Chapter 1 (new version) MULTIPLE CHOICE 1. A set of two or more interrelated components that interact to achieve a goal is: a) A system b) An accounting information system c) Data d) Mandatory information 2. This results when a subsystem achieves its goals while contributing to the organization's overall goal. a) Goal conflict b) Goal congruence c) Value of information d) Systems congruence 3. Goal conflict may result when a) A decision or action of a subsystem is inconsistent with the system as a whole. b) A subsystem achieves its goals while contributing to the organization's overall goal. c) Duplicate recording, storage and processes are eliminated. d) The data exceeds the amount the human mind can absorb and process. 4. Facts that are collected, recorded, stored and processed by an information system a) Information b) Data c) Systems d) Mandatory information 5. Information is a) What happens when the data exceeds the amount the human mind can absorb. b) The benefit produced by the information minus the cost of producing it. c) Facts that are collected, recorded, stored, and processed by an information system. d) Data that have been organized and processed to provide meaning to a user. 6. Data are a) facts entered, stored, and processed by an information system. b) processed output that is useful to decision makers. c) another word for information. d) quantitative facts that are not qualitative by nature. 7. Which of the following statements below shows the contrast between data and information? a) Data is the output of an AIS. b) Information is the primary output of an AIS. c) Data is more useful in decision-making than information. d) Data and information are the same. 8. Information is a) basically the same as data. b) raw facts about transactions. c) potentially useful facts when processed in a timely manner. d) data that has been organized and processed so that it's meaningful. 9. Humans can absorb and process only so much information. Information __________ occurs when those limits are passed. a) overload b) excess c) anxiety d) discretion 10. The value of information can best be defined as a) how useful it is to decision makers. b) the benefits produced by possessing and using the information minus the cost of producing it. c) how relevant it is. d) the extent to which it maximizes the value chain. 11. The benefit produced by the information minus the cost of producing it. a) Goal congruence b) Information c) Information overload d) Value of information 12. An accounting information system (AIS) processes __________ to provide users with __________. a) data; information b) data; transactions c) information; data d) data; benefits 13. How many components are found in an AIS? a) three b) four c) five d) six 14. An accounting information system in part consists of a) b) c) d) People, hardware and programs. Information, programs and computers. People, procedures, data, software and information technology infrastructure. Internal controls and accounting records. 15. Information that reduces uncertainty, improves decision makers' ability to make predictions, or confirms or corrects their prior expectations, is said to be a) Complete b) Relevant c) Reliable d) Timely 16. Information that is free from error or bias and accurately represents the events or activities of the organization is a) Relevant b) Reliable c) Verifiable d) Timely 17. Information that does not omit important aspects of the underlying events or activities that it measures is a) Complete b) Accessible c) Relevant d) Timely 18. When two knowledgeable people acting independently each produce the same information, this information is said to be a) Complete b) Relevant c) Reliable d) Verifiable 19. Data must be converted into information to be considered useful and meaningful for decision-making. There are six characteristics that make information both useful and meaningful. If information is free from error or bias and accurately represents the events or activities of the organization, it is representative of the characteristic of a) Relevancy b) Timeliness. c) Understandability d) Reliability 20. The primary consideration when producing this type of information is that its benefits exceeds its costs. a) Discretionary information b) Essential information c) Mandatory information d) Value of information 21. An AIS is a system of six interrelated components that interact to achieve a goal. One of these components, which includes both manual and automated activities that involve collecting, processing, and storing data, is known as a) Information or data b) Procedures and instructions c) Software d) Information technology infrastructure 22. An accounting information system must be able to perform which of the following tasks? a) collect transaction data b) process transaction data c) provide adequate controls d) all of the above 23. Which of the following is not an example of a common activity in an AIS? a) buy and pay for goods and services b) sell goods and services and collect cash c) summarize and report results to interested parties d) recording of sales calls for marketing purposes 24. Which of the following is not one of the components of an AIS? a) Internal controls and security measures b) People c) Procedures and instructions d) Software and hardware 25. An AIS must be able to fulfill three important functions in any organization. One such function is the collecting and storing of data about activities performed by the organization. One group that relies on both the adequate collection and transformation of data for decision-making purposes for an organization is a) management. b) interested outsiders. c) competitors. d) the government. 26. The primary objective of accounting is to a) implement strong internal controls. b) provide useful information to decision makers. c) prepare financial statements. d) ensure the profitability of an organization. 27. The Financial Accounting Standards Board (FASB), in its Statement of Financial Accounting Concepts No. 2, has defined accounting as a) an information identification, development, measurement, and communication process. b) a way to provide adequate controls to safeguard an organization's assets. c) being an information system. d) a way to collect and transform data into useful information. 28. Which activity below would not be considered to be a "top" accountant work activity? a) process improvement b) input into future product marketing initiatives c) long-term strategic planning d) computer systems and operations 29. The American Institute of Certified Public Accountants (AICPA) has recognized the importance of AIS and the major impact information technology has on the area of accounting. To recognize individual CPAs who have met educational and experiential requirements in this area, the group formally created the designation known as a) the Certified Management Accountant. b) the Certified Information Technology Professional. c) the Certified Internal Auditor. d) the Certified Data Processing Professional. 30. An analysis conducted by the Institute of Management Accountants shows that the most important activities performed by corporate accountants relate to a) customer and product profitability. b) internal consulting. c) process improvement. d) accounting systems and financial reporting. 31. The primary focus of an AIS course, as opposed to other IS courses, is on a) application of information technology. b) use of accounting software. c) understanding how information technology can be used to improve AIS processes. d) preparation of financial statements. 32. The AIS must include controls to ensure a) safety and availability of data. b) marketing initiatives match corporate goals. c) information produced from data is accurate. d) both A and C 33. A change in the AIS that makes information more easily accessible and widely available within an organization is most likely to first influence the a) organizational culture. b) customer base. c) external financial statement users. d) production activity. 34. The process of creating value for customers is the result of nine activities (five primary and four support) that taken together form a a) value chain. b) profitable operation. c) successful business. d) support system. 35. The value chain concept is composed of two types of activities known as a) primary and support. b) primary and secondary. c) support and value. d) technology and support. 36. Which of the following is a primary activity in the value chain? a) infrastructure b) technology c) purchasing d) marketing and sales 37. In value chain analysis, what is the activity of arranging the delivery of products to customers called? a) outbound logistics b) inbound logistics c) shipping d) delivery 38. An AIS provides value by a) improving products or services through information that increases quality and reduces costs. b) providing timely and reliable information to decision makers. c) creating new products. d) both A and B 39. In Chapter 1, Figure 1-2 shows the factors that influence the design of AIS. The diagram shows a bi-directional arrow between the organizational culture and the AIS. The reason for this two-way interchange between organizational culture and AIS is a) that the AIS should not influence the values of the organizational culture. b) because the organization's culture influences the AIS, and likewise the AIS influences the organization's culture by controlling the flow of information within the organization. c) due to the transfer of managers between the two corporate elements. d) the AIS impacts the organization's key strategies. 40. The objective of the majority of organizations is to provide value to their customers. The activities that support such an objective can be conceptualized as forming a value chain. Within this value chain, logistics plays an important role. Logistics is both inbound and outbound in nature. An example of inbound logistics would consist of a) the activities that transform inputs into final products or services. b) the activities that help customers to buy the organization's products or services. c) the activities that provide post-sale support to customers. d) the activities that consist of receiving, storing, and distributing the materials used as inputs by the organization to create goods and/or services it sells. 41. A good example of how an AIS is used to share knowledge within an organization is a) the use of an expert system to help staff identify the relevant experts who can help with a particular client. b) the use of laptop computers to access a network for messaging worldwide. c) the monitoring of production equipment to watch for defects. d) the use of point-of-sale data to determine hot-selling items. 42. Within the value chain conceptual framework, organizations also perform a number of other support activities that enable the five primary value chain activities to be performed efficiently and effectively. One such support activity is research and development. This activity can be identified as a a) firm infrastructure activity. b) human resources activity. c) technology activity. d) purchasing activity. 43. Within the value chain conceptual framework, AIS is shown as a support activity. The AIS is of value to an organization when it provides accurate and timely information to help support the five primary value chain activities. When the AIS provides information in a timely and accurate manner, it stands as an example of a) improved decision making. b) improving the quality and reducing the costs of products or services. c) improving efficiency. d) All of the above 44. A decision situation that is non-routine and for which no established framework exists for making the decision is called a(n) __________ decision. a) structured b) semistructured c) unstructured d) strategic 45. A decision that is repetitive, routine and well understood is a) structured b) semistructured c) unstructured d) strategic 46. Which of the following is an example of a strategic planning decision? a) setting financial and accounting policies b) conducting a performance evaluation c) budgeting d) developing human resource practices 47. Decisions about the effective and efficient execution of specific tasks are concerned with a) operational control. b) management control. c) strategic planning. d) tactical planning. 48. Budgeting and human resource practices are examples of a) operational control b) management control c) strategic planning d) tactical planning 49. Accounting information plays major roles in managerial decision making by a) identifying situations requiring management action. b) reducing uncertainty. c) providing a basis for choosing among alternative actions. d) all of the above 50. Business activities that pertain to product pricing, discount and credit terms, and identifying the most and least profitable items are part of the __________ activity in the organization's value chain. a) service b) marketing and sales c) operations d) inbound logistics 51. A principal focus of AIS is to assist with the decision-making function of an organization. The degree of support AIS can provide depends on the type of decision being made. Decisions are categorized in terms of the degree of existing structure or the effect of their scope. From the items below, select the description that is an example of a semi-structured decision. a) selecting basic research projects to undertake b) setting a marketing budget for a new product c) extending credit to an established customer d) hiring a senior manager 52. Regarding decision scope, which statement below is true? a) Operational control is concerned with the effective and efficient use of resources for accomplishing organizational objectives. b) Management control is concerned with the effective and efficient performance of specific tasks. c) Strategic planning is concerned with establishing organizational objectives and policies for accomplishing those objectives. d) There is no real correlation between a manager's level in an organization and his or her decision-making responsibilities. 53. A well-designed AIS can improve the decision-making function within the organization. Which statement below would describe a limitation, rather than a benefit, of an efficient AIS? a) An AIS reduces uncertainty, and therefore accounting information can provide a basis for choosing among alternative courses of action. b) An AIS identifies situations requiring management action. c) An AIS provides to its users an abundance of information without any filtering or condensing of such information. d) An AIS provides information about the results of previous decisions which provides decision makers with feedback that can be used in future decision making. 54. A strategic position is important to the success and growth of any organization. Harvard professor Michael Porter has identified three basic strategic positions. Which statement below is false regarding these basic strategic positions? a) The three basic strategic positions are mutually exclusive of each other. b) Part of a needs-based strategic position is to identify a target market. c) An access-based strategic position involves serving a subset of customers who differ from other customers in terms of geographic location or size. d) A variety-based strategic position involves producing or providing a subset of the industry's products or services. 55. A strategic position is important to the success and growth of any organization. Harvard professor Michael Porter has identified two basic business strategies. Which statement below is false regarding these basic strategies? a) A product differentiation strategy entails adding features or services not provided by competitors to a product so customers can be charged a premium price. b) A low-cost strategy entails striving to be the most efficient producer of a product or service. c) Sometimes a company can succeed in both producing a better product and achieving low costs. d) The two basic strategic positions are mutually exclusive. 56. According to Michael Porter, to be successful in the long run, a company must a) deliver greater value to customers and/or create comparable value at a lower cost. b) maximize profits. c) maximize shareholder value. d) both B and C 57. A variety-based strategic position involves a) trying to serve most or all of the needs of a particular group of customers. b) serving a subset of customers who differ from other customers. c) providing a subset of the industry's products or services. d) serving all needs of all customers. 58. A needs-based strategic position involves a) trying to serve most or all of the needs of a particular group of customers. b) serving a subset of customers who differ from other customers. c) providing a subset of the industry's products or services. d) serving all needs of all customers. 59. An access-based strategic position involves a) trying to serve most or all of the needs of a particular group of customers. b) serving a subset of customers who differ from other customers. c) providing a subset of the industry's products or services. d) serving all needs of all customers. 