New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
accounting information systems
Accounting Information Systems 14th Global Edition Marshall B. Romney, Paul John Steinbart - Solutions
ABC bank wants to strengthen the security of its online bill-pay features. Therefore, it decides that in addition to a password, users must also correctly identify a picture that they have previously chosen to be one of their authentication credentials. This is an example of a process referred to
What are the differences between high-performing organizations and medium- and low-performing organizations in terms of normal operating performance? Detection of security breaches? Percentage of budget devoted to IT?
The system employs a compatibility test to decide whether to let a particular employee update records in a particular file. The compatibility test is a part of the aspect of access control referred to as .a. authenticationb. authorizationc. accountability
Explain how the following items individually and collectively affect the overall level of security provided by using a password as an authentication credential.a. Lengthb. Complexity requirements (which types of characters are required to be used: numbers, alphabetic, case-sensitivity of
a. Use the following facts to assess the time-based model of security for the ABC Company; how well does the existing system protect ABC? Assume that the best-, average-, and worst-case estimates are independent for each component of the model.• Estimated time that existing controls will protect
Which of the following combinations of credentials is an example of multifactor authentication?a. voice recognition and a fingerprint readerb. a PIN and an ATM cardc. a password and a user IDd. all of the above
Describe what a man-trap is. Explain how it contributes to information security.
Identify three ways users can be authenticated, and give an example of each.
Explain the value of penetration testing.
Security awareness training is necessary to teach employees “safe computing” practices. The key to effectiveness, however, is that it changes employee behavior. How can organizations maximize the effectiveness of their security awareness training programs?
Describe the function of a computer incident response team (CIRT) and the steps that a CIRT should perform following a security incident.
The following table lists the actions that various employees are permitted to perform:EMPLOYEE PERMITTED ACTIONS Able Check customer account balances Check inventory availability Baker Change customer credit limits Charley Update inventory records for sales and purchases Denise Add new customers
Which controls were used by almost all high-performing organizations, but were not used by any low- or medium-performers?
Describe the nature, scope, and objectives of audit work, and identify the major steps in the audit process.
Gerber and E. R. Feldman, “Is Your Business Prepared for the Worst?” Journal of Accountancy(April 2002): 61–64.
Which of the following approaches to the issue of availability produces the smallest RTO and RPO?a. Hot siteb. Cold sitec. Real-time mirroringd. All of the above result in the same RTO and RPO
Which of the following disaster recovery options is most appropriate when the values for both RTO and RPO are 2 days or longer?a. Hot siteb. Cold sitec. Real-time mirroring 7 Which measure is primarily designed to determine the frequency of making backups?a. RPOb. RTO
An organization leases a building that is prewired for both telephone and Internet access.It installs 30 servers and 25 desktop machines, to be used as a test environment. However, in the event that disaster destroys the company’s data center, the test environment can be converted for use as a
Fault tolerance procedures/devices/controls contribute to achieving the system reliability objective referred to as .a. confidentialityb. privacyc. processing integrityd. availabilitye. security
Which of the following statements is true?a. If a company needs to keep a copy of tax-related data about the costs of its manufacturing facility indefinitely, it should archive that information.b. Archives should be encrypted, but backups should not be encrypted.c. The way to recover after a hard
A company makes full backups every Friday night and partial backups on Mondays, Tuesdays, Wednesdays, and Thursdays. Which of the following is true?a. On Wednesday, it would take less time to do an incremental backup than a differential backup, but it would take more time to restore the system from
A tsunami destroys an organization’s headquarters, primary data center, and its main warehouse. Which of the following documents would contain instructions on how to respond to that problem?a. DRPb. BCP
The ABC Company runs two shifts, from 8:00 am to midnight. Backups and system maintenance are performed between midnight and 8:00 am. For each of the following scenarios, determine whether the company’s current backup procedures enable it to meet its recovery objectives, and explain why:a.
