All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
Search
Search
Sign In
Register
study help
business
auditing assurance services
Questions and Answers of
Auditing Assurance Services
Why are existence controls in the boundary subsystem often somewhat simpler than existence controls in other subsystems?
Which of the following is not a function of controls in the boundary subsystem?a. To restrict the actions taken by users of computer resources to a set of authorized actionsb. To validate the
The person who designs a cryptosystem is called a:a. Cryptographerb. Cryptanalystc. Cryptologistd. Cryptogenist
The type of cipher having the highest work factor is the:a. Substitution cipherb. Transposition cipherc. Product cipherd. Transcription cipher
Which of the following is not a desirable property of a cipher system?a. Simplicityb. Small keyc. Low error propagationd. Low work factor
The DES is an example of a:a. Short-key cipher systemb. Weak-algorithm cipher systemc. Long-key cipher systemd. Non-parity cipher system
A public-key cryptosystem uses:a. Two public keysb. A private key and a public keyc. Two private keys and a public keyd. Two public keys and a private key
The class of authentication information to which a password belongs is:a. Possessed objectsb. Personal informationc. Remembered informationd. Dialog information
Trojan-horse threats arise in the boundary subsystem when:a. Users do not change their passwords frequentlyb. It is difficult to guarantee the authenticity of object resources requested by usersc. A
The most complex action privileges relate to:a. Hardware resourcesb. Commodity resourcesc. Software resourcesd. Data resources
Which of the following statements about a mandatory access control policy is true?a. It is less likely to be used in a business-systems environment than a discretionary access control policyb. Users
If an access control mechanism is implemented in an open environment, it allows users to access a resource:a. Unless authorization information specifies users cannot access the resourceb. Only if
Which of the following statements applies to a capability-based approach to authorization?a. The mechanism associates with each resource a list of users who can access the resource together with the
Relative to the ticket-oriented approach to authorization, the primary advantage of the list-oriented approach to authorization is that:a. It allows efficient administration of capabilitiesb. It is
To be able to implement the principle of least privilege effectively, it is necessary to have:a. A ticket-oriented approach to authorizationb. Small protection domainsc. A list-oriented approach to
The primary advantage of a derived PIN is:a. It is easy to rememberb. It does not have to be stored so preserving privacy is easierc. Lost or forgotten PINs can be replaced without having to change
Which of the following methods of obtaining customer-selected PINs does not require the cryptographic generation of a reference number to initially associate the PIN with the customer's account
Which of the following methods of validating PINs seems to result in the fewest control problems?a. Allow only a small number of PIN entry attempts, close the account after the limit has been
If interchange PIN validation is used in an EFTS, a fundamental principle is:a. The PIN should always be validated by the card acquiring institutionb. The acquiring institution should encrypt the
Which of the following controls applies to PIN transmission?a. The cipher generated must be unique for each transmission of the PINb. The PIN must always be encrypted under the issuer's keyc.
When a PIN must be stored for reference purposes, it must be stored in:a. Cleartext form in case the PIN has to be reissued at some stage because the customer has forgotten their PINb. Ciphertext
To send a signed message to a receiver when a public-key cryptosystem is used, the sender encrypts the message under the:a. Sender's private keyb. Receiver's public keyc. Sender's public keyd.
An arbitrator is used in a digital signature system to prevent:a. The receiver disavowing that they received the messageb. The sender disavowing the message by making their private key public and
Which of the following situations is likely to lead to the most serious exposures in a digital signature system?a. Compromise of a receiver's private keyb. Compromise of a sender's private keyc.
Which of the following actions should not be undertaken when plastic debit/credit cards are issued?a. Mail the cards in an envelope that does not identify the name of the issuing institutionb. Make
The "best" control that can be exercised over card use by the customer is:a. High customer penalties if careless use leads to a fraud using the cardb. Education of the customer as to the importance
Which of the following events is not recorded on a public audit trail in a digital signature system?a. Registration of public keysb. Registration of signaturesc. Notification of key compromisesd.