60. The Internet has changed the way many processes are performed in business today. The Internet has had a material effect on the five primary characteristics in the value chain and on the strategy adopted by businesses that incorporate use of the Web into their business systems. Which statement below is true regarding the Internet relative to a strategic position that a business may adopt? a) Use of the Internet has reduced the power of buyers. b) The Internet has increased the barriers to entry in many industries. c) Use of the Internet reduces pressure to compete on price. d) The most important effect of the development of the Internet in business is the increased importance of adopting a viable business strategy. SHORT ANSWER 61. Define the concept of a system. 62. Define data, information, and how the value of information is determined. 63. Define an accounting information system. 64. Identify the components of an accounting information system. 65. What is the CITP designation and why is it important to AIS? 66. Differentiate between an AIS course and other accounting courses. 67. Harvard professor Michael Porter contends that for a company to be successful in the long run it "must deliver greater value to customers or create comparable value at a lower cost, or do both" and suggests three strategic positions. Describe these strategic positions. How do these strategic positions relate to financial and managerial accounting information given? 68. What is the purpose behind the five primary activities in the value chain? 69. Name the primary activities of a firm's value chain. 70. How can an AIS add value to the organization? 71. How can a well-designed AIS improve the efficiency and effectiveness of a company's value chain? ESSAY 72. Discuss the concept of a system and the issues of goal conflict and goal congruence. 73. Discuss the seven characteristics of useful information. 74. Explain what an AIS is, describe the basic tasks it performs in an organization, and give some examples of the types of accounting transactions it processes. 75. Discuss the steps in the supply chain. 76. How can an AIS become part of the firm's value chain and add value to the business? 77. How can the value of the information produced by an accounting information system be determined? What would a measurement and verification expert think about quantification and verification of such information? ANSWER KEY 1. A 2. B 3. A 4. B 5. D 6. A 7. B 8. D 9. A 10. B 11. D 12. A 13. D 14. C 15. B 16. B 17. A 18. D 19. D 20. A 21. B 22. D 23. D 24. D 25. A 26. B 27. C 28. B 29. B 30. D 31. C 32. D 33. A 34. A 35. A 36. D 37. A 38. D 39. B 40. D 41. A 42. C 43. D 44. C 45. A 46. A 47. A 48. B 49. D 50. B 51. B 52. C 53. C 54. A 55. D 56. A 57. C 58. A 59. B 60. D 61. A system is a set of two or more components that are somehow interrelated and interact together to achieve a specific goal. 62. Data: facts that are collected, entered, recorded, stored, and processed by an AIS. Information: data that has been organized and processed and is meaningful to its users. Such information is relevant, timely, reliable, verifiable, complete, and understandable. Information is of value when the benefits received from using or acting upon it outweighs the cost to produce the information. 63. An AIS is a system that collects, records, stores, and processes data to produce information for decision makers. An AIS is a valuable tool when integrated with the strategic planning initiatives of an organization. 64. A well-designed AIS consists of people, procedures and instructions, data, software, information technology infrastructure, and internal controls and security measures. 65. The CITP designation stands for "Certified Information Technology Professional." It is awarded to CPAs who have demonstrated a broad range of knowledge and skill sets in the areas of accounting and information systems and technology. The AICPA (American Institute of CPAs) has acknowledged the importance and close relationship that accounting and information systems share in creating this specialty designation for accounting information system professionals. 66. Other accounting courses assume the preparation or reporting of accounting information is for external or internal users. However, the AIS course focuses on the flow of accounting information in the organization from a systems perspective. The AIS course traces the origin, processing, storing, and ultimate disposal of information. An AIS course also focuses on business processes, organization structure, information systems, and corporate planning and goals. 67. The three strategic positions described are: a) a variety-based strategic position that involves producing or providing a subset of the industry's products or services; b) a needs-based strategic position that involves trying to serve most or all of the needs of a particular group of customers; and c) an access-based strategic position that involves serving a subset of customers who differ from other customers in terms of factors such as geographic location or size which create different requirements for serving those customers. AIS that has been properly designed can support an organization in attaining and maintaining a strategic position. Such an information system can be a valuable asset in helping the organization to maintain a competitive position in the marketplace. 68. The goal of the five primary activities in the value chain is to facilitate the business in providing value to its customers. The five primary activities allow the business to create, market, and deliver its products and services to its customers, as well as providing postsale support. 69. Inbound logistics, operations, outbound logistics, marketing and sales, and service. 70. An AIS can increase the efficiency and effectiveness of the value chain by improving the quality and lowering costs of products or services, improving efficiency of operations, improving decision making, enhancing the sharing of knowledge, improving the efficiency and effectiveness of its supply chain and improving the internal control structure. 71. The AIS can be designed to allow customers direct access to a company's inventory and sales order entry systems. This allows the customer to do more of the work that traditionally has been done by sales, marketing, and administration personnel. This allows for faster ordering, and cuts the company’s labor costs. It may also have the effect of allowing the customer more control in a purchase transaction that may bring more satisfaction and value to the customer. 72. A system is a set of two or more components that are somehow interrelated and interact together to achieve a specific goal. A system usually consists of smaller components called subsystems. These subsystems have specific and defined functions, which interact with and support the larger system. The concept of systems is key to information technology and AIS. All systems, including the AIS, must work to achieve one or more organizational goals. Goal conflict results when a decision or action of a subsystem is inconsistent with another subsystem or the system (organization) as a whole. Goal congruence results when a subsystem achieves its goals while contributing to the organization's overall goal. Subsystems should maximize organizational goals. 73. The seven characteristics of useful information are: relevant, reliable, complete, timely, understandable, verifiable and accessible. These characteristics are qualities that information should possess to be useful in a business environment. Briefly stated, in order for information to be useful it must be: 1) relevant, meaning that it reduces uncertainty and adds to the decision-making process; 2) reliable information is information that is free from error, and is accurate in its nature; 3) complete information is information that does not omit any important data, facts, or aspects about events or activities; 4) information is timely when it is fully available to enable the decision-making process to proceed; 5) understandable information must be both in an intelligible and useful format; 6) information is considered verifiable if two people, acting independently of each other, produce the same information or the same results. Information is accessible if it is available to users when they need it and in a format they can use. 74. An AIS consists of six components: people, procedures, instructions, data, software, and information technology infrastructure and internal controls and security measures. The AIS performs three major functions: 1) it collects and stores data about activities and transactions so that the organization's management, employees, and interested outsiders can review what has happened; 2) the AIS processes data (that is, facts that have been collected and stored) into information that is useful for making decisions, and is of value to the organization; and 3) the AIS provides adequate controls designed to safeguard the organization's assets, including its data and information. Common examples of accounting transactions that an AIS helps to process and track are the sales of products to customers, cash collections, cash payments, and the recording and payment of the employees' payroll. 75. The supply chain shows how an organization interacts with suppliers, distributors, and customers to provide value in the products it sells. The supply chain depicts the creation and sale of a product-the chain is somewhat different when a service is involved. The supply chain has five components: raw materials; manufacturer; distributor; retailer; and the consumer. Raw materials come from any number of suppliers, which in turn become part of a manufacturing process, which produces a product. The business then provides the product to distributors, who in turn sell the product to retail businesses. The product is ultimately purchased and used by consumers (who may be individuals or businesses). It is important to realize that AIS can greatly impact the traditional supply chain by creating a more efficient and timely environment in which a business can operate. More efficient operations are more effective, which in turn lowers costs, and add greater value and create improved customer satisfaction. 76. The AIS can add value by: helping to improve products and services an organization offers for sale; increasing the quality of products and services; creating greater efficiency by reducing costs and saving time; and improving the overall efficiency of the organization. Decision making is enhanced by the better availability of timely, complete, reliable, verifiable, and relevant information. A firm can enjoy a competitive advantage with better customer ordering, billing, and customer service made possible by an improved AIS. The AIS can also enhance overall communication and use of knowledge in a business by making the knowledge readily available to interested parties. 77. A well-designed AIS improves the efficiency and effectiveness of the value chain by improving the quality and lowering the overall cost of products or services, improving efficiency of operations, improving decision making, and enhancing the sharing of knowledge. These are the benefits of possessing and using information. Drawbacks to possessing and using such information are the costs of obtaining and maintaining such information. These costs include investments in people, processes, and computing and networking hardware and software on an ongoing basis. Costs of the information are quantifiable to some extent. However, some of the benefits of using the information involve numerous estimates and assumptions. As such, the quantification of the benefits of utilizing such information depends on the accuracy of the assumptions. Chapter 2 (new version) MULTIPLE CHOICE 1. An agreement between two entities to exchange goods or services or any other event that can be measured in economic terms by an organization is a) give-get exchange b) transaction c) revenue d) processing cycle 2. Groups of related business activities such as the acquisition of merchandise and payment of vendors are called a) transaction cycles. b) economic cycles. c) business events. d) transactions. 3. The transaction cycles approach leads to efficient processing of large number of transactions because a) transaction cycles are easier to computerize. b) a large number of transactions within a given cycle can be categorized into a relatively small number of distinct types. c) the transaction cycle approach represents the natural order of business. d) transaction cycles are easy to understand. 4. The basic "give and take" functions of a business have been grouped into transaction cycles. The cycle that includes the events of hiring employees and paying them is known as the a) revenue cycle. b) expenditure cycle. c) human resources cycle. d) financing cycle. 5. What is the major difference between the revenue and the expenditure cycle? a) The revenue cycle includes marketing activities; the expenditure cycle does not. b) In the revenue cycle, cash is received; in the expenditure cycle cash is paid out. c) The expenditure cycle includes paying employees. d) The revenue cycle includes the activity of obtaining funds from investors. 6. The business owners obtain financing from outside investors, which results in an inflow of cash into the company. This transaction is considered to be part of which cycle? a) the revenue cycle b) the payroll cycle c) the production cycle d) the financing cycle 7. Which of the following is not a transaction cycle? a) revenue b) expenditure c) human resources d) general ledger and reporting 8. All transaction cycles feed information directly into the a) financial statements. b) governmental reports. c) general ledger and reporting system. d) financing operations. 9. Transaction cycles can be summarized on a high level as "give-get" transactions. An example of "give-get" in the expenditure cycle would be a) give cash, get cash. b) give cash, get goods. c) give cash, get labor. d) give goods, get cash. 10. Transaction cycles can be summarized on a high level as "give-get" transactions. An example of "give-get" in the revenue cycle would be a) give cash, get goods. b) give goods, get cash. c) give cash, get labor. d) give cash, get cash. 11. The transaction cycles relate to one another and interface with this to generate information for both management and external parties. a) general ledger and reporting system b) accounting information systems c) computer processor d) human resources cycle 12. Many modern accounting software packages offer separate transaction cycle modules. What is the reason for this? a) Every organization does not need to implement all of the available transaction cycle modules. b) Most businesses do not need the revenue cycle module as part of their AIS. c) The nature of a given transaction cycle is the same irrespective of the type of organization. d) A properly designed AIS does not use the concept of separate business transaction cycles to process transactions. 13. Which of the following statements is false? a) Retail stores do not have a production cycle. b) Financial institutions have installment-loan cycles. c) A service company does not have an inventory system. d) Every organization should implement every transaction cycle module. 14. The operations performed on data to generate meaningful and relevant information are referred to as a) general ledger and reporting system b) accounting information system c) financial reporting d) data processing cycle 15. One of the steps in the data processing cycle is data input. What is the catalyst for data input into a system? a) The production transaction system automatically checks each hour to see if any new data is available for input and processing. b) The performance of some business activity generally serves as the trigger for data input. c) A general ledger program is queried to produce a trial balance at the end of an accounting period. d) Data is only input when an authorized party permits the input to occur. 16. A typical source document could be a) in some paper form. b) a computer data entry screen. c) a notepad entry. d) both A and B 17. Which step below is not considered to be part of the data processing cycle? a) data input b) feedback from external sources c) data storage d) data processing 18. Data must be collected about three facets of each business activity. What are they? a) the business activity, the resources it affects, the people who participate b) the business activity, the transactions it creates, the impact on the financial statements c) the inputs, outputs and processes used d) who is involved, what was sold, how much was paid 19. Certain documents or forms are generated and/or processed with each transaction cycle. The issuing of a purchase order is part of which transaction cycle? a) the revenue cycle b) the production cycle c) the human resources cycle d) the expenditure cycle 20. Certain documents or forms are generated and/or processed with each transaction cycle. The collection of job time tickets or time sheets is part of which transaction cycle? a) the revenue cycle b) the production cycle c) the human resources cycle d) the expenditure cycle 21. Common source documents for the revenue cycle include all of the following except a) sales order. b) receiving report. c) delivery ticket. d) credit memo. 22. Which of the following documents would be found in the expenditure cycle? a) delivery ticket b) time card c) journal voucher d) purchase order 23. Businesses usually use some type of documents in the data input step of the data processing cycle. Documents that are sent to customers or suppliers and then sent back to the organization in the course of a business transaction are known as a) turnaround documents. b) source documents. c) source data automation. d) rubber or bounce-back documents. 