McCarthy, “The Best-Laid Plans,” Journal of Accountancy (May 2004): 46–54.
Myers, “Katrina’s Harsh Lessons,” Journal of Accountancy (June 2006): 54–63.
Phelan and M. Hayes, “Before the Deluge—and After,” Journal of Accountancy (April 2003):57–66.
The final section of the article asks you to examine the formulas to see if they are correct. Did you find any logic errors? Explain.
The final paragraph of the section “Other ErrorChecking Tips” asks whether there remain any other cells that have values amid a column of formulas. Did you find any?
Write a data validation rule that would prevent the kind of error that exists in cell U53, so that you do not have to rely on manually identifying such an error and manually correcting it.
In the section “Other Error-Checking Tips,” the article points out that the formula for dropping the lowest score ignores blanks. Instead of doing the nonpermanent solution described in the article, create a permanent solution that will successfully handle any future missing quizzes or
When you used the “Error Checking” tool, which cells did Excel find? For which of those cells did Excel suggest the correct solution? For which cells did you decide to ignore Excel’s error message?Why?
Explain the nature of the circular reference in the original formula in cell AB6.
Which cells are affected by the error in cell AL4?
How do you know when the “Trace Precedents”rule has located the cell that contains the source of a chain of errors?
Drew and K. Tysiac, “Preparing for Disaster,” Journal of Accountancy (May 2013): 26–31.
Excel Problem Create data validation rules in a spreadsheet to perform each of the following controls:a. Limit check—that values in the cell are less than 70b. Range check—that values in the cell are between 15 and 65c. Sign check—that values in the cell are positived. Field check—that
MonsterMed Inc. (MMI) is an online pharmaceutical firm. MMI has a small systems staff that designs and writes MMI’s customized software. The data center is installed in the basement of its two-story headquarters building. The data center is equipped with fire suppression equipment and an
Define and contrast between a recovery point objective and a recovery time objective.
What is the name of the basic option for replacing IT infrastructure that is in an empty building, prewired for necessary telephone and Internet access, and a contract with one or more vendors to provide all necessary equipment within a specified period of time?a. a hot siteb. a cold sitec. a
Which of the following is an example of the kind of batch total called a hash total?a. the sum of the purchase amount field in a set of purchase ordersb. the sum of the purchase order number field in a set of purchase ordersc. the number of completed documents in a set of purchase ordersd. all of
A transposition error occurs when numbers of two adjacent columns are inadvertently exchanged (for example, 64 is written instead of 46). This error can be mitigated witha. input controls.b. processing controls.c. output controls.
Which stage of a process involves pre-numbering all source documents to preserve the processing integrity?a. inputb. processingc. output
Identify and explain controls designed to ensure systems availability by minimizing the risk of system downtime and enabling efficient recovery and resumption of operations.
Identify and explain the input, processing, and output controls designed to ensure processing integrity.
What is the relationship between GAPP principles 9 and 10?
Discuss how cloud computing could both positively and negatively affect system availability.