You are the manager of the internal audit of a savings and loan association that has decided to install a bill payment by telephone system for its customers. The system will allow customers to
Global Airways is a major airline company based in Los Angeles. It has a computer system dedicated to reservations and ticketing operations. More than 1,000 terminals scattered throughout the United
First International Bankco of Illinois is a large Chicago-based bank. As the manager of internal audit, you are called one day to a meeting with the controller. He is concerned about the operation of
The following situation happened to a friend of mine.One weekend she was leaving to go to a beach resort with her husband. Because she was short of money, she asked her husband to stop at an
Monash Manufacturing Limited (MML) is a large, Melbourne-based manufacturer and retailer of pipes and pipe fittings. For some time it has had electronic-data-interchange (EDI) links with all its
From an audit perspective, why are controls over the input subsystem critical?
Briefly distinguish between direct entry of input data and medium-based entry of input data. Why must auditors understand the different types of methods used to input data into an application system?
What impact can the following source document design decisions have on the level of data integrity achieved in an application system?a. Choice of the medium to be usedb. Choice of the layout to be
From a control perspective, briefly explain the importance of each of the following source document design guidelines for layout and style:a. Arrange fields for ease of use during data captureb.
What is the primary factor affecting the design of data-entry screens? Explain why this factor is important. How, for example, does it affect the organization of a screen?
Briefly explain the design guidelines that apply to captions in terms of:a. Structure and sizeb. Type font and display intensityc. Formatd. Alignmente. Justificationf. Spacing
What techniques can be used to indicate the size of a field on a data-entry screen?
From a data integrity perspective, why is it desirable to have a data-entry operator always tab to a new field on a data-entry screen rather than having the cursor automatically skip to a new field
Briefly explain the advantages of using color in the design of data-entry screens. What design guidelines apply to:a. The number of colors that should be usedb. The spacing of colors on the visual
Distinguish between the response time and the display rate for a data-entry screen. How does the use of a dedicated source document in data-entry screen design affect the display rate and response
If data-entry screen design is based upon a dedicated source document, how useful is a Help facility likely to be?
What attributes of a data code affect the likelihood of a recording error being made by a user of the code? Briefly outline some strategies to reduce error rates that occur with data codes.
Distinguish between the following types of data coding errors:a. Truncation and transcriptionb. Transposition and double transposition
List the four types of data codes-serial, block sequence, hierarchical, and association-in increasing order of:a. Mnemonic valueb. Compactnessc. Flexibility for expansion
What is a check digit? Calculate the check digit for the number 82942 using the weights \(1-2-1-2-1\) and modulus 10 . Show, also, that the check digit you have calculated is correct.
Briefly describe three solutions to the problem of having a check digit result that is greater than one digit-that is, a check digit that is greater than 9 . Point out any disadvantages to the
Briefly discuss the distinction between a physical batch and a logical batch. Are there any differences between the controls that can be exercised over physical and logical batches?
Briefly explain the difference between the following types of batch control totals:a. Document countb. Hash totalc. Financial total
List four types of information typically placed on a batch cover sheet. Briefly explain the purpose of each piece of information you list for the overall control of the batch.
Without giving examples, briefly explain the nature of the following types of data input validation checks:a. Field checksb. Record checksc. Batch checksd. File checks
Distinguish between a range check and a reasonableness check. Why is a reasonableness check not a field-level check?
Why is the check for a valid sign on a numeric field not a field-level check?
Why is correcting errors based on cross-screen validation of input data sometimes difficult?
How might the timing of reporting input errors differ between a direct-entry screen and a screen based on a dedicated source document?
Give three design guidelines for reporting of data input errors.
Are novice users of an application system more likely to make errors entering instructions via a menu-driven language or a question-answer dialog? Briefly explain your answer.
Why does it seem better to use a command language with a small number of commands and a large number of arguments? How can errors in the specification of arguments then be reduced?
What is the major limitation of using a forms-based language as a means of entering instructions to an application system?