24. What is a primary example of source data automation? a) a utility bill b) POS (point-of-sale) scanners in retail stores c) a bill of lading d) a subsidiary ledger 25. Pre-numbering of source documents helps to verify that a) all transactions have been recorded since the numerical sequence serves as a control. b) no inventory has been misplaced. c) documents have been used in order. d) all cash has been collected. 26. Source documents generally help to improve accuracy in transaction processing because a) they specify which information to collect due to their structure. b) standard information is preprinted on the document. c) they provide directions and steps for completing the form. d) All of the above are correct. 27. When the sum of all entries in the subsidiary ledger equals the amount in the corresponding general ledger account, it is assumed that (select all that apply) a) the recording and posting processes are accurate. b) all of the transaction cycles have been completed. c) since the ledgers are in balance, adjusting entries are not required. d) no errors exist in the subsidiary ledger and corresponding general ledger account. 28. The general ledger account that corresponds to a subsidiary ledger account is known as a a) dependent account. b) attribute account. c) entity account. d) control account. 29. The systematic assignment of numbers or letters to items to classify and organize them is known as a) coding b) chart of accounts c) data input d) pre-numbered documents 30. Pre-numbered checks, invoices and purchase orders are examples of a) sequence codes b) block codes c) group codes d) hierarchical codes 31. A chart of accounts is an example of (select all that apply) a) sequence codes b) block codes c) group codes d) hierarchical codes 32. Inventory items are often codes with these a) sequence codes b) block codes c) group codes d) hierarchical codes 33. A listing of general ledger accounts by account number is called the a) chart of accounts. b) listing of accounts. c) trial balance. d) subsidiary accounts. 34. Regarding codes, which of the following is false? a) The code should be consistent with its intended use. b) Codes should allow for growth in the number of items to be coded. c) Coding systems should be as simple as possible. d) Coding systems need not be consistent across divisions of an organization. 35. To be effective, the chart of accounts must a) be as concise as possible. b) contain only five account categories. c) limit account codes to 10 digits or less. d) contain sufficient detail to meet the information needs of the specific organization's AIS. 36. The chart of accounts for a manufacturing corporation would include a) retained earnings. b) common stock. c) raw materials inventory. d) all of the above 37. The chart of accounts of a corporate retail bookstore would probably include a) work-in-process inventory. b) a drawing account. c) retained earnings. d) both A and C 38. In a chart of accounts using three digits for each account, each numeric digit has meaning to users of the AIS. For example, a numeric digit may represent either a major category of accounts, a primary financial subaccount within each category, or a specific account into which transaction data will be posted. Using this example, which digit position would best represent a primary financial subaccount within an account category? a) first b) second c) third d) fourth 39. In transaction processing, generally which activity comes first? a) recording data in a journal b) posting items to special journals c) capturing data on source documents d) posting data to a ledger 40. The efficiency of recording numerous business transactions can be best improved by the use of a) prenumbered source documents. b) specialized journals. c) posting references. d) segregation of duties. 41. A general journal a) is used to record infrequent or non-routine transactions. b) simplifies the process of recording large numbers of repetitive transactions. c) records all detailed data for any general ledger account that has individual subaccounts. d) contains summary-level data for every account of the organization. 42. The general ledger a) is used to record infrequent or non-routine transactions. b) simplifies the process of recoding large numbers of repetitive transactions. c) records all detailed data for any general ledger account that has individual subaccounts. d) contains summary-level data for every account of the organization. 43. A subsidiary ledger a) is used to record infrequent or non-routine transactions. b) simplifies the process of recoding large numbers of repetitive transactions. c) records all detailed data for any general ledger account that has individual subaccounts. d) contains summary-level data for every account of the organization. 44. A specialized journal a) is used to record infrequent or non-routine transactions. b) simplifies the process of recording large numbers of repetitive transactions. c) records all detailed data for any general ledger account that has individual subaccounts. d) contains summary-level data for every account of the organization. 45. An audit trail a) provides the means to check the accuracy and validity of ledger postings. b) is provided by the ledger and the general journal. c) is automatically created in every computer-based information system. d) is a characteristic of interest. 46. Something about which information is stored is a) attribute b) database c) entity d) record 47. Characteristics of interest that need to be stored are a) attribute b) database c) entity d) record 48. Computers store data by organizing smaller units of data into larger units, which have meaning to users. Data values that are stored in a physical space are called a a) field. b) record. c) file. d) database. 49. Related records grouped together form a(n) a) field. b) entity. c) file. d) database. 50. The set of fields that contain data about various attributes of the same entity forms a a) entity b) record. c) file. d) database. 51. Concerning a master file, which of the following statements is false? a) It is conceptually similar to a ledger in a manual AIS. b) It stores cumulative information about an organization's resources. c) It exists across fiscal periods. d) Its individual records are not changed. 52. Basic data storage concepts define both entities and attributes. An entity is something about which information is stored. Which item below would not be considered an entity? a) a customer address b) a customer c) an employee d) an inventory item 53. Which of the following is conceptually similar to a journal in a manual AIS? a) database b) master file c) record d) transaction file 54. Which of the following is not one of the four types of file processing? a) changing b) updating c) deleting d) altering 55. Periodic updating of the data stored about resources and agents is a) On-line processing b) real-time processing c) batch processing d) data processing 56. Concerning processing, which of the following statements is true? a) Batch processing ensures that stored information is always current. b) Batch input is more accurate than on-line data entry. c) On-line batch processing is a combination of real-time and batch processing. d) Batch processing is almost never used. 57. Federal Express stated in one of its mission statements that "positive control of each package will be maintained by utilizing . . . electronic tracking and tracing systems." This is an example of which type of data processing? a) real-time processing which features immediate updating as to the location of packages b) batch processing which features updating at fixed time periods c) real-time processing which features updating at fixed time periods such as at the end of an accounting period d) batch processing which features immediate updating as to the location of packages 58. Documents generated at the end of transaction processing activities are called a) financial statements b) operational documents c) reports d) source documents 59. Which of the following is not a type of report provided to decision makers by the typical AIS? a) financial statements b) customer satisfaction surveys conducted by third parties c) managerial reports d) All of the above reports are important to decision makers. 60. Which statement below regarding the AIS and managerial reports is false a) The AIS must be able to provide managers with detailed and operational information about the organization's performance. b) Both traditional financial measures and operational data are required for proper and complete evaluation of performance. c) Most source documents capture both financial and operational data about business transactions. d) Traditionally, most AIS systems have been designed so that both financial and operational data are stored in a manner that facilitates their integration in reports. 61. A formal expression of goals and objectives in financial terms is called a(n) a) mission statement. b) strategic plan. c) budget. d) operational plan. 62. A projection of an organization's cash inflows and outflows is known as a(n) a) performance budget. b) operating budget. c) management budget. d) cash budget. 63. Identify an example of external source data that is important to an organization. a) customer satisfaction as gauged by surveys b) staff salaries as a percentage of sales c) satisfaction of employees with their work environment d) sales revenue divided by the number of hours worked by the sales staff 64. Some information will have to be collected from __________ sources to determine, for example, customer satisfaction. a) external b) internal c) regulatory d) competitive 65. Performance reports are primarily used for a) financial control. b) cash planning. c) forecasting. d) financial planning. 66. A report which shows actual results, budgets, and variances is called a a) financial plan. b) cash budget. c) performance report. d) managerial report. 67. Variances to the budget should be interpreted by using the principle of a) management by exception. b) management by objectives. c) management by exemption. d) exceptions to variances. 68. One of the most important assumptions about how managers will act in a budgetcontrolled environment is that: a) managers will largely ignore budgets. b) budgets must be too tight to encourage high aspirations. c) budget slack will exist in almost every budget and is negotiated by all managers. d) measurement affects behavior. 69. Which managerial tool below is used to provide the organization with financial control? a) a cash budget b) a performance report c) a sales budget d) a customer satisfaction survey SHORT ANSWER 70. How are "Give and Take" transactions classified in business today and what impact does this have on AIS? 71. Name the major transaction cycles. 72. What is the purpose of source documents? What controls are embedded in source documents? Give two examples of source documents. 73. Why have accounting software packages been designed with separate transaction modules? 74. Describe the purpose of subsidiary and control accounts. 75. What is an audit trail? 76. A well-designed data processing cycle should collect data connected with three facets of business activity. Name the three facets. 77. Source documents are usually generated in the process of conducting common business activities. Name a source document connected with the revenue cycle. 78. Source documents are usually generated in the process of conducting common business activities. Name a source document connected with the human resources cycle. 79. What operational information should an AIS be capable of providing to management? 80. An AIS stores data by organizing smaller units of data into larger, more meaningful units. Briefly explain how data is stored in AIS. ESSAY 81. Describe the basic business activities and transactions for a typical merchandising company. 82. Coding systems are used throughout accounting information systems. Describe some useful guidelines that will result in a better coding system. 83. In accounting and AIS, what is the relationship between the general and subsidiary ledgers? 84. A company you have been asked to examine as part of an AIS consulting engagement employs a cashier who handles all cash receipts from customers. The cashier counts the cash daily, prepares the bank deposit, and carries the deposit to the bank every day after work. In addition, the cashier authorizes all discounts and allowances and decides when uncollectible accounts will be written off. Finally, because the accounting department is overworked at times, the cashier is allowed to post cash payments to customer accounts and reconcile the bank account. Outline how a dishonest cashier could misuse all these responsibilities to steal cash from the company. 85. It has been said "measurement affects behavior." What does this mean as it applies to business? ANSWER KEY 1. b 2. a 3. b 4. c 5. b 6. d 7. d 8. c 9. b 10. b 11. a 12. a 13. d 14. d 15. b 16. d 17. b 18. a 19. d 20. c 21. b 22. d 23. a 24. b 25. a 26. d 27. a and d 28. d 29. a 30. a 31. b and c 32. c 33. a 34. d 35. d 36. d 37. c 38. b 39. c 40. b 41. a 42. d 43. c 44. b 45. a 46. c 47. a 48. a 49. c 50. b 51. d 52. a 53. d 54. d 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. c c a b b d c d a a a c a d b SHORT ANSWER 70. The concept of "Give and Take" transactions has been used to classify business transactions into "cycles" that have starting points, processes, and end points (or closure). The majority of business transactions can be classified as revenue, expenditure, human resources (payroll), production, and financing cycles. AIS has been modeled after these transaction cycles to achieve its basic functions of collecting and processing data, providing information useful for decision making, and establishing adequate controls. 71. The major transaction cycles are revenue, expenditure, human resources (or payroll), production, and financing. 72. The primary purpose of source documents is to record data about business activities. Source documents standardize data collection procedures for an organization and provide better control and accuracy. Source documents are generally pre-numbered, which helps to verify that all transactions have been recorded and there is no missing document; if a document is missing, then which one(s) can be determined. Proper design of source documents ensures which information to collect, preprints standard information such as addresses, and provides directions for completing the form. Examples include: invoices, timecards, sales orders, and purchase orders. 73. Since every organization does not necessarily use all of the transaction cycles in its operations, it is to the advantage of the organization to be able to "pick and choose" from among various software modules that track and record different transaction cycles. For example, a law firm would have no need to implement a production cycle module. Also, the nature of a transaction cycle varies across the broad spectrum of business organizations. Again, a law firm would have a revenue cycle, but it would not involve the purchase, receipt, and payment for products or merchandise; likewise a retail store chain may not sell any consulting services to its customers. 74. A subsidiary ledger is used when many sub-accounts (such as customers or vendors) must be tracked in detail. These types of accounts are used frequently for accounts receivable and accounts payable applications. The control account gives the overall or total picture for the subsidiary accounts. The control account will show total balances only and must balance to the sum of the individual detail amounts in the subsidiary accounts. 75. An audit trail provides a means to check the accuracy and validity of postings to the ledger. The posting references and document numbers help provide the audit trail. An audit trail exists when company transactions can be traced through the AIS from where originate to where they end up on the financial statements 76. The three facets of business activity are: 1) the event of interest; 2) the resource(s) affected by the event; and 3) the agents who participate in the event. 77. Revenue cycle source documents include sales orders, delivery tickets or bills of lading, remittance advice or remittance list, deposit slip, and credit memo. 78. Human resources (or payroll) cycle documents include employee's W-4 form, time cards, or job time tickets or time sheets. 