Excel Problem Enter the data below into a spreadsheet, and then perform the following tasks:EMPLOYEE NUMBER PAY RATE HOURS WORKED GROSS PAY DEDUCTIONS NET PAY 12355 10.55 38 400.90 125.00 275.90 2178g 11.00 40 440.00 395.00 45.00 24456 95.00 90 8,550.00 145.00 8,405.00 34567 10.00 40 400.00 105.00
Excel Problem The Moose Wings Cooperative Flight Club owns a number of airplanes and gliders.It serves fewer than 2,000 members, who are numbered sequentially from the founder, Tom Eagle (0001), to the newest member, Jacques Noveau (1368). Members rent the flying machines by the hour, and all must
An application control that compares the amount of an employee’s raise to that employee’s existing salary is called a(n) .a. limit checkb. range testc. reasonableness testd. check digit verificatione. size check
A data entry application control that is designed to ensure that the total debits in a journal entry equal the total credits is called a .a. sign checkb. hash totalc. reasonableness checkd. zero-balance checke. financial total
Which input control is designed to prevent a buffer overflow attack?a. Size checkb. Reasonableness testc. Range checkd. Field check
Testing whether or not all employees are being paid at least the minimum wage would be an example of a(n) .a. reasonableness testb. sign checkc. check digit verificationd. limit check
Which type of batch total would detect the fact that three time cards got lost during processing, which meant that three employees did not receive a paycheck?a. Financial totalb. Record countc. Hash totald. None of the three would detect the probleme. All of the three choices would detect the
A sales representative mistakenly entered 382469 instead of 328469 in the customer number field. Which type of control would be most effective in preventing this type of problem?a. Turnaround documentb. Reasonableness testc. Promptingd. Range checke. Check digit verification
Which control would most likely be applied to ensure accuracy of the data entered in the quantity sold field in a sales transaction?a. sign checkb. sequence checkc. zero-balance testd. validity checke. check digit verification
An employee who is paid a salary of $50,000 submitted a request to withhold $50 per paycheck in voluntary deductions to a 401(K) plan. The next weekly paycheck was for a net amount of $50. The employee was furious. Which of the following controls would be most effective in detecting this problem
The first column in Table 10-3 lists transaction amounts that have been summed to obtain a batch total. Assume that all data in the first column are correct. Cases A through D each contain an input error in one record, along with a batch total computed from that set of records.TABLE 10-3 Data for
What does GAPP principle 8 state concerning the use of encryption?
To what extent can and should products be customized to individual customers’ needs and desires?
The third objective in an IS audit is ensuring proper program modification. Select all of the following controls that would be effective in minimizing the program modification threats faced by an information system.a. User authorization of source data inputb. Use of turnaround documentsc. List
The second objective in an IS audit is ensuring proper program development and acquisition. Select all of the following controls that would be effective in minimizing the program development and acquisition threats faced by an information system.a. Management authorization for program development
The first objective in an IS audit is ensuring the overall security of the system. Select all of the following controls that would be effective in minimizing the overall security threats faced by an information system.a. Proper use of internal and external file labelsb. Information
A four-part, risk-based audit approach provides a framework for conducting information system audits. Performing a systems review is done in which of the four parts?a. Determine the threats (accidental or intentional abuse and damage) to which the system is exposed.b. Identify the control
With respect to evaluating audit evidence, which of the following statements is false?a. The auditor evaluates the evidence gathered and decides whether it supports a favorable or unfavorable conclusion.b. Auditors focus on detecting and reporting errors that significantly impact management’s
With respect to audit planning, which of the following statements is false?a. It determines why, how, when, and by whom the audit will be performed.b. Among the final steps in audit planning is establishing the audit’s scope and objectives.c. Except for the smallest audits, an audit team with the
Which of the following should have the primary responsibility to detect and correct data processing errors? Explain why that function should have primary responsibility and why the others should not.a. The data processing managerb. The computer operatorc. The corporate controllerd. The independent
You are auditing the financial statements of a cosmetics distributor that sells thousands of individual items. The distributor keeps its inventory in its distribution center and in two public warehouses. At the end of each business day, it updates its inventory file, whose records contain the
The fixed-asset master file at Thermo-Bond includes the following data items:Asset number Date of retirement (99/99/2099 for assets still in service)Description Depreciation method code Type code Depreciation rate Location code Useful life (years)Date of acquisition Accumulated depreciation at
The fourth objective in an IS audit is ensuring accurate computer processing. Select all of the following controls that would be effective in minimizing the computer processing threats faced by an information system.a. Check digit verificationb. Complete program change documentation, including
The fifth objective in an IS audit is ensuring accurate source data. Select all of the following controls that would be effective in minimizing the threats to source data in an information system.a. Effective handling of source data input by data control personnelb. Logging the receipt, movement,
According to GAPP principle 7, what should organizations do if they wish to share personal information they collect with a third party?
