New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
auditing assurance services
Information Systems Control And Audit 1st Edition Ron Weber - Solutions
Give three concerns that auditors should have in relation to the execution of batch report programs.
Outline some controls that could be instituted to prevent alteration of fields on a printer file produced as a result of spooling. What controls could be used to ensure a printer file is printed only once?
Give three purposes to controls over printing of batch reports.
What controls can be implemented to ensure that sensitive reports are printed only on a secure printer?
Give two purposes to controls over batch report collection. Briefly describe two controls that can be established to ensure these objectives are achieved.
Briefly describe the nature and purposes of user/client services review controls in relation to batch output.
Give three controls that can be implemented to ensure batch reports are distributed securely and promptly only to authorized users.
Give two purposes of user output review controls for batch reports.
Briefly describe the nature and purposes of output storage controls in relation to batch output.
How do obsolescence concerns affect the decision on how long batch output can be retained on a storage medium?
Give two control objectives that relate to destruction of batch output.
Why should each page in a batch report have a page heading and a page number? What is the purpose of printing an end-of-job marker on the last page of a batch report?
Why are source controls needed in relation to online output? Briefly describe the nature and purposes of four source controls that might be used over output that can be obtained via a Web browser program.
What are the nature and purposes of netiquette? Give four rules of netiquette.
Give two controls that might be used to ensure online output is received on a timely basis.
In electronic messaging systems, why do organizations need policies to govern forwarding, "carbon" copying, and "blind" copying of messages?
If online output is obtained via the Internet, how can asymmetric cryptography be used to gain assurance about the authenticity of the source of the output?
Give two controls that might be exercised to determine whether online output should be accepted.
Why do organizations need policies to govern the disposition of electronic mail that their employees may receive?
Give two exposures that an organization faces in relation to unauthorized removal of online output.
What is the nature of the accounting audit trail in the output subsystem? Give two ways in which the accounting audit trail might be used.
Give two uses of the operations audit trail in the output subsystem.
How are spool/printer files useful for backup and recovery purposes? From a backup and recovery viewpoint, what factors determine how long a spool file should be kept?
The ease with which backup and recovery of output can be accomplished depends upon whether the output shows status information or transaction information. Briefly explain.
With respect to statistical databases, inference controls seek to prevent:a. Unauthorized addition, modification, or deletion of a data itemb. Incorrect deductions by users based on the contents of the databasec. Privacy violations in relation to data about persons in the databased. Access to
Which of the following statements about trackers is false?a. They pad the original query so the restrictions on query set size can be circumventedb. Privacy violations obtained via trackers can be prevented by specifying both a minimum query set size and a maximum query set sizec. General trackers
Which of the following restriction controls merges cells that contain sensitive statistics?a. Rolling upb. Relative table size controlc. Partitioningd. Order control
Compared with restriction controls, perturbation controls:a. Allow fewer statistics to be calculated on the data contained in the databaseb. Eliminate biases or inconsistencies that arise as a result of implementing inference controlsc. Are not subject to averaging attacksd. Result in an
Which of the following statements about record-based perturbation controls is false?a. They calculate a statistic on the basis of a random sample of records that satisfy the queryb. They calculate a statistic after some type of error term has been added to the data in the records that satisfy the
Preprinted stationery causes special control problems because it:a. Can be used in an unauthorized way to embarrass the organizationb. Is usually handled by only a few people so the risk of collusion is higherc. Is easier to forge than negotiable instrumentsd. Undermines the usefulness of spooling
Which of the following is not an objective of batch report program execution controls?a. Only authorized persons should be able to execute batch report programsb. Batch report programs should be allowed to use preprinted stationery only if they are executed by operations staffc. The action
A control problem that arises with spooling software is that:a. Relative to normal reporting software it is easier to carry out unauthorized modifications to spooling softwareb. It is error prone because the software is highly complexc. It can be used to obtain an unauthorized copy of a reportd.
Which of the following is unlikely to be a control objective for batch report printing controls?a. To ensure that reports are printed on the correct printerb. To ensure that printed reports are collected promptly by authorized partiesc. To prevent unauthorized parties from scanning sensitive data
With respect to batch report output, which of the following is not a function that should be performed by a user/client services group?a. Scanning batch reports for obvious errors or omissionsb. Detection of missing print positions because a laser printer is low on tonerc. Detailed checking of
Which of the following controls is likely to be most cost-effective as a means of ensuring that a mail distribution organization dispatches printed invoices on a complete and timely basis?a. Control totals and a log should be kept and checked by both the organization that prints the invoices and
Which of the following statements about the user output review phase in the production and distribution of batch reports is most likely to be false?a. Users should not waste resources by performing quality checks on reports if the user/client services group also performs quality checksb. Users
Which of the following statements about the storage, retention, and destruction of batch output is most likely to be false?a. Legislation could specify both a maximum period of retention and a minimum period of retention for batch outputb. Output retained on magnetic media should be rewritten
On a batch report, the control information that prevents undetected removal of the last page of the report is the:a. Page numberb. End-of-job markerc. Security classificationd. Page title
Which of the following exposures in relation to online output production and distribution is least likely to be covered by source controls?a. Inappropriate use of information obtained from a bulletin boardb. Lack of authenticity in relation to files that can be accessed publicly via the Internetc.