79. Some examples are - reports about inventory status, relative profitability of products, percentage of revenue generated by new products, relative performance of each salesperson, cash collections and pending obligations, and an organization's performance in meeting its delivery and service commitments. The AIS should also be able to provide non-financial information connected with various transactions such as addresses, purchasing histories, telephone and fax numbers, e-mail addresses, Web sites, etc. 80. The smallest unit of data is known as a data value. A data value is physically stored in a space called a field. Any number of fields can be grouped together to form a record. Related records are grouped together to form a file. Files are then combined to form a database. ESSAY 81. Revenue - sell goods and services to customers and collect cash. Expenditure - obtain goods and services from vendors and pay cash. Human resources - hire qualified employees, train them, pay them, evaluate them, withhold and pay taxes, file tax forms, and comply with government regulations on employment. Financing - investments in company, procuring and repayment of loans, and payment of dividends and interest. 82. The following guidelines will result in a better coding system. First, the code should be consistent with its intended use. Second, the code should allow for growth in the number of items to be coded. The coding system should be as simple as possible. The coding system should be consistent with the company's organizational structure and it should be consistent across the different divisions of an organization. 83. The general ledger contains summary-level information about every asset, liability, equity, revenue, and expense account in an organization. The balances in general ledger accounts form the starting point for preparation of financial statements and various other financial reports. A subsidiary ledger account provides support for any general ledger account that has need of maintaining individual subaccounts (for example, accounts receivable, accounts payable, inventory, and fixed assets). The subsidiary ledger records and maintains the detail-level information for a general ledger account by having a separate record for each customer, vendor, inventory item, or fixed asset. The individual subaccount balances in a subsidiary ledger should equal the balance found in the general ledger account. A general ledger account that corresponds to a subsidiary ledger account is known as a control account. 84. This procedure represents a gross violation of the "segregation of duties" principle. The cashier could steal cash in any number of ways. For example, the cashier could misapply payments from other customers to cover the theft (this is better known as lapping). The cashier could steal cash by writing off the balances as bad debts or cover over the balances with illegitimate discounts. Also, the cashier could steal cash and then cover it up with entries to expense accounts or by preparing a "bogus" bank reconciliation. This is why it is critically important that there is a clear, unequivocal separation of duties when dealing with any aspect of cash in a business. 85. Generally speaking, when employees become aware of the tasks that are under evaluation and measurement, the employees will focus their efforts primarily on those tasks. This could be good or bad depending on the task being measured and the goals of the business. A business should not be merely focused on obtaining expectations from measuring certain tasks to the detriment of the operation of the business as a whole. Consider for example the measurement of the number of units of a product produced each hour. If the business is only concerned with maximizing output, employees may indeed produce more, but the quality of each unit produced may be unacceptable. If the units are shipped without knowledge of the lower quality, a higher failure rate per unit may occur. This will impact the users of the units, and so a customer service problem may arise due to the "push for higher output." It is important for the organization to balance measurement goals and objectives with the overall mission and values of the organization and its strategic objectives. CH 3 MULTIPLE CHOICE 1. The narratives, diagrams, charts, and other written materials that explain how a system works are collectively called a) b) c) d) documentation. data flows. flowcharts. schema. 2. One popular means of documenting a system is to develop diagrams, flowcharts, tables, and other graphical representations of information. These are often supplemented by a) b) c) d) product specifications. narrative descriptions. logic charts. oral descriptions from management. 3. The graphic description of the flow of data within an organization is called a a) b) c) d) systems flowchart. data flow diagram. context diagram. document flowchart. 4. A graphical representation of the flow of documents and information between departments or areas of responsibility within an organization is called a) b) c) d) a data flow diagram. a document flowchart. a system flowchart. a program flowchart. 5. A graphical representation of the relationship among the input, processing and output in an information system is called a) b) c) d) a data flow diagram. a document flowchart. a system flowchart. a program flowchart. 6. A graphical description of the sequence of logical operations that a computer performs is called a) b) c) d) a data flow diagram. a document flowchart. a system flowchart. a program flowchart. 7. SAS No. 94 requires that independent auditors be able to a) b) c) d) draw computerized flowcharts. prepare flowcharts and decision tables before conducting an audit. understand a client's system of internal controls before conducting an audit. prepare and understand any type of system documentation. 8. The passage of the Sarbanes Oxley Act a) Made documentation skills even more important. b) Requires public companies to prepare an annual internal control report. c) Means that auditors must be able to prepare, evaluate and read documentation tools such as flowcharts. d) All of the above. 9. Which of the following is not a true statement? a) Documentation tools save an organization both time and money. b) Documentation tools are used extensively in the systems development process. c) Data flow diagrams and flowcharts are the two most frequently used systems development documentation tools. d) Data flow diagrams and flowcharts are difficult to prepare and revise using software packages. 10. A data flow diagram a) is a graphical description of the source and destination of data that shows how data flow within an organization. b) is a graphical description of the flow of documents and information between departments or areas of responsibility. c) is a graphical description of the relationship among the input, processing, and output in an information system. d) is a graphical description of the sequence of logical operations that a computer performs as it executes a program. 11. In a DFD, a square box represents a) b) c) d) data sources and destinations. data flows. transformation processes. data stores. 12. In a DFD, a "data sink" is also known as a) b) c) d) data stores. transformation processes. data flows. data destinations. 13. In a DFD, an arrow represents a) b) c) d) data sources and destinations. the direction of data flows. transformation processes. data stores. 14. In a DFD, a circle represents a) b) c) d) data sources and destinations. the direction of data flows. transformation processes. data stores. 15. In preparing a DFD, when data are transformed through a process, the symbol used should be a) b) c) d) a circle. an arrow. a square. two horizontal lines. 16. In a DFD, lines that are horizontal and parallel to each other represent a) b) c) d) data sources and destinations. data flows. transformation processes. data stores. 17. In a DFD, a "bubble" is also known as a) b) c) d) data stores. transformation processes. data flows. data destinations. 18. An entity that sends or receives data used or produced by the system is called a a) b) c) d) data source or destination. data store. data flow. data transformation. 19. A data flow diagram (or DFD) has four basic elements. The flow of data between processes, data stores, and data sources and destinations is known as a) b) c) d) data sources and destinations. data flows. transformation processes. data stores. 20. A data flow diagram (or DFD) has four basic elements. The altering of data from inputs to outputs is known as a) b) c) d) data sources and destinations. data flows. transformation processes. data stores. 21. A data flow diagram (or DFD) has four basic elements. The people and organizations that send data to and receive data from the system are known as a) b) c) d) data sources and destinations. data flows. transformation processes. data stores. 22. In general, a data destination will be shown by a) an arrow pointing away. b) an arrow pointing in. c) arrows pointing both ways. d) no arrows, only two horizontal lines. 23. In the data flow diagram of the customer payment process, "update receivables" will appear in a) b) c) d) a square. a circle. two horizontal lines. none of the above 24. In the data flow diagram of the customer payment process, "Customer" will appear in a) b) c) d) a square. a circle. two horizontal lines. none of the above 25. In the data flow diagram of the customer payment process, "Customer payment" will appear above or in a) b) c) d) a square. a circle. two horizontal lines. an arrow. 26. Most processes on a DFD can be identified by a) b) c) d) data in-flows only. data out-flows only. data flows both into or out of a process. always being followed by a data store. 27. Data flows between two symbols on a DFD have more than one data item. More than one arrow is needed if a) b) c) d) data elements always flow together. data elements flow at different times. data elements flow to different locations. there is no guideline on use of single or multiple arrows. 28. The transformation of data in a DFD is represented as a a) b) c) d) process. data dictionary. data stores. data source and destination. 29. The storage of data on a DFD is shown by a) b) c) d) circles. arrows. squares. two horizontal lines. 30. Creating a DFD is an iterative process. Each DFD iteration helps the designer to refine the diagram and identify the fine points. A DFD created at a high-level or summary view is referred to as a a) b) c) d) data process diagram. data dictionary diagram. content diagram. context diagram. 31. In creating DFDs, a context diagram a) b) c) d) Includes major transformation processes. Depicts systems boundaries. Is not necessary. Is very detailed. 32. In a payroll processing DFD, the "prepare reports" activity will be represented by __________, the "employee payroll file" will be represented by __________, and the "bank" will be represented by __________. a) b) c) d) a circle; two horizontal lines; a square a circle; two horizontal lines; two horizontal lines a rectangle; a square; a circle a square; two horizontal lines; a circle 33. How should control processes and control actions be represented in a data flow diagram? a) b) c) d) using a square to represent a data source and destination using a circle to represent a transformation process using two horizontal lines to represent a data store control processes and actions should be ignored in a DFD 34. The term used to refine a high-level or summary view data flow diagram into successively lower levels to provide greater amounts of detail is a) b) c) d) expand. explode. implode. enlarge. 35. An analytical technique that uses standard symbols to graphically represent an information system in a clear, concise, and logical manner is called a a) b) c) d) data flow diagram. flowchart. schema. narrative. 36. Flowcharts are created using a standard set of symbols. These symbols can be divided into four basic categories. A square denotes an auxiliary operation and is found in which flowchart symbol category? a) input/output b) processing c) storage d) flow and maintenance 37. What should be the first thing the creator of a flowchart does before beginning a flowchart? a) b) c) d) understand the system to be flowcharted identify the entries to be flowcharted design the flowchart so that it proceeds from left to right and top to bottom use standard flowcharting symbols 38. When designing either a DFD or a flowchart, a good rule to follow is a) b) c) d) to proceed from left to right. to proceed from top to bottom. to proceed from left to right and top to bottom. to identify exception procedures by using a rectangle. 39. Which is a true statement regarding the use of the manual processing symbol in a flowchart? a) b) c) d) If a document is moved from one column to another, show the document only in the last column. Each manual processing symbol should have an input and an output. Do not connect two documents when moving from one column to another. Each manual processing symbol should have an off-page connector. 40. Which is a true statement regarding the document flowchart? a) b) c) d) It illustrates the sequence of logical operations performed by a computer. It is particularly useful in analyzing the adequacy of internal control procedures. It should ignore control processes and actions. It is not normally used in the systems design process. Use the chart below to answer the following questions regarding flow chart symbols. 41. Which symbol would be used in a flowchart to represent a computer process? a) #1 b) #2 c) #5 d) #15 42. Which symbol would be used in a flowchart to represent a decision? a) b) c) d) #10 #16 #9 #6 43. Which symbol would be used in a flowchart to represent an invoice sent to a customer? a) b) c) d) #2 #6 #1 #15 44. Which symbol would be used in a flowchart to represent a general ledger? a) b) c) d) #2 #1 #3 #5 45. Which symbol would be used in a flowchart to represent a manual process? a) b) c) d) #5 #6 #10 #11 46. Which symbol would be used in a flowchart to represent a connection to another part of the flowchart on the same page? a) b) c) d) #4 #13 #14 #15 47. Which symbol would be used in a flowchart to represent a connection to another part of the flowchart on a different page? a) b) c) d) #4 #13 #14 #15 48. Which symbol would be used in a flowchart to represent a file of paper documents? a) b) c) d) #7 #8 #9 #15 49. Which symbol would be used in a flowchart to represent a general ledger master file kept on magnetic disk? a) b) c) d) #2 #5 #7 #8 50. Which symbol would be used in a flowchart to represent employee time cards sent by department managers to the payroll department? a) b) c) d) #1 #4 #11 #16 51. Which symbol would be used in a flowchart to represent the display of a report on a computer screen? a) b) c) d) #1 #2 #3 #11 52. Which symbol would be used in a flowchart to represent the addition of information about a step represented in another symbol on the flowchart? a) b) c) d) #1 #5 #11 #15 53. Which symbol would be used in a flowchart to represent a payroll master file kept on magnetic tape? a) b) c) d) #4 #7 #8 #9 54. Which symbol would be used in a flowchart to represent a beginning, an ending, or a connection to another procedure? a) b) c) d) #9 #14 #15 #16 55. Which symbol would be used in a flowchart to represent a flow of data or documents? a) b) c) d) #12 #13 #14 #15 56. Which symbol would be used in a flowchart to represent a connection by a data communication link? a) b) c) d) #12 #13 #14 #15 57. In a document flowchart of a manual payroll processing system, "update employee file" will be shown by a(n) __________ symbol, and "prepare payroll check" will be shown by a(n) __________ symbol. a) b) c) d) input; output input; manual operation manual operation; output manual operation; manual operation 58. A flowchart is an analytical tool used to describe some aspect of an information system. A flowchart that depicts the relationships among the input, processing, and output of an AIS is a) b) c) d) an internal control flowchart. a document flowchart. a system flowchart. a program flowchart. 59. Which type of flowchart is an excellent vehicle for describing information flows and procedures within an AIS? a) b) c) d) a program flowchart a document flowchart an internal control flowchart a system flowchart 60. In a program flowchart comparison of one or more variables, the transfer of flow to alternative logic paths is represented by a) b) c) d) a terminal. data/information flow. computer operation. decision diamond. SHORT ANSWER 61. P62 50) What are the various ways to document a system? 62. P62 51) List the various types of flowcharts. 63. P 62-63 52) Briefly discuss the various levels of understanding necessary to deal with and comprehend AIS documentation. 64. P63 59) Name two reasons why it is important to have a working knowledge of DFDs and flowcharting. 65. What does SAS no. 94 require that is relevant to documentation tools? 66. P64 53) What are the basic elements of a data flow diagram? 67. P64 54) What are the basic symbols used in data flow diagrams? 68. P65 55) When does an analyst need to show two data flow lines in a DFD? 69. P71 56) What are the four categories of flowcharting symbols? 70. P66 58) What are the different levels of DFDs? 71. P77 60) What is a system flowchart? What is a program flowchart? How are these two interrelated? 72. Ppp 57) How is a DFD different from a flowchart? ESSAY 73. Explain the relevance of the Sarbanes Oxley Act to the documentation tools you have studied in this chapter. 