How could AOE improve its cash collection procedures?
How can AOE improve its monitoring of credit accounts? How would any changes in credit policy affect both sales and uncollectible accounts?
How could AOE identify its most profitable customers and markets?
How could AOE improve customer service? What information does marketing need to perform its tasks better?
Explain the cash collections process, key decisions that need to be made and threats to that process, and describe the controls that can be used to mitigate those threats.
Explain the billing process, key decisions that need to be made and threats to that process, and describe the controls that can be used to mitigate those threats.
Explain the shipping process, key decisions that need to be made and threats to that process, and describe the controls that can be used to mitigate those threats.
Explain the sales order entry process, key decisions that need to be made and threats to that process, and describe the controls that can be used to mitigate those threats.
Describe the basic business activities in the revenue cycle and discuss the general threats to that process and the controls that can be used to mitigate those threats.
Melinda Robinson, the director of internal auditing at Sachem Manufacturing Company, believes the company should purchase software to assist in the financial and procedural audits her department conducts. Robinson is considering the following software packages:• A GAS package to assist in basic
Robinson’s Plastic Pipe Corporation uses a data processing system for inventory. The input to this system is shown in Table 11-7. You are using an input controls matrix to help audit the source data controls.REQUIRED Prepare an input controls matrix using the format and input controls shown in
The focus of an operational audit is on which of the following?a. reliability and integrity of financial informationb. all aspects of information systems managementc. internal controlsd. safeguarding assets
Reperformance of calculations is part of the collection of evidence process.a. Trueb. False
Auditing is the systematic process of obtaining and evaluating evidence regarding assertions about economic actions and events in order to determine how well they correspond to the established criteria. Developing knowledge of business operations is regarded as a part of which of the following
What can be done to find the error in the program?
Is this an inadvertent error, or could it be a fraud?
How could a programming error of this significance be overlooked by experienced programmers who thoroughly reviewed and tested the new system?
Describe the nature and scope of an operational audit.
Describe computer audit software, and explain how it is used in the audit of an AIS.
Auditing an AIS effectively requires that an auditor have some knowledge of computers and their accounting applications. However, it may not be feasible for every auditor to be a computer expert. Discuss the extent to which auditors should possess computer expertise in order to be effective
How is a financial audit different from an information systems audit?
The application controls of a company you are auditing are indicated to be good by their senior internal auditor. You have serious doubts about this because of the audit process. The test data approach consisted of obtaining a copy of the accounting data file from the computer operations manager
You are involved in the audit of accounts receivable, which represent a significant portion of the assets of a large retail corporation. Your audit plan requires the use of the computer, but you encounter the following reactions:a. The computer operations manager says the company’s computer is
As an internal auditor, you have been assigned to evaluate the controls and operation of a computer payroll system. To test the computer systems and programs, you submit independently created test transactions with regular data in a normal production run.REQUIRED List four advantages and two
You are the director of internal auditing at a university. Recently, you met with Issa Arnita, the manager of administrative data processing, and expressed the desire to establish a more effective interface between the two departments. Issa wants your help with a new computerized accounts payable
What is test data processing? Explain how it is done, and list the sources that an auditor can use to generate test data.
When performing an information systems audit, auditors must review and evaluate the program development process. What errors or fraud could occur during the program development process? Briefly describe the tests that can be used to detect unauthorized program modifications.
Lou Goble, an internal auditor for a large manufacturing enterprise, received an anonymous note from an assembly-line operator who has worked at the company’s West Coast factory for the past 15 years. The note indicated that there are some fictitious employees on the payroll as well as some
The mayor of Groningen in the Netherlands has been accused of using government funding for private lessons in Spanish. He took this course because he wanted to find a new job in Spain. This has become the focal point of a lot of debate: is this embezzlement or not? In this case, a local government
Showing 900 - 1000
of 5294
First
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Last
Step by Step Answers
Get 50% OFF
Claim Now
