a database designer to use knowledge about business processes to design the database.
D)Semantic data modeling follows the rules of normalization in the design of a database.
Q2) Using the database depicted above,how many foreign keys are in the database?
A)0
B)3
C)4
D)5
Q3) Which would not generally be considered a data dictionary output report?
A)a list of cash balances in the organization's bank accounts
B)a list of all programs in which a data element is used
C)a list of all synonyms for the data elements in a particular file
D)a list of all data elements used by a particular user
Q4) List the four DBMS "languages" and describe who uses each and for what purpose.
Q5) What are the two ways to query a database using Microsoft Access?
Page 6
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Computer Fraud
Available Study Resources on Quizplus for this Chatper
83 Verified Questions
83 Flashcards
Source URL: https://quizplus.com/quiz/65527
Sample Questions
Q1) Why do many computer fraud cases go unreported and unprosecuted?
A)Many companies believe the adverse publicity would result in copycat fraud and a loss of customer confidence,which could cost more than the fraud itself.
B)It is difficult to calculate total losses when information is stolen,websites are defaced,and viruses shut down entire computer systems.
C)Because of lack of funding and skilled staff,law enforcement investigates only 1 in 15 computer crimes.
D)All of the above
Q2) Discuss the reasons for the rapid increase of computer fraud.
Q3) One fraudulent scheme covers up a theft by creating cash through the transfer of money between banks.This is known as A)lapping.
B)misappropriation of assets. C)kiting.
D)concealment.
Q4) Describe at least four ways a company can make fraud less likely to occur.
Q5) What characteristics must be presented for an act to be considered fraudulent? Give an example to support your answer.
To view all questions and flashcards with answers, click on the resource link above.
Page 7
Chapter 6: Computer Fraud and Abuse Techniques
Available Study Resources on Quizplus for this Chatper
96 Verified Questions
96 Flashcards
Source URL: https://quizplus.com/quiz/65526
Sample Questions
Q1) Tapping into a communications line and then entering the system by accompanying a legitimate user without their knowledge is called
A)superzapping.
B)tabnapping.
C)pretexting.
D)piggybacking.
Q2) Law enforcement uses key logging software,a form of malware,to detect crime.
A)True
B)False
Q3) A set of unauthorized computer instructions in an otherwise properly functioning program is known as a A)logic bomb.
B)spyware.
C)trap door.
D)Trojan horse.
Q4) Acting under false pretenses to gain confidential information is called A)superzapping.
B)tabnapping.
C)pretexting.
D)piggybacking.
Page 8
To view all questions and flashcards with answers, click on the resource link above.
Chapter 7: Control and Accounting Information Systems
Available Study Resources on Quizplus for this Chatper
132 Verified Questions
132 Flashcards
Source URL: https://quizplus.com/quiz/65525
Sample Questions
Q1) In a system with effective separation of duties,it is difficult for any single employee to embezzle successfully.
A)True
B)False
Q2) Describe the reasons organizations have not adequately protected data.
Q3) The organization chart for Renata Corporation includes a controller and an information processing manager,both of whom report to the vice president of finance.Which of the following would be a control weakness?
A)Assigning the programming and operating of the computer system to an independent control group which reports to the controller
B)Providing for maintenance of input data controls by an independent control group which reports to the controller
C)Periodically rotating assignment of application processing among machine operators,who all report to the information processing manager
D)Providing for review and distribution of system-generated reports by an independent control group which reports to the controller
Q4) Describe what is an event using the COSO definition and provide an example.
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Controls for Information Security
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/65524
Sample Questions
Q1) This network access control determines which IP packets are allowed entry to a network and which are dropped.
A)access control list
B)deep packet inspection
C)stateful packet filtering
D)static packet filtering
Q2) Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?
A)Training.
B)Controlling physical access.
C)Controlling remote access.
D)Host and application hardening.
Q3) Many corrective controls rely on human judgment.
A)True
B)False
Q4) Cloud computing can potentially generate significant cost savings for an organization.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Confidentiality and Privacy Controls
Available Study Resources on Quizplus for this Chatper
61 Verified Questions
61 Flashcards
Source URL: https://quizplus.com/quiz/65523
Sample Questions
Q1) If an organization asks you to disclose your date of birth and your address,but fails to establish any procedures for responding to customer complaints,the organization has likely violated which of the Generally Accepted Privacy Principles?