Briefly explain the limitations of natural-language interfaces to an application system with respect to:a. Ambiguity of commandsb. Establishing the lexiconc. Ambiguity in responsesd. Changes to the
What is meant by a direct manipulation interface? What is the major advantage of using a direct manipulation interface as a means of providing instruction input to an application system?
Briefly explain the nature of lexical validation of instruction input. How does the lexical analyzer handle:a. Identifiersb. Terminalsc. Literals
Briefly explain the nature of semantic validation during instruction input. What factors govern the quality of semantic validation during instruction input?
Give five items that might be captured on the accounting audit trail in relation to data input in the input subsystem.
Why is the operations audit trail for the input subsystem an important resource in improving the effectiveness and efficiency of an application system?
Existence controls for instruction input are often less critical than existence controls for data input. Briefly explain.
What is the primary role of quality assurance management as it operates within the information systems function?
Give three reasons why the QA function has emerged in organizations.
Why should QA personnel not undertake information systems development, implementation, operations, and maintenance work?
What is an information systems quality assurance project plan? Who should prepare the plan?
Briefly describe two problems that arise when preparing an information systems quality assurance project plan.
Why is it important to include quality metrics in an information systems quality assurance project plan?
Why would auditors be concerned about whether a charter has been established for the information systems QA function in an organization?
Why is it best to have QA personnel develop, promulgate, and maintain information systems standards rather than other stakeholders in the information systems function undertake these tasks?
Why is it best to strive for minimal specification of standards when preparing information systems standards?
Why do QA personnel need to monitor national and international information systems standards?
Why should QA personnel seek to avoid disputes over detail when monitoring compliance with the quality assurance plan prepared for a specific information systems project?
What actions should QA personnel take when they identify a compliance failure in terms of a project's quality assurance plan?
Relative to other stakeholders, why should QA personnel have primary responsibility for identifying where the information systems function can be improved?
Briefly explain the Japanese notion of Kaizen. Describe two principles on which Kaizen is based.
Why should QA personnel be notified routinely of errors or irregularities that occur in information systems?
Briefly describe two principles that should guide how QA personnel report to management.
Briefly distinguish between the general types of training and the specific types of training that QA personnel should provide to information systems personnel.
Why should QA training be based on personal development plans prepared for each information systems employee?
Why is QA training an important means of discernment for QA personnel in relation to QA standards and procedures?
Briefly describe where the QA function should be placed in the organizational hierarchy of the information systems function.
Outline the nature of the charter that should be prepared for the QA function.
Give two problems frequently encountered when seeking to staff the QA function.
Briefly describe two ways in which the existence of a QA function may change the work of both internal and external auditors.
Which of the following best describes the role of QA management with respect to the information systems function?a. Testing a system subsequent to its development to determine whether system
Which of the following is least likely to be a motivation to establish a QA role within the information systems function?a. A QA role will substantially decrease the costs of review work and testing
Which of the following is not a problem that undermines the establishment of quality goals for an information systems project?a. Quality can have different meanings for different stakeholders in the
A major way in which modern quality systems used to support the information systems function differ from traditional quality systems is:a. Modern quality systems focus on the production of
If possible, the quality goals for a specific information systems project should be formulated by:a. An internal audit teamb. QA personnelc. The project's quality control groupd. The project manager
The major reason why quality metrics need to be chosen for a specific information systems project is:a. To alleviate conflict between stakeholdersb. To clarify the basis on which QA personnel will
Which of the following is most unlikely to be a reason for having QA personnel responsible for formulating, promulgating, and maintaining standards for the information systems function?a. QA
Which of the following statements about national and international information systems standards is true?a. Widespread acceptance of national and international information systems standards can
Which of the following principles should guide the ways in which QA personnel monitor compliance with information systems standards?a. QA personnel should seek to understand the reasons for a
When a compliance failure occurs, QA personnel should:a. Notify external auditors because it may affect the audit planb. Consider appropriate corrective actions so they can make recommendations to
Showing 800 - 900
of 2558
First
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Last