Which of the following is not a rule of netiquette?a. When replying to a message, do not include the full contents of the message you have received in your reply.b. Avoid soliciting information from the users of a list server via questionnaires sent to the list server.c. When replying to a message
One objective of distribution controls in relation to online output is to:a. Prevent online messages from being routed first through an intermediaryb. Prevent inappropriate use of blind copies of messagesc. Obviate the need for users to acknowledge receipt of messagesd. Allow electronic messages to
Which of the following controls is likely to offer most protection over online output when it is transmitted through the Internet?a. Asymmetric cryptographyb. Message routing protocolsc. Symmetric cryptographyd. File compression algorithms
Which of the following exposures associated with online output is least likely to be covered by receipt controls?a. Acceptance of a letter bomb from an anonymous sourceb. Downloading of a program file containing a virusc. A user's failure to read a message because they are absent on vacationd.
Which of the following is least likely to be an exposure covered by disposition controls over online output?a. Forwarding of confidential e-mail to unauthorized partiesb. Unauthorized copying of online output to diskettes and removal of the diskettes off sitec. Failure to forward e-mail received in
Which of the following information is least likely to be stored in the accounting audit trail in relation to online output?a. The persons who received the online outputb. The resources consumed to produce the online outputc. The time at which the online output was receivedd. The contents of the
Which of the following factors makes the output recovery process easier?a. Lack of use of spooling or printer filesb. Transaction data to be recovered instead of status datac. In-place update rather than batch update is usedd. Avoidance of use of checkpoint facilities
You are an external auditor with the federal government audit office responsible for undertaking audits of all federal government departments. In this capacity you conduct audits not only to determine whether government agencies have expended public funds in accordance with government directives
Southern Cross Securities Limited (SCS) is a large Melbourne-based financial institution offering a wide ranging of financial services to investors. One of SCS's most popular services is portfolio management for people who have moderate to high levels of wealth. SCS's financial analysts have
Farm Equipment Supplies Limited (FESL) is a major manufacturer of equipment to support primary producers based in Cleveland, Ohio. To control its overall manufacturing costs, FESL uses a just-in-time inventory system in conjunction with a material requirements planning system. Although stockouts of
You are the vice-president of internal audit for Kids-Want-Em Ltd. (KWEL), a large, Atlanta-based manufacturer and distributor of high-quality children's toys and games. Your company prides itself on the scientific way in which it designs children's toys and games to foster their intellectual and
First South Australian State Bank recently has installed a new network for teller operations in its 500 branches throughout the state. Teller machines in each branch are connected to a branch controller. The controllers, in turn, are connected to the head-office machine. Although some processing
Briefly discuss the motivations for developing generalized software specifically for audit purposes. Even though generalized retrieval software already existed before audit software was developed, why did auditors prefer to develop their own software packages?
What is a generalized audit software package?
Without using the examples provided in the chapter, give two examples of how auditors might use each of the following functional capabilities of audit software:a. File reorganizationb. Statisticalc. Arithmeticd. Stratification and frequency analysis
Briefly explain the difference between a Boolean operator and a relational (conditional) operator used in a selection expression for generalized audit software. Be sure to explain their different purposes from an audit perspective.
What purposes might auditors seek to achieve in using generalized audit software to examine the quality of data maintained on an application system files?
Briefly explain the parallel simulation technique. What is the purpose of using parallel simulation? Outline some of the advantages and disadvantages of using this technique for audit purposes.
How can auditors use generalized audit software to examine the existence of entities that the data purports to represent?
How can auditors use generalized audit software to assist the conduct of analytical review?
Why does generalized audit software have only limited capabilities for verifying the processing logic within an application system and the propensity of the application system for error?
Give two reasons why auditors might wish to download data from another machine onto the machine on which their generalized audit software package resides.
Give two ways in which auditors might transfer data from a mainframe computer to a microcomputer so that they can use a microcomputerbased generalized audit software package to access and manipulate the data.
Briefly describe the major phases that must be managed during the development and implementation of a generalized audit software application.
Briefly describe the nature of industry-specific audit software. How does it differ from generalized audit software?