A)Collection.
B)Access.
C)Security.
D)Monitoring and enforcement.
Q2) A laptop computer belonging to the Novak group was stolen from the trunk of a sales manager's car while she was attending a conference.After reporting the theft,the manager considered the implications for the company's network security and concluded there was little to worry about because
A)the computer was insured against theft.
B)the computer was protected by a password.
C)the data stored on the computer was encrypted.
D)it was unlikely that the thief would know how to access the company data stored on the computer.
Q3) CAN-SPAM provides both criminal and civil penalties for violations of the law.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above.
Page 11
Chapter 10: Processing Integrity and Availability Controls
Available Study Resources on Quizplus for this Chatper
95 Verified Questions
95 Flashcards
Source URL: https://quizplus.com/quiz/65543
Sample Questions
Q1) Reconciliation procedures is an example of
A)a data entry control.
B)a data transmission control.
C)an output control.
D)a processing control.
Q2) A ________ determines if all required data items have been entered.
A)completeness check
B)field check
C)limit check
D)range check
Q3) A ________ determines whether the input data are of the proper type.
A)limit check
B)size check
C)range check
D)field check
Q4) Cancellation and storage of documents means
A)documents are defaced and stored.
B)documents are defaced before being shredded.
C)cancellation data are copied from documents before they are stored.
D)data are copied from a document and stored before it is being shredded.
Page 12
To view all questions and flashcards with answers, click on the resource link above.
Chapter 11: Auditing Computer-Based Information Systems
Available Study Resources on Quizplus for this Chatper
116 Verified Questions
116 Flashcards
Source URL: https://quizplus.com/quiz/65542
Sample Questions
Q1) Assessing the quality of internal controls,the reliability of information,and operating performance are all part of
A)audit planning.
B)collection of audit evidence.
C)communication of audit results.
D)evaluation of audit evidence.
Q2) a)What is test data processing? b)How is it done? c)What are the sources that an auditor can use to generate test data?
Q3) What type of data does CAATS use to produce an auditing program?
A)Archived data.
B)Backup data.
C)Live data.
D)A copy of live data.
Q4) Describe the concept of materiality and provide an example.
Q5) Increasing the effectiveness of auditing software will
A)reduce detection risk.
B)reduce control risk.
C)increase detection risk.
D)increase control risk.
Q6) Name and describe the different types of audits.
Page 13
To view all questions and flashcards with answers, click on the resource link above.
Chapter 12: The Revenue Cycle: Sales to Cash Collections
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/65541
Sample Questions
Q1) Which of the following is not a threat to the revenue cycle sales order entry process?
A)incomplete orders
B)invalid orders
C)cash flow problems
D)uncollectible accounts
Q2) Regularly reviewing an accounts receivable aging report can help management do what?
A)spot firms who are falling behind in their payments
B)identify customers who have not purchased anything lately
C)improve the speed which customers make payments
D)determine whether the firm's pricing policy is effective
Q3) A way to incorporate the advantages of Electronic Data Interchange with the Electronic Funds Transfer is
A)Financial Electronic Data Interchange.
B)e-commerce.
C)to use procurement cards.
D)an electronic lockbox.
Q4) Describe cycle billing and identify how an organization might benefit by using cycle billing.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: The Expenditure Cycle: Purchasing to Cash
Disbursements
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/65540
Sample Questions
Q1) Once a vendor is selected for a product,the vendor's identity is recorded in the A)purchase requisition transaction file.
B)purchase requisition master file.
C)inventory transaction file.
D)inventory master file.
Q2) A JIT inventory system would be especially useful for a company that manufactures A)toys associated with new movie releases.
B)toothpaste.
C)alarm clocks.
D)motor oil.
Q3) Describe the function of an imprest fund.
Q4) The ________ specifies the point at which inventory is needed.
A)company inventory policies
B)reorder point
C)economic order quantity
D)stockout point
Q5) How can information technology be used to improve the vendor invoice approval process?
Q6) Discuss the differences between EOQ,MRP,and JIT.
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: The Production Cycle
Available Study Resources on Quizplus for this Chatper
95 Verified Questions
95 Flashcards
Source URL: https://quizplus.com/quiz/65539
Sample Questions
Q1) Detailed data about reasons for warranty and repair costs is considered an applicable control used to mitigate the threat of
A)underproduction.