74. P 64-65 62) Discuss the idea of a data flow. 75. P66 or 69 61) What is the value of using a context diagram when working with DFDs? 76. P 69 63) Identify five important guidelines for drawing a DFD. Select one from your list and describe why it could be the most important one to consider when preparing a DFD. (Hint: You may want to support your argument with an example.) 77. P 71 64) Identify five important guidelines for drawing a flowchart. Select one from your list and describe why it could be the most important one to consider when preparing a flowchart. (Hint: You may want to support your argument with an example.) 78. Following is a context diagram for a current Payroll Processing System. ) Identify the data sources and destinations, data flows, and transformation process marked by question marks. ) What would you need to do to explode this diagram? 79. Four flowcharts have been provided for the following descriptions. Identify the mistake(s) in each flowchart. Item a, below, corresponds to Figure a, then b, below, corresponds to figure b, and so on. ANSWER KEY 1) A 2) B 3) B 4) B 5) C 6) D 7) C 8) D 9) D 10) A 11) A 12) D 13) B 14) C 15) A 16) D 17) B 18) A 19) B 20) C 21) A 22) B 23) B 24) A 25) D 26) C 27) B 28) A 29) D 30) D 31) B 32) A 33) D 34) B 35) B 36) B 37) A 38) C 39) B 40) B 41) C 42) A 43) C 44) A 45) B 46) C 47) D 48) C 49) C 50) A 51) C 52) C 53) C 54) D 55) 56) 57) 58) 59) 60) 61) 62) 63) 64) 65) 66) 67) 68) 69) 70) 71) 72) 73) 74) A B D C D D Data flow diagrams, document flowcharts, system flowcharts, program flowcharts, and narrative documentation are the various ways to document a system. Document flowcharts, System flowcharts, Program flowcharts, Internal control flowcharts Depending on the job function of the professional, at a minimum a person should be able to read AIS and system documentation. A person may also be called upon to evaluate internal control system documentation in order to identify control strengths and weaknesses as well as recommend improvements. The AIS professional may be engaged to prepare documentation, which requires the greatest amount of skill and understanding of a particular system. First, data flow diagrams and flowcharts are the two most frequently used development and documentation tools used today. Second, since systems development is extremely complex, DFDs and flowcharts are tools that are used to create order from chaos and complexity. Statement on Auditing Standards (SAS) 94 requires that independent auditors understand the automated and manual procedures an entity uses. One of the best ways to gain this understanding is to use the flowcharts to document the internal control system, as weaknesses and strengths are more easily spotted from such graphic portrayals. Data sources and destinations, data flows, transformation processes, and data stores are the basic elements of a data flow diagram. The basic symbols used in data flow diagrams are: data source and destination - square box; data flows - arrow; processes - circle; and data stores - horizontal, parallel lines. A data flow may consist of one or more pieces of datum. The determining factor is whether the data elements always flow together at the same time. For example, "customer payment" have both payment and remittance data. Since these elements always flow together, only one data flow line is required. However, data flows between the customer and the payment processes have customer inquiries and cash receipts; these data items do not always flow together at the same time. In such a case, two data flow lines will be shown. The four categories of flowcharting symbols are: input/output, processing, storage, flow and miscellaneous. The highest-level or summary view DFD, which shows major inputs/outputs and a single process is called a context diagram. The DFD itself shows inputs, major processes, and outputs; each process in the DFD can be "exploded" or shown in greater level of detail with the sub-processes and related data flows. Computer systems flowcharts depict the relationships among the input, processing, and output of an AIS. The program flowchart illustrates the sequence of logical operations performed by a computer in executing a program. System flowcharts identify processing areas but do not show how the processing is done. The detailed logic used by the computer to perform the processing is shown on a separate program flowchart. The purpose of a DFD is to diagram the origins, flow, transformation, storage, and destination of data. The purpose a flowchart is to present a graphical description of the flow of documents, relationships among input, processing, and output, or the sequence of logical operations in an information system or program. A DFD is limited to basic symbols and lines, and focuses on the flow and use of data. A flowchart will generally be more complex, and more focused on the managerial, AIS, or IS aspects of the organization. The passage of the Sarbanes Oxley Act of 2002 made documentation skills even more important because it requires of public companies' management an annual internal control report. The auditor must evaluate this management assessment of internal control and attest to its accuracy. Therefore, the company and the auditors must document and test the internal controls -documentation tools, such as flowcharts, are used to do this. A data flow is a graphic representation of the flow of data between processes, data stores, and data sources and destinations. A data flow is really a form of communication. When the analyst draws a curved or straight line with an arrow at one end, what is represented is a form of communication 75) 76) 77) 78) 79) among the other elements of the data flow process. Consider for example a data source being depicted by a box. The box represents a data source. Data then is sent from the source to a circle, which represents a transformation process. The source of data sends the flow to the transformation process, which will process the data and somehow use the data or turn it into useful information. Note that data flows can represent one or more pieces of datum. Because data flows may have more than one data element, the analyst must determine whether to show one or more lines. Good DFDs and data flow lines in such diagrams eliminate the need for users and analysts to "infer" what type of information is flowing. In order to create a useful DFD, the analyst must determine system boundaries-what is to be included or excluded from the system. A context diagram will help to achieve this goal, since it is a good way to depict the boundaries of the system. The analyst first creates a context diagram by placing a circle in the middle of the diagram. The circle represents the system under consideration. On either side of the circle, boxes are created which represent outside entities the system interacts with directly. Data flow lines are drawn to show the direction of the flow of data. After this pictorial representation has been completed, the analyst can then better assess the boundaries of the system and amount of interaction between the system and outside entities. Understand the system. Ignore certain aspects of the system (such as control processes and control actions). Determine system boundaries. Develop a context diagram. Identify data flows. Group data flows. Identify transformation processes. Group transformation processes. Identify all files or data stores. Identify all data sources and destinations. All DFD elements are named. Subdivide the DFD. Give each process a sequential number. Repeat the process. Prepare a final copy. (Student answers will vary depending on the items chosen and the quality of their argument. The text provides various items that could be used to answer this question.) Use interviews, questionnaires, or narrative descriptions to understand the system before flowcharting it. Identify the different entities to be flowcharted such as departments, job functions, or external parties. Also identify documents and information flows along with the activities or processes performed on the data. Organize the flowchart using columns when several entities are involved in the process. Focus on the normal operations and include all relevant procedures and processes. Flowcharts should flow from top to bottom and from left to right. The origin and disposition of documents should be clearly identified by a clear beginning and end in the flowcharts. Use standard flowchart symbols. Multiple documents should be identified by numbers shown in the top right-hand corner of the document symbol. Documents do not directly connect with each other, except when moving from one column to another. Use on-page and off-page connectors to organize flowcharts. Use arrowheads to direct the flow of documents. Clearly label the pages, such as 1 of 3, 2 of 3, and 3 of 3. Documents or reports should be first shown in the column in which they originate and then moved to other columns. Use computer processing symbols to show movement of data in and out of the computer system. Filing operations can be directly shown with one line, no manual processing symbol required. Flowcharting is an iterative process. The first attempt should be a rough draft that is refined with each successive pass. Do not clutter flowcharts; redesign the flowchart as necessary. Review the flowchart for accuracy. On the final copy of the flowchart, the name of the flowchart, date, and the preparer's name should be shown. (Student answers will vary depending on the items chosen and the quality of their argument. The text provides various items that could be used to answer this question.) 1 - Human resources, 2 - Time cards, 3 - Payroll processing system, 4 - Employee paychecks or pay-stubs, 5- Payroll report, 6 - Government agencies, 7- Banks. To explode this diagram, additional information is needed to identify detailed procedures within the payroll processing activity as well as additional inputs and outputs. It would be useful to obtain a comprehensive narrative of the payroll processing procedures for review and identification of these items. If there is no narrative available, interviews are another source of information. a. Figure a - the sort symbol should be manual operation symbol. Figure b - the file update symbol should be computer processing and the arrow from transaction file should flow into file update. Figure c - the arrows should point from left to right and the computer processing symbol is missing before the master file.. Figure d - the sort symbol is manual and should be computer processing, checks are endorsed manually but the symbol is for computer processing and endorsed checks are sent to the bank, hence the file symbol is wrong. Chapter 4 MULTIPLE CHOICE 1. What is the most popular type of database? a) b) c) d) hierarchical relational object-oriented network 2. Using a file-oriented approach to data and information, data is maintained in a) b) c) d) a central database. many interconnected files. many separate files. a decentralized database. 3. File-oriented approaches create problems for organizations because of a) b) c) d) multiple transaction files. a lack of sophisticated file maintenance software. multiple users. multiple master files which may contain redundant data. 4. Which statement is true regarding file systems? a) Transaction files are similar to ledgers in a manual AIS. b) The proliferation of master files creates problems in the consistency of specific data stored in different files. c) Transaction files are permanent. d) Individual records are never deleted in a master file. 5. A set of interrelated, centrally coordinated files is called a) b) c) d) a database. a master file. a transaction file. a multiple-records grouping (MRG). 6. The software program that creates, manipulates, and accesses the database goes by the acronym a) b) c) d) DBMS. DBP. OS. DBA. 7. The ___________ acts as an interface between the database and the various application programs a) b) c) d) Data warehouse Database administrator Database management system Database system 8. The combination of the database, the DBMS, and the application programs that access the database through the DBMS is referred to as the a) b) c) d) Data warehouse Database administrator Database system Database manager 9. The person responsible for the database is the a) b) c) d) Data coordinator Database administrator Database manager Database master 10. All of the following are benefits of database technology except: a) b) c) d) Data integration and sharing Decentralized management of data Minimal data redundancy Reporting flexibility 11. Separating the logical and physical views in a database allows the programmers to concentrate on coding the application logic a) b) c) d) by identifying physical location and layouts of various data items. since they do not have to focus on the physical location and layouts of various data items. by consolidating all data in one database. by providing pointers to data items regardless of physical location. 12. A database system separates the logical and physical view of data. Such separation facilitates the development of new applications since programmers can concentrate their efforts on coding application logic. The term physical view refers to a) b) c) d) how a user or programmer conceptually organizes and understands the data. how the DBMS accesses data for an certain application program. how and where the data are physically arranged and stored. how master files maintain facts used by certain application programs. 13. The ____________ handles the link between the way data are physically stored and each user's logical view of that data. a) b) c) d) Data warehouse Database administrator Database management system software Schema 14. The logical structure of a database is described by the a) b) c) d) dictionary. schema. subschema. internal level. 15. Schemas are used in designing database systems. The schema that provides an organization-wide view of the entire database is known as a) the external-level schema. b) the internal-level schema. c) the conceptual-level schema. d) the logical view of the database. 16. A set of individual user views of the database is called the a) b) c) d) schema. internal-level schema. external-level schema. meta-schema. 17. A low-level view of the database that describes how the data are actually stored and accessed is the a) b) c) d) schema. subschema. internal-level schema. external-level schema. 18. Record layouts, definitions, addresses, and indexes will be stored at the __________ level schema. a) b) c) d) external conceptual internal inner 19. Accountants may be involved in several aspects of database development. In which area below would an accountant least likely have involvement when developing a database system? a) b) c) d) the conceptual-level schema the external-level schema the internal-level schema the logical view of data 20. The ____________ contains information about the structure of the database. a) b) c) d) Data definition language Data dictionary Data warehouse Database management system 21. Which of the following would not be found in a data dictionary entry for a data item? a) b) c) d) records containing a data item the physical location of the data the source of the data item the field (data) type 22. The data dictionary usually is maintained a) b) c) d) automatically by the DBMS. by the database administrator. by the database programmers. by top management. 23. Reports produced using the data dictionary could include all of the following except a) b) c) d) a list of all programs where a data item is used. a list of all synonyms for the data items in a particular file. a list of all outputs where a data element is used. a list of all the schemas included in a database. 24. One of the key components of a DBMS is the data dictionary, which contains information about the structure of the database. Which would not generally be considered a data dictionary output report? a) b) c) d) a list of cash balances in the organization's bank accounts a list of all programs in which a data element is used a list of all synonyms for the data elements in a particular file a list of all data elements used by a particular user 25. The DBMS language that is used to build, initialize, and describe logical views for users is called the a) b) c) d) DDL. DML. DQL. DBA. 26. The DBMS language that is used for data maintenance and updating of the database is referred to by the letters a) b) c) d) DDL. DML. DQL. SQL. 27. A DBMS must provide a way to define, manipulate, and query data in a database. This is accomplished by the use of three different languages. The language that is used to provide the function of data maintenance in a DBMS is a) b) c) d) DDL. DML. DQL. report writer. 28. The part of the DBMS that is used to interrogate the database and present subsets of the database to users is called the a) b) c) d) DDL. DML. DQL. DBA. 29. DBMS uses a language to retrieve, sort, order, and present subsets in a database. This language is known as a) b) c) d) data definition language (DDL). data manipulation language (DML). data query language (DQL). report writer. 30. Creating an empty table in a relational database requires use of the __________, and filling that table requires the use of __________. a) b) c) d) DDL; DML DQL; SQL DDL; DQL DML; DDA 31. Many database systems include a feature that simplifies the creation of reports by allowing users to specify the data elements desired and the format of the output. This feature is named the __________. a) b) c) d) report writer report generator report creator report printer 32. The abstract representation of the contents of a database is called the logical a) b) c) d) data model. data dictionary. data relationship. subschemas. 33. A database model that represents all data as stored in two-dimensional tables is the __________ model. a) b) c) d) tuple relational hierarchy object 34. Each row in a relational database's table is known as a a) b) c) d) data model relation schema tuple 35. The attribute that can uniquely identify a specific row in a table is the a) b) c) d) primary key secondary key foreign key logical key 36. An attribute in a table that is a primary key in another table. a) b) c) d) primary key secondary key foreign key anomaly 37. Redundancy can be a major problem in the design and operation of relational databases. If a database uses only one relation to store data, several problems may subsequently occur. The problem of changes (or updates) to data values being incorrectly recorded is known as a) b) c) d) an update anomaly. an insert anomaly. a delete anomaly. a memory anomaly. 38. The potential inconsistency problem could arise when there are multiple occurrences of a data item in a database. This is called the a) b) c) d) update anomaly. insert anomaly. inconsistency anomaly. integrity anomaly. 39. The problem of inability to add new data without violating the basic integrity of the database is referred to as the a) b) c) d) update anomaly. insert anomaly. integrity anomaly. add anomaly. 40. A relational database has been designed where the customer data is not maintained independently of sales invoice data. This design weakness will most likely result in a) b) c) d) an update anomaly. an insert anomaly. a delete anomaly. no anomaly. 41. The problem of losing desired information from a database when an unwanted record is purged from the database is referred to as the __________ anomaly. a) b) c) d) purge erase delete integrity 42. One important constraint in a relational database environment is that a primary key uniquely identifies each row in a data table. This principle is called the a) b) c) d) entity integrity rule. referential integrity rule. unique primary key rule. foreign key rule. 43. The database constraint that says that foreign keys must be null or have a value corresponding to the value of a primary key in another table is formally called the a) b) c) d) entity integrity rule. referential integrity rule. rule of keys. referential entity rule. 44. A well-structured or "normalized" database imposes several requirements on the structure of tables. The constraint that ensures the consistency of the database is known as a) b) c) d) the entity integrity rule. the referential integrity rule. the logical view. the physical view. 45. Which statement below is false regarding the basic requirements of the relational data model? a) "Every column in a row must be single-valued." b) "All nonkey attributes in a table should describe a characteristic about the object identified by the primary key." c) "Foreign keys, if not null, must have values that correspond to the value of a primary key in another table." d) "Primary keys can be null." 46. Identify the aspect of a normalized database that is incorrect: a) b) c) d) Data is consistent. Redundancy is minimized and controlled. All data is stored in one table or relation. The primary key of any row in a relation cannot be null. 47. In the database design approach known as normalization, the first assumption made about data is a) b) c) d) there is no redundancy in the data. the delete anomaly will not apply since all customer records will be maintained indefinitely. everything is initially stored in one large table. the data will not be maintained in 3NF tables. 48. The process of designing a database that is well-structured and free from anomalies is called a) b) c) d) normalization. anormalization. data modeling. manipulation. 49. Normalization means tables are in the __________ normal form. a) b) c) d) first second third fourth 50. There are two basic ways to design a well-structured relational database. The method in which a database designer uses knowledge about how business processes work to draw a graphical picture of the elements to be included in the database is called a) normalization. b) decentralization. c) geometric data modeling. d) semantic data modeling. 51. Which of the statements below is incorrect regarding semantic data modeling? a) It facilitates the efficient design of transaction processing databases. b) It facilitates communicating with the intended users of the system. c) It allows a database designer to use knowledge about how the business processes work to design the database. d) Semantic data modeling simply follows the rules of normalization in the design of a database. 52. What is one potential drawback in the design and implementation of database systems for accounting? a) Double-entry accounting relies on redundancy as part of the accounting process; well-designed database systems reduce and attempt to eliminate redundancy. b) Relational DBMS query languages will allow financial reports to be prepared to cover whatever time periods managers want to examine. c) Relational DBMS provide the capability of integrating financial and operational data. d) Relational DBMS can accommodate multiple views of the same underlying phenomenon; therefore, tables storing information about assets can include data about both historical and replacement costs. 53. Which is probably the most significant effect of database technology on accounting? a) b) c) d) replacement of the double entry-system change in the nature of financial reporting elimination of traditional records such as journals and ledgers quicker access to and greater use of accounting information in decision-making SHORT ANSWER 54. Define and distinguish between these terms: database, database management system, database system and database administrator. 55. What is a major advantage of database systems over file-oriented transaction processing systems? 56. What is the difference in logical view and physical view? 57. Describe the different schemas involved in a database structure. What is the role of accountants in development of schemas? 58. What is a data dictionary? 59. List the four languages used within a DBMS. 60. Name the three "anomalies" that may occur in an improperly designed relational database? 61. Name the types of attributes that tables possess in a relational database. 62. Briefly explain the two advantages semantic data modeling has over normalization when designing a relational database. ESSAY 63. What is the difference between file-oriented transaction processing systems and relational database systems? Discuss the advantages and disadvantages of these systems. 64. Discuss redundancy as it applies to database design. 65. Discuss the ways in which a well-designed DBMS will facilitate the three basic functions of creating, changing, and querying data. 66. List the four DBMS "languages." Provide a brief description which identifies who uses them and for what purpose. 67. Describe the information that is contained in the data dictionary. 68. Discuss the relational database data model. 69. What are the main constraints when a relational database model is being logically designed? 70. What do you think will be the main impact of database technology in your career? ANSWER KEY 1) B 2) C 3) D 4) B 5) A 6) A 7) C 8) C 9) B 10) B 11) B 12) C 13) C 14) B 15) C 16) C 17) C 18) C 19) C 20) B 21) B 22) A 23) D 24) A 25) A 26) B 27) B 28) C 29) C 30) A 31) A 32) A 33) B 34) D 35) A 36) C 37) A 38) A 39) B 40) B 41) C 42) A 43) B 44) B 45) D 46) C 47) C 48) A 49) C 50) D 51) D 52) A 53) D 54) A database is a set of interrelated, centrally coordinated files. A database management system acts as an interface between the database and the various application programs. A database system refers to the combination of the database, the DBMS and the application programs. A database administrator is the person responsible for the database. 55) Database systems separate logical and physical views. This separation is referred to as programdata independence. Such separation facilitates developing new applications because programmers can concentrate on coding the application logic (what the program will do) and do not need to focus on how and where the various data items are stored or accessed. In the file-oriented transaction systems, programmers need to know physical location and layout of records which adds another layer of complexity to programming. 56) The logical view is how the user or programmer conceptually organizes and understands the data, such as data organized in a table. The physical view, on the other hand, refers to how and where the data are physically arranged and stored on a disk, tape, or CD-ROM media. 57) A schema describes the logical structure of a database. There are three levels of schemas. First, the conceptual-level schema is an organization-wide view of the entire database listing all data elements and relationships between them. Second, an external-level schema is a set of individual user views of portions of the database, each of which is referred to as a subschema. Finally, an internal-level schema provides a low-level view of the database includes descriptions about pointers, indexes, record lengths, etc. Accountants are primarily involved in the development of conceptual- and external-level schemas; however, database knowledgeable accountants may participate in developing an internal level schema. 58) A data dictionary is a means by which information about the structure of a database is maintained. For each data element stored in the database, there is a corresponding record in the data dictionary that describes it. The DBMS usually maintains the data dictionary. Inputs to the dictionary include various new data, changed data, and deleted data. Output from the data dictionary may include a variety of reports useful to programmers, database designers, and other users of the information system. Accountants have a very good understanding of the data elements that exist in a business organization, so when an organization is developing a database, accountants should be allowed to participate in the development of the data dictionary. 59) The four languages used within a DBMS are data definition language, data manipulation language, data query language, and a report writer. 60) Update, insert, and delete 61) Primary key - the attribute, or combination of attributes, that uniquely identify a specific row in a table. Foreign key - an attribute appearing in one table that is a primary key in another table. Nonkey attributes found in tables - For example, an inventory table may contain information about the description, quantity on hand, and list price of each item a company sells. 62) Semantic data modeling takes advantage of a system designer's knowledge about the business policies and practices of an organization. This is of great benefit in the design of transaction processing databases. Also, since the database model is created around the policies and practices of an organization, communications with the future database users is facilitated. The result is that the system will more closely meet the needs of the intended users. 63) In file-oriented approaches, different users (or departments, units, etc.) maintain their own data and use different application programs. This results in a significant increase in number of master files stored by an organization. The various disadvantages of file-oriented organization include data redundancy, data inconsistencies, lack of data integration, a large number of data files, substantial program-data dependence, lack of compatibility, and lack of data sharing. The database approach views data as an organizational resource that should be used and managed for the entire organization. The program that manages and controls the data and the interfaces between data and application programs is called the database management system (DBMS). The various advantages of database approach include the following: minimal data redundancy, fewer data inconsistencies, data integration, data sharing, reporting flexibility, central management of data, cross-functional analysis, and data independence. 64) Redundancy has been called an enemy of relational databases. There are several problems that may occur when redundant data is stored in a database. First, the database becomes larger than it needs to be, since duplicate facts are being stored within it. Second, a situation may occur where only one instance of redundant data is updated or purged. The result is that the accuracy and 65) 66) 67) 68) 69) 70) integrity of the database suffers, since users may be relying on such inaccurate or incorrect redundant data. Redundancy can also make file maintenance unnecessarily time consuming and error-prone when human intervention is required. The problems discussed above have been identified as anomalies of a relational database. There are three specific anomalies connected with redundancy: the update anomaly, the insert anomaly, and the delete anomaly. A well-designed relational database will attempt to reduce or eliminate the number of instances of redundant data. The best way to achieve such a goal is proper design of the database for the needs of a specific organization. A DBMS will use data definition, data manipulation, and data query languages in order to perform the three basic, essential data functions. Data definition is achieved using DDL (data definition language); data manipulation is achieved using DML (data manipulation language) which includes operations such as updating, inserting, and deleting portions of the database. DQL (data query language) is used to retrieve, sort, order, and present subsets of data in response to user queries. A DBMS will probably also include a report writer, which is a language that simplifies report creation. DDL is the data definition language used by the DBA (database administrator) to create, initialize, describe logical views, and specify security limits. The DML is the data manipulation used by application programmers who embed these action commands into applications to access data in the database. The DQL is the data query language used by IT professionals and users to interrogate the database by retrieving and presenting data in novel ways often on an ad hoc basis. The report writer is a language used by IT professionals and users that simplifies report creation so reports can be created according to user-specified format. The data dictionary contains information about the structure of the data base. For each data element stored in the database, the data dictionary contains all the descriptive information about it, such as its name, description, where it is recorded, its source, field length, type of field, programs it is used in, outputs that contain it, and authorized users. A data model is an abstract representation of the contents of a database. The majority of new DMBS use what is called the relational data model, developed by Dr. E. F. Codd in 1970. Using this model, everything in the database is stored in the form of tables, known as relations. Keep in mind that this is the conceptual- and external-level schemas (which describes the logical structure of a database), not the actual physical structure of the database itself. In the concept of relations, both rows and columns comprise the database tables. Each row in a relation (table) is called a tuple. Tuples contain data about a specific occurrence of the type of entity represented by that table. For example, in a sales table, each tuple may contain all of the information about a specific customer. Each column in a relation contains information about one specific attribute of that entity. Using the sales example again, the columns in such a table may represent specific characteristics about each sales transaction. Every row in every table must have a unique key known as a primary key. Tables may also have a key known as a foreign key; such a key will have a value corresponding to the primary key in another table. Each column in a table must be single-valued (the same data type) and describe an attribute of the entity identified by the primary key; neither column nor row order is significant in the relational model. Keep in mind that the relational model is a logical model, and the physical model may have a different structure to it to facilitate the storage and access to data. Answers to this question could cover a wide range. Most likely the following items will be discussed or mentioned: -- the probable demise of the double-entry system as the need for such redundancy is much less in a database system. -- financial reporting may become more of accessing a database of corporate data in the format desired by the user than relying on financial reports prepared by accountants. -- accountants will no longer need to be the filter for accounting data as users will be able to do this themselves, thus the accountants may become more decision makers and managers. -- the whole notion of internal controls will become more important in the future if the accountants' role changes in relation to financial reporting Chapter 5 MULTIPLE CHOICE 1. Perhaps the most striking fact about natural disasters in relation to AIS controls is that a) b) c) d) many companies in one locale can be seriously affected at one time by a disaster. losses are absolutely unpreventable. there are a large number of major disasters every year. disaster planning has largely been ignored in the literature. 2. There are four distinct types of threats to an AIS: 1) software errors and equipment malfunctions; 2) unintentional acts; 3) intentional acts; and 4) __________. a) b) c) d) computer fraud data transmission errors human carelessness natural and political disasters 3. Which AIS threat below would be classified an unintentional act? a) b) c) d) a power outage sabotage high winds a logic error 4. Which AIS threat below would be classified as a natural or political disaster? a) b) c) d) Accident Corruption Power outage Terrorist attack 5. Which AIS threat below would be classified a computer crime? a) b) c) d) Innocent error Operating system crash Sabotage Terrorist attack 6. Which AIS threat below would be classified as a software error or equipment malfunction? a) b) c) d) Earthquake Logic error Operating system crash Sabotage 7. An expert from the Information Systems Security Association estimates that the largest single source of security problems for systems is due to a) b) c) d) human errors and omissions. physical threats such as natural disasters. dishonest employees. fraud and embezzlement. 8. Fraud is any and all means a person uses to gain an unfair advantage over another person. Current and former employees of an organization are much more likely to perpetrate fraud than external parties. The act by a person or group of persons resulting in materially misleading financial statements is called a(n) a) b) c) d) misappropriation of assets. employee fraud. fraudulent financial reporting. theft of assets. 9. Most fraud perpetrators are insiders because a) b) c) d) insiders are more dishonest than outsiders. insiders know more about the system and its weaknesses than outsiders. outsiders are more likely to get caught than insiders. insiders have more need for money than outsiders. 10. A majority of fraud perpetrators are a) b) c) d) outsiders. employees. computer hackers. vendors. 11. Misappropriation of assets can also be called a) b) c) d) Computer fraud Employee fraud Fraudulent financial reporting Management fraud 12. Intentional or reckless conduct that results in materially misleading financial statements is called a) b) c) d) financial fraud. misstatement fraud. fraudulent financial reporting. audit failure fraud. 13. The Treadway Commission studied 450 lawsuits against auditors and found that a) b) c) d) misappropriation of assets was the reason for over one-half of the suits. fraudulent financial reporting was the reason for over one-half of the suits. white-collar criminals were responsible for only a fraction of the lawsuits. only in a very few cases were financial statements falsified. 14. Researchers have compared the psychological and demographic characteristics of white-collar criminals, violent criminals, and the general public. They found that a) b) c) d) few differences exist between white-collar criminals and the general public. white-collar criminals eventually become violent criminals. most white-collar criminals invest their illegal income rather than spend it. most white-collar criminals are older and not technologically proficient. 15. Which of the factors listed below is not a common factor for fraud? a) pressure to commit fraud b) opportunity to commit fraud c) desire to get even with the employer d) rationalization for the crime 16. Reasons for committing a fraud include living beyond one's means, having heavy debts, or unusually high bills. Such a motivator for committing a fraud is commonly known as a a) b) c) d) spark. pressure. flash-point. catalyst. 17. Which of the following motivators would be a good indication of financial pressure that would contribute to employee fraud? a) b) c) d) a big change for the better in an employee's lifestyle an employee suddenly acquires lots of credit cards inadequate internal controls too close association with suppliers or customers 18. Which of the following emotions could cause an employee to feel pressured to defraud his employer? a) b) c) d) a feeling of not being appreciated failing to receive a deserved promotion believing that their pay is too low relative to others around them All of the above emotions could be sources of pressure. 19. There are three characteristics associated with most fraud. The characteristic that often takes more time and effort and leaves behind more evidence than other types of fraud is called a) b) c) d) theft. conversion. concealment. embezzlement. 20. In many cases of fraud, the __________ takes more time and effort than the __________ is worth. a) b) c) d) concealment; theft theft; concealment conversion; theft conversion; concealment 21. What is one common way to hide a theft? a) by creating cash through the transfer of money between banks b) by the conversion of stolen assets into cash c) by stealing cash from customer A and then using customer B's balance to pay customer A's accounts receivable d) by charging the stolen item to an expense account 22. In a __________ scheme, customer receipts are stolen and then subsequent payments by other customers are misapplied to cover the theft of the original receipts. a) kiting b) laundering c) bogus expense d) lapping 23. One fraudulent scheme covers up a theft by creating cash through the transfer of money between banks. This is known as a) b) c) d) lapping. misappropriation of assets. kiting. concealment. 24. Characteristics connected with fraud include pressures, opportunities, and rationalizations. Of these characteristics, which one often stems from a lack of internal controls within an organization? a) b) c) d) pressures opportunities rationalizations none of the above 25. Which situation below makes it easy for someone to commit a fraud? a) b) c) d) the organization placing excessive trust in key employees inadequate staffing within the organization company policies within the organization are unclear All of the above situations make it easy for someone to commit a fraud. 26. What is the most prevalent opportunity within most companies to commit fraud? a) b) c) d) the failure to have any internal controls the failure to enforce the system of internal controls the failure to have the correct controls the failure to realize that fraud could occur 27. Characteristics connected with fraud include pressures, opportunities, and rationalizations. Of these characteristics, which one relates to excuses that perpetrators have allowing them to justify their illegal behavior? a) b) c) d) pressures opportunities rationalizations none of the above 28. The US Justice Department defines computer fraud as a) b) c) d) any crime in which a computer is used. an illegal act in which knowledge of computer technology is essential. any act in which cash is stolen using a computer. an illegal act in which a computer is an integral part of the crime. 29. Computer fraud is often much more difficult to detect than other types of fraud because a) perpetrators usually only steal very small amounts of money at a time, thus requiring a long period of time to have elapsed before they're discovered. b) perpetrators can commit a fraud and leave little or no evidence. c) most perpetrators invest their illegal income rather than spend it, thus concealing key evidence. d) most computer criminals are older and are considered to be more cunning when committing such a fraud. 30. Why is computer fraud often more difficult to detect than other types of fraud? a) b) c) d) Rarely is cash stolen in computer fraud. The fraud may leave little or no evidence it ever happened. Computers provide more opportunities for fraud. Computer fraud perpetrators are just cleverer than other types of criminals. 31. Many fraud cases go unreported and unprosecuted for several reasons. Why is this the case? a) Companies are reluctant to report computer crimes because a highly visible computer fraud is a public relations nightmare. b) Such crimes are difficult, costly, and time-consuming to investigate and prosecute. c) Law enforcement and the courts are often too busy with violent crimes that little time is left for fraud cases. d) all of the above 32. Computer fraud can be analyzed using the traditional data processing model. According to this model, the simplest and most common fraud is __________ fraud. a) b) c) d) input processor computer instructions output 33. The simplest and most common way to commit a computer fraud is to a) b) c) d) alter computer input. alter computer output. modify the processing. corrupt the data base. 34. Computer fraud has been categorized into several different classifications. The classification of computer fraud where the perpetrator causes a company to pay for ordered goods, or to pay for goods never ordered is called a) b) c) d) disbursement fraud. inventory fraud. payroll fraud. cash receipts fraud. 35. In a disbursement fraud the company a) b) c) d) pays too much for ordered goods. pays for goods never received. laps cash payments at the bank. Both A and B are correct. 36. How can funds be stolen in payroll fraud? a) by paying a fictitious or ghost employee b) by increasing pay rates without permission c) by keeping a real but terminated employee on the payroll d) All of the above situations are possible. 37. Stealing a master list of customers and selling it to a competitor is an example of a) b) c) d) data theft. output theft. disbursement fraud. a trap door technique. 38. One computer fraud technique is known as data diddling. What is it? a) gaining unauthorized access to and use of computer systems, usually by means of a personal computer and a telecommunications network b) unauthorized copying of company data such as computer files c) unauthorized access to a system by the perpetrator pretending to be an authorized user d) changing data before, during, or after it is entered into the system in order to delete, alter, or add key system data 39. What is a denial of service attack? a) A denial of service attack occurs when the perpetrator sends hundreds of messages from randomly generated false addresses, overloading an Internet service provider's e-mail server. b) A denial of service attack occurs when an e-mail message is sent through a re-mailer, who removes the message headers making the message anonymous, then resends the message to selected addresses. c) A denial of service attack occurs when a cracker enters a system through an idle modem, captures the PC attached to the modem, and then gains access to the network to which it is connected. d) A denial of service attack occurs when the perpetrator e-mails the same message to everyone on one or more Usenet newsgroups LISTSERV lists. 40. The unauthorized copying of company data is known as a) b) c) d) Data leakage Eavesdropping Masquerading Phishing 41. The unauthorized access to and use of computer systems a) b) c) d) Hacking Hijacking Phreaking Sniffing 42. Which of the following is the easiest method for a computer criminal to steal output without ever being on the premises? a) b) c) d) dumpster diving by use of a Trojan horse using a telescope to peer at paper reports electronic eavesdropping on computer monitors 43. Computer fraud perpetrators who use telephone lines to commit fraud and other illegal acts are typically called a) hackers. b) crackers. c) phreakers. d) jerks. 44. Gaining control of someone else's computer to carry out illicit activities without the user's knowledge a) b) c) d) Hacking Hijacking Phreaking Sniffing 45. Illegally obtaining and using confidential information about a person for economic gain a) b) c) d) Eavesdropping Identity theft Packet sniffing Piggybacking 46. Which of the following is not a method of identify theft a) b) c) d) Scavenging Phishing Shoulder surfing Phreaking 47. Which method of fraud is physical in its nature rather than electronic? a) b) c) d) cracking hacking eavesdropping scavenging 48. When a computer criminal gains access to a system by searching records or the trash of the target company, this is referred to as a) b) c) d) data diddling. dumpster diving. eavesdropping. piggybacking. 49. A part of a program that remains idle until some date or event occurs and then is activated to cause havoc in the system is a a) b) c) d) trap door. data diddle. logic bomb. virus. 50. The deceptive method by which a perpetrator gains access to the system by pretending to be an authorized user is called __________. a) b) c) d) cracking. masquerading. hacking. superzapping. 51. Tapping into a communications line and then entering the system by accompanying a legitimate user without their knowledge is called a) b) c) d) superzapping. data leakage. hacking. piggybacking. 52. A fraud technique that slices off tiny amounts from many projects is called the __________ technique. a) b) c) d) Trojan horse round down salami trap door 53. Spyware is a) b) c) d) Software that tells the user if anyone is spying on his computer Software that monitors whether spies are looking at the computer Software that monitors computing habits and sends the data it gathers to someone else None of the above 54. The unauthorized use of special system programs to bypass regular system controls and perform illegal act is called a) b) c) d) a Trojan horse. a trap door. the salami technique. superzapping. 55. Computer fraud perpetrators have developed many methods to commit their acts. One way is to modify programs during systems development allowing access into the system that bypasses normal system controls. This is known as a) b) c) d) a Trojan horse. a trap door. the salami technique. superzapping. 56. A fraud technique that allows the hacker to bypass normal system controls and enter a secured system is called a) b) c) d) superzapping. data diddling. using a trap door. piggybacking. 57. A set of unauthorized computer instructions in an otherwise properly functioning program a) b) c) d) Logic bomb Spyware Trap door Trojan horse 58. A __________ is similar to a __________, except that it is a program rather than a code segment hidden in a host program. a) b) c) d) worm; virus Trojan horse; worm worm; Trojan horse virus; worm 59. Which type of antivirus program is most effective in spotting an infection soon after it starts? a) b) c) d) a virus protection program a virus identification program a virus detection program none of the above 60. How can an organization reduce fraud losses? a) b) c) d) encrypt data and programs use forensic accountants maintain adequate insurance require vacations and rotate duties SHORT ANSWER 61. Define fraud. 62. What are the two kinds of fraud in business? 63. What are the actions recommended by the Treadway Commission to reduce the possibility of fraudulent financial reporting? 64. What are the three common things that happen in a fraud? 65. What techniques are used to conceal theft by fraud? 66. What is a computer fraud? 67. Why is computer fraud on the rise? 68. How can a system be protected from viruses? 69. Discuss antivirus software programs. 70. How does a company make fraud less likely to occur? 71. How can companies reduce losses from fraud? ESSAY 72. What are some of the distinguishing characteristics of fraud perpetrators? 73. What is the difference between a worm and a virus? 74. What are some of the computer fraud techniques used by perpetrators? 75. Why do fraudulent acts often go unreported and are therefore not prosecuted? ANSWER KEY 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12) 13) 14) 15) 16) 17) 18) 19) 20) 21) 22) 23) 24) 25) 26) 27) 28) 29) 30) 31) 32) 33) 34) 35) 36) 37) 38) A D D D C C A C B B B C B A C B A D C A D D C B D B C B B B D A A A D D A D 39) 40) 41) 42) 43) 44) 45) 46) 47) 48) 49) 50) 51) 52) 53) 54) 55) 56) 57) 58) 59) 60) 61) 62) 63) 64) 65) 66) 67) 68) A A A D C B B D D B C B D C C D B C D A D C Fraud is any means a person uses to gain an unfair advantage over another. Fraud usually involves the misrepresentation of facts about a situation and the reliance on that misrepresentation by the victim. Frauds are often called "cons" because they involve a violation of trust or confidence. Employee Fraud is a misappropriation of assets, or theft, by a person or group for personal financial gain. Fraudulent financial reporting is intentional or reckless conduct that results in materially misleading financial statements. Establish an organizational environment that contributes to the integrity of the financial reporting process. Identify and understand the factors that lead to fraudulent financial reporting. Assess the risk of fraudulent financial reporting within the company. Design and implement controls to provide reasonable assurance that the fraudulent financial reporting is prevented Theft of an asset. Conversion to cash (if not already cash). Concealment of the crime Some techniques used to conceal theft by fraud are charging stolen assets to an expense account, lapping or misapplying cash payments from customers and stealing part of the receipts, kiting or creating fictitious bank balances by shuttling monies between bank accounts, and playing the bank float, then stealing some of the cash. Computer fraud is any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution. Not everyone agrees on what constitutes computer fraud and some people may commit computer fraud unwittingly and not be aware of it. Many computer frauds go undetected. The belief that "it just can't happen to us". Most networks have a low level of security. Many Internet sites provide guidance on how to commit computer crimes. Law enforcement is unable to keep up with the number of computer frauds. Most frauds are not reported. The total dollar value of losses is difficult to calculate. Install reliable antivirus software that scans for, identifies, and isolates or destroys viruses. Use caution when copying files on to your diskettes from unknown machines. Ensure the latest versions of the antivirus program available is used. Scan all incoming emails for viruses at the server level. All software should be certified as virus-free before loading it into the system. If you use jump drives, diskettes, or CDs, do not put them in unfamiliar machines as they may become infected. Obtain software and diskettes only from known and trusted sources. Use caution when using or purchasing software or diskettes from unknown sources. Deal with trusted software retailers. Ask whether the software you are purchasing comes with electronic techniques that makes tampering evident. Check new software on an isolated machine with virus detection software before installing on the system. Cold boot to clear and reset the system. When necessary, 69) 70) 71) 72) 73) 74) 75) "cold boot" the machine from a write-protected diskette. Have two backups of all files. Restrict the use of public bulletin boards. There are three types of antivirus software programs. Virus protection programs are designed to remain in computer memory and search for viruses trying to infiltrate the system. When an infection attempt is detected, the software freezes the system and flashes a message to the user. Virus detection programs spot an infection soon after it starts. Virus identification programs scan all executable programs to find and remove all known viruses from the system. A company can decrease fraud by: good hiring and firing practices; good management of unhappy employees; training in fraud awareness; manage and track computer licenses; implement signed confidentiality agreements; maintain visible security; educate the workforce in ethics and the penalties for illegal acts. Maintain adequate insurance. Keep a current backup copy of all program and data files in a secure off-site location. Develop a contingency plan for fraud occurrences and other disasters that might occur. Use special software designed to monitor system activity and help companies recover from frauds and malicious actions. Some distinguishing characteristics of fraud perpetrators are: they tend to spend their illegal income to support their lifestyle; once they begin it becomes harder to stop and they become bolder as each incident happens; once they start to rely on the ill-gotten gains, they become more greedy and sometimes careless and overconfident. In the case of computer criminals, they are often young and have substantial computer knowledge. About two-thirds are men and likely to be an employee of the firm from which they steal. Many are unhappy or disgruntled with their employer because they feel unappreciated and underpaid. Most have no previous criminal record. A computer virus is a segment of executable code that attaches itself to computer software. A virus has two phases: it replicates itself and spreads to other systems or files, and in the attack phase, the virus carries out its mission to destroy files or the system itself. A worm is similar to a virus, except that it is a program rather than a code segment hidden in a host program. A worm can reside in e-mail attachments, which when opened or activated can damage a user's system. Worms can also reproduce themselves by mailing themselves to the addresses found in the recipient's mailing list. Worms do not have long lives, but their lives can be very destructive nonetheless. Various computer fraud techniques include: Trojan horse - unauthorized code hidden in a legitimate program. Round-down technique - rounded off amounts from calculations and the fraction deposited in perpetrator's account. Salami technique - small amounts sliced off and stolen from many projects over a period of time. Trap door - bypass of normal system controls. Superzapping - use of a special program to bypass regular controls. Software piracy - unauthorized copying of software, probably the most committed computer crime. Data diddling - changing data in an unauthorized way. Data leakage - unauthorized copying of data files. Piggybacking - latching onto a legitimate user in data communications. Masquerading or Impersonation - the perpetrator gains access to the system by pretending to be an authorized user. Social engineering - a perpetrator tricks an employee into giving him the information he needs to get into the system. Logic bomb - idle until some event or time triggers it. Hacking - unauthorized access and use of a computer system. Scavenging - gaining access to confidential data by searching corporate records in dumpsters or computer storage. Eavesdropping - observation of private communications by wiretapping or other surveillance techniques. E-mail threats - threatening legal action and asking for money via e-mail. E-mail forgery - removing message headers, using such anonymous e-mail for criminal activity. Denial of service attack - sending hundreds of e-mail messages from false addresses until the attacked server shuts down. Internet terrorism - crackers using the Internet to disrupt electronic commerce and communication lines. Internet misinformation - using the Internet to spread false or misleading information. War dialing - searching for idle modem by dialing thousands of telephones and intruding systems through idle modems. Spamming - e-mailing the same message to everyone on one or more Usenet groups. Most fraud cases go unreported and are not prosecuted for several reasons. Many cases of computer fraud are as yet still undetected. As new technology and methods become available to organizations, prior undetected fraud may be revealed in the future. A second reason is that companies are reluctant to report computer fraud and illegal acts simply because of bad publicity-a highly visible case can undermine consumer confidence in an organization such as a financial institution. Also, the fact that a fraud has occurred may indeed encourage others to attempt to commit further acts against the organization. It would seem that unreported fraud creates a false sense of security, as people think systems are more secure than they are in reality. Another reason for not reporting fraudulent acts is the fact that the court system and law enforcement is busy with violent crimes and criminals in its system. There is little time left to go after a crime where no physical harm is present. Also, the court system tends to treat teen hacking and cracking as "acts of childhood" rather than as serious crimes--this leads to many plea bargains when a computer fraud is brought to trial. Another reason is that a computer fraud case is difficult, costly, and timeconsuming to investigate and prosecute. Before 1986 no federal law existed governing computer fraud. Law enforcement officials, lawyers, and judges generally lack the computer skills necessary to properly evaluate, investigate, and prosecute computer crimes. Sadly, when all is said and done a successful prosecution and conviction of computer fraud results in a very light sentence. All of these factors contribute to the underreporting and lack of prosecution of computer fraud crimes. Not everyone agrees on what constitutes computer fraud: Many networks have a low level of security Many Internet pages give instruction on how to carry out computer crimes Law enforcement has difficulty keep up with the growing number of computer frauds The total dollar value of losses from computer fraud is difficult to estimate. Chapter 6 MULTIPLE CHOICE 1. What is one reason why AIS threats are increasing? a) b) c) d) LANs and client/server systems are easier to control than centralized, mainframe systems. Many companies do not realize that data security is crucial to their survival. Computer control problems are often overestimated and overly emphasized by management. Many companies believe that protecting information is a strategic requirement. 2. Which of the following is not a reason for the increase in security problems for AIS? a) b) c) d) Confidentiality issues caused by interlinked inter-company networks Difficult to control distributed computing networks Increasing efficiency resulting from more automation Increasing numbers of information systems and users 3. One reason why many organizations do not adequately protect their systems is because a) control problems may be overestimated by many companies. b) productivity and cost cutting cause management to forgo implementing and maintaining internal controls. c) control technology has not yet been developed. d) all of the above 4. Any potential adverse occurrence or unwanted event that could be injurious to either the AIS or the organization is referred to as a(n) a) b) c) d) threat. exposure. risk. phenomenon. 5. The potential dollar loss that could result if an unwanted event occurs is called a(n) a) b) c) d) threat. exposure. risk. extraordinary loss. 6. The likelihood that an adverse or unwanted event could occur is referred to as a(n) a) b) c) d) threat. exposure. risk. loss. 7. Accountants must try to protect the AIS from threats. Which of the following would be a measure that should be taken? a) b) c) d) take a proactive approach to eliminate threats detect threats that do occur correct and recover from threats that do occur All of the above are proper measures for the accountant to take. 8. The plan of organization that a business uses to safeguard assets, provide accurate and reliable information, and promote and improve operational efficiency is known as a) b) c) d) a phenomenon. internal control. an AIS threat. a preventive control. 9. Safeguarding assets is one of the primary purposes of internal control. Which of the following is not one of the other primary purposes? a) b) c) d) providing accurate and reliable accounting records promoting operational efficiency ensuring that no fraud has occurred encouraging adherence to management policies 10. Internal control is often referred to as a(n) __________, because it permeates an organization's operating activities and is an integral part of basic management activities. a) b) c) d) event activity process system 11. Which of the following control classifications does not fit with the others listed below? a) b) c) d) preventative detective administrative corrective 12. Which of the following is accomplished by corrective controls? a) b) c) d) identify the cause of the problem correct the resulting errors modify the system to prevent future occurrences of the problem All of the above are accomplished by corrective controls. 13. Duplicate checking of calculations is an example of a __________ control, and adherence to appropriate procedures to resubmit rejected transactions is an example of a __________ control. a) b) c) d) corrective; detective detective; corrective preventive; corrective detective; preventive 14. There are different types of internal controls available to an organization. The type of controls that deters problems before they arise are called a) b) c) d) detective controls. corrective controls. exposure controls. preventive controls. 15. Corrective controls remedy problems discovered with detective controls. What is not a corrective control procedure? a) b) c) d) identify the cause of a problem deter problems before they arise correct resulting errors or difficulties modify the system so that future problems are minimized or eliminated 16. __________ controls are designed to make sure an organization's control environment is stable and well managed. a) b) c) d) Application Detective General Preventive 17. __________ controls prevent, detect and correct transaction errors and fraud. a) b) c) d) Application Detective General Preventive 18. Which of the following federal laws incorporated the language of the AICPA about controls into a law applying to all registered companies? a) b) c) d) Foreign Corrupt Practices Act of 1977 The Securities Exchange Act of 1934 Federal Corruption Prevention Act of 1987 The Securities Act of 1933 19. The primary purpose of the Foreign Corrupt Practices Act of 1977 was a) b) c) d) to require corporations to maintain a good system of internal control. to prevent the bribery of foreign officials by American companies. to require the reporting of any material fraud by a business. All of the above are required by the act. 20. Congress passed this federal law for the purpose of preventing financial statement fraud, to make financial reports more transparent and to strengthen the internal control of public companies. a) b) c) d) Foreign Corrupt Practices Act of 1977 The Securities Exchange Act of 1934 The Sarbanes-Oxley Act of 2002 The Control Provision of 1998 21. Which of the following is not one of the important aspects of the Sarbanes-Oxley Act? a) b) c) d) The creation of the Public Company Accounting Oversight Board New rules for auditors and management New roles for audit committees New rules for information systems development 22. A ________________ helps employees act ethically by setting limits beyond which an employee must not pass. a) b) c) d) Boundary system Diagnostic control system Interactive control system Internal control system 23. A ________________ measures company progress by comparing actual performance to planned performance. a) b) c) d) Boundary system Diagnostic control system Interactive control system Internal control system 24. A ________________ helps top-level managers with high-level activities that demand frequent and regular attention. a) b) c) d) Boundary system Diagnostic control system Interactive control system Internal control system 25. This control framework addresses the issue of control from three vantage points: business objectives, information technology resources, and information technology processes. a) b) c) d) ISACF's control objectives for information and related technology COSO's internal control framework COSO's enterprise risk management framework None of the above 26. This control framework defines internal controls and provides guidance for evaluating and enhancing internal control systems. a) b) c) d) ISACF's control objectives for information and related technology COSO's internal control framework COSO's enterprise risk management framework None of the above 27. This control framework's intent includes helping the organization to provide reasonable assurance that objectives are achieved and problems are minimized, and to avoid adverse publicity and damage to the organization's reputation. a) b) c) d) ISACF's control objectives for information and related technology COSO's internal control framework COSO's enterprise risk management framework None of the above 28. The COSO control model has five crucial components. Which of the following is not one of them? a) control environment b) risk assessment c) compliance with federal, state, or local laws d) monitoring 29. According to the ERM, these help the company address all applicable laws and regulations. a) b) c) d) Compliance objectives Operations objectives Reporting objectives Strategic objectives 30. According to the ERM, high level goals that are aligned with and support the company's mission are a) b) c) d) Compliance objectives Operations objectives Reporting objectives Strategic objectives 31. According to the ERM, these deal with the effectiveness and efficiency of company operations, such as performance and profitability goals. a) b) c) d) Compliance objectives Operations objectives Reporting objectives Strategic objectives 32. According to the ERM, these objectives help ensure the accuracy, completeness and reliability of internal and external company reports. a) b) c) d) Compliance objectives Operations objectives Reporting objectives Strategic objectives 33. Which of the following is not one of the eight interrelated risk and control components of COSO? a) b) c) d) Internal environment Monitoring Risk response Event assessment 34. Which of the following is not one of the reasons COSO developed the more comprehensive ERM framework? a) The internal control framework has too narrow a focus. b) Long-standing internal control systems often have controls that protect against items that are no longer risks. c) Risk should be evaluated first, before controls. d) The Sarbanes-Oxley Act of 