What are the relative advantages of industry-specific audit software versus generalized audit software?
Briefly explain the nature of a high-level programming language. How are high-level programming languages useful to auditors?
Briefly explain the nature of utility software. Give two locations where auditors might find utility software that could assist them.
Briefly describe two utilities that auditors can use to assist their evaluation of information system security and integrity.
How might auditors use the following utilities during the evidence-collection phase of an audit?a. Configuration utilityb. Pointer validation utilityc. Traced. Report generator
Give three ways in which utility software might be used to facilitate auditors' assessment of operational efficiency in an application system.
Give three major reasons why auditors might develop, maintain, and use expert systems.
How might an expert system assist auditors in the following tasks:a. Analyzing the inherent risk associated with an auditb. Evaluating the reliability of an internal control systemc. Planning an audit program.d. Evaluating the adequacy of doubtful debts provision
Briefly explain the nature of a neural network. What are its major components? How can neural networks assist auditors?
Briefly explain the nature of specialized audit software. Give three reasons why auditors might develop specialized audit software.
Why is it important that auditors maintain careful control over any software they use during the conduct of an audit? If the software they use is controlled by other parties, give two ways in which auditors might attempt to determine whether the software has been modified since they last used it.
Barrel Roll Ltd. is a major Perth-based manufacturer of equipment and clothing for water sports-for example, bodyboards, surfboards, water skis, bikinis, wetsuits, and T-shirts. It sells its products throughout Australia, New Zealand, and Southeast Asia.You are an information systems auditor in the
You are the manager of internal audit in a large, centralized manufacturing company that is currently using a relational database management system to support the company database. The company has used this system successfully for many years as a foundation for all its major application systems.
As the manager of internal audit for Streaker Products, a manufacturer of running shoes and related athletic goods, you are called one day to a meeting with the controller, the information systems manager, and the accounts branch manager. The information systems manager is furious. He explains that
Pieces and Parts, Ltd. is a diversified manufacturing company with five large manufacturing plants located in upstate New York. To date, the company has maintained a centralized information systems facility at its biggest plant. All plants have had online access to this facility.In the hope that
You are an internal auditor participating in the design phase of a new online accounts receivable system. Customer accounts will be updated automatically with data captured using point-of-sale devices. The customer service depart ment will have terminals to create new accounts, debit customer
The Convict Savings Bank is a large bank based in Sydney with branches scattered throughout Australia. The bank uses an online real-time update system for its customer accounts system. The branches are connected via a telecommunications network to a centralized database in the head office. The bank
Briefly describe the functions of the database subsystem.
Distinguish between the following discretionary access control policies that are exercised in the database subsystem:a. Name-dependent access controlb. Content-dependent access controlc. Context-dependent access controld. History-dependent access control
How can views be used to enforce access controls in the database subsystem?
Briefly explain how mandatory access controls can be enforced in the database subsystem.
For each of the following constructs in the entity-relationship model, give one integrity constraint that might be exercised:a. Entityb. Relationshipc. Attribute
What is meant by referential integrity within (a) the relational data model, and (b) the object data model?
Why should application programs that update monetary data items in the database maintain a suspense account?
Why should application programs that use standing data print control totals to allow users to determine whether any changes have been made to standing data?
Briefly describe the data integrity problems that can be caused by concurrent update processes. Why might a read-only process want to exclude a concurrent update process?
How can lockout lead to deadlock? What problems can arise if preemption is used to break deadlock without rolling back the preempted processes?
Briefly describe the nature of two-phase locking. If two-phase locking is used to prevent a deadlock situation, what properties must the transactions have if two-phase locking is to be successful?
Briefly describe a strategy that can be used to implement concurrency controls in a distributed database subsystem when the database isa. Replicatedb. Partitioned
Why is block encryption more likely to be used than stream encryption in the database subsystem?
What problems arise when cryptography is used as a control in a shared database environment? How can these problems be overcome, at least to some extent, using a hierarchy of cryptographic keys?
Briefly describe the nature of file handling controls. What control objectives are accomplished using \(a(n)\) :a. Internal file labelb. Retention datec. File protection ringd. External file label
Distinguish between the implosion and the explosion purposes of an accounting audit trail for the database subsystem. Use an accounts payable system to illustrate your answer.
Briefly explain why a change to the database definition might present difficulties for a user who wants to access data contained in the accounting audit trail that extends over a long period of time.
How might a database administrator use the operations audit trail maintained for the database subsystem?
Distinguish between a rollforward and a rollback recovery operation. For each type of operation, give one example of a failure that would lead to the operation being undertaken.
Showing 600 - 700
of 2689
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Last
Step by Step Answers
Get 50% OFF
Claim Now