B)overproduction.
C)poor product design.
D)suboptimal investment of fixed assets.
Q2) Discuss the criticisms of traditional cost accounting methods.
Q3) What is the primary drawback to using a volume-driven base,such as direct labor or machine hours,to apply overhead to products in a traditional cost accounting system?
A)The cost accountant may not fully understand how to track direct labor or machine hours.
B)It is difficult for an AIS to incorporate such a measurement into its system.
C)It is difficult for an ERP to incorporate such a measurement into its integrated system.
D)Many overhead costs are incorrectly allocated to products since they do not vary with production volume.
Q4) Explain what CIM means and its benefits.
Q5) Discuss the role the accountant can play in the production cycle.
To view all questions and flashcards with answers, click on the resource link above.
Page 16
Chapter 15: The Human Resources Management and Payroll Cycle
Available Study Resources on Quizplus for this Chatper
86 Verified Questions
86 Flashcards
Source URL: https://quizplus.com/quiz/65538
Sample Questions
Q1) For recording time spent on specific work projects,manufacturing companies usually use a
A)job time ticket.
B)time card.
C)time clock.
D)labor time card.
Q2) What is the difference between a payroll service bureau and a professional employer organization?
Q3) Which of the following control can reduce the distribution of fraudulent paychecks?
A)Have internal audit investigate unclaimed paychecks.
B)Allow department managers to investigate unclaimed paychecks.
C)Immediately mark "void" across all unclaimed paychecks.
D)Match up all paychecks with time cards.
Q4) Which of the following documents would be likely to yield the greatest cost saving by converting from paper to electronic?
A)Payroll register.
B)Employee's earnings statement.
C)Deduction register.
D)Time card.
17
To view all questions and flashcards with answers, click on the resource link above.
Chapter 16: General Ledger and Reporting System
Available Study Resources on Quizplus for this Chatper
83 Verified Questions
83 Flashcards
Source URL: https://quizplus.com/quiz/65537
Sample Questions
Q1) At a minimum,a switch to IFRS from GAAP will affect companies' accounting information system by
A)requiring companies to increase the processing power of their existing accounting information systems.
B)requiring IT departments to hire programmers that are fluent in languages besides English.
C)requiring the creation of additional fields in research and development (R&D)records to capture information about the stage of research and development that costs are incurred in.
D)requiring firms to completely redesign their existing accounting information systems because current systems are not compatible with IFRS accounting principles.
Q2) Which type of graph is the most commonly used to display trends in financial data?
A)Pie chart.
B)Scatterplot chart.
C)Bar chart.
D)Stochastic chart.
Q3) Explain the purpose of a journal voucher file.
Q4) Discuss the value and role of budgets as managerial reports.
To view all questions and flashcards with answers, click on the resource link above.
18
Chapter 17: Database Design Using the Rea Data Model
Available Study Resources on Quizplus for this Chatper
90 Verified Questions
90 Flashcards
Source URL: https://quizplus.com/quiz/65536
Sample Questions
Q1) Which is a true statement about the REA data model?
A)The REA data model classifies entities into three distinct categories.
B)The term REA is an acronym that stands for resources,entities,and agents.
C)Using an REA data model is not helpful when creating an R-E diagram.
D)The term REA is an acronym that stands for resources,entities,and activities.
Q2) ________ includes carefully monitoring system performance and user satisfaction to determine the
Need for making system enhancements and modifications.
A)Operation and maintenance
B)Conceptual design
C)Physical design
D)Implementation and conversion
Q3) A graphical depiction of a database's contents showing the various entities being modeled and the important relationships among them is called a(n)
A)REA diagram.
B)data diagram.
C)ERP diagram.
D)ER diagram.
Q4) Explain how an AIS system can be viewed as a set of "give-to-get" exchanges.
To view all questions and flashcards with answers, click on the resource link above. Page 19
Chapter 18: Implementing an Rea Model in a Relational Database
Available Study Resources on Quizplus for this Chatper
98 Verified Questions
98 Flashcards
Source URL: https://quizplus.com/quiz/65535
Sample Questions
Q1) Which of the following elements found in a traditional AIS system are not represented as entities in an REA relational database,but rather must be retrieved through the use of queries?
A)accounts receivable
B)the general ledger
C)accounts payable
D)all of the above
Q2) From the choices below,identify the attribute below that would make the best primary key.
A)Product number.
B)Date of first purchase.
C)Postal code.
D)Customer telephone number.
Q3) When combining two REA diagrams by merging common entities,changes in the cardinality of the merged entity is needed when it is a(n)
A)agent.
B)event.
C)relationship.
D)resource.
Page 20
To view all questions and flashcards with answers, click on the resource link above.
Chapter 19: Special Topics in Rea Modeling
Available Study Resources on Quizplus for this Chatper
98 Verified Questions
98 Flashcards
Source URL: https://quizplus.com/quiz/65534
Sample Questions
Q1) In an REA diagram for the HR/Payroll cycle,the ________ relationship between Skills and Recruiting reflects the fact that one specific advertisement may list several specific skills and,over time,there may be several advertisements for one specific skill.
A)1:1
B)1:N
C)M:N
D)1:M
Q2) When modeling the issuance of debt,the maximum cardinality from Disburse Cash to Issue Debt is 1 because
A)interest is usually only paid at the maturity date.
B)one check is written for the total interest due.
C)The Issue Debt event is not related to Disburse Cash event;cash is received,not given.
D)The minimum cardinality would be 1,but the maximum cardinality should be N.
Q3) Financial Institution number is most likely to be a foreign key in A)Cash.
B)Disburse Cash.
C)Receive Inventory.
D)Warehouse.
To view all questions and flashcards with answers, click on the resource link above.
Chapter 20: Introduction to Systems Development and Systems Analysis
Available Study Resources on Quizplus for this Chatper
124 Verified Questions
124 Flashcards
Source URL: https://quizplus.com/quiz/65532
Sample Questions
Q1) Dysfunctional employee behavior in response to implementation of a new computerized information system is likely to be the result of A)poor human resource policies.
B)lack of communication and training.
C)weak system controls.
D)inadequate compensation policies.
Q2) A prototype
A)is expensive to create and is therefore only created once user needs are well-defined. B)is making an internal and external review of the system to be analyzed,noting that users may not use the existing AIS as intended.
C)is typically created during the physical design phase of systems development.
D)can be used to help users identify and communicate their system needs.
Q3) What report serves as a repository of data from which systems designers can draw information?
A)The executive steering committee report.
B)The initial investigation report.
C)The systems analysis report.
D)The systems survey report.
To view all questions and flashcards with answers, click on the resource link above. Page 22
Chapter 21: Ais Development Strategies
Available Study Resources on Quizplus for this Chatper
117 Verified Questions
117 Flashcards
Source URL: https://quizplus.com/quiz/65531
Sample Questions
Q1) Firms should consider preparing a software prototype if the application
A)will be used for a critical function like inventory management.
B)automates a structured task.
C)can be produced using outside developers.
D)inputs and outputs are not clearly defined.
Q2) A Deloitte & Touche survey found that most chief information officers do not expect to replace their current systems with commercially available packages.
A)True
B)False
Q3) If recent trends in end-user computing (EUC)persist,EUC will represent ________ of all information processing by the end of 2020.
A)15% - 24%
B)20% - 49%
C)50% - 74%
D)75% or more
Q4) Describe computer-aided software (or systems)engineering (CASE)and identify the advantages and disadvantages of CASE?
Q5) Describe the conditions that favor the use of prototyping.
To view all questions and flashcards with answers, click on the resource link above. Page 23
Chapter 22: Systems Design, implementation, and Operation
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/65530
Sample Questions
Q1) What is used as the basis for management to make a "go/no go" decision regarding whether to proceed from the physical design phase to the implementation and conversion phase of the systems development life cycle?
A)Conceptual system design report.
B)Physical systems design report.
C)Systems design report.
D)Implementation planning design report.
Q2) What output design considerations should be analyzed as part of the physical system design phase?
Q3) Which of the following is a consideration during file and database design?
A)Form size.
B)Format.
C)Medium.
D)Organization.
Q4) What are the factors that an organization needs to investigate during its postimplementation review?
Q5) Describe the different methods of testing a system.
To view all questions and flashcards with answers, click on the resource link above. Page 24
Q6) Describe the different types of documentation that should be prepared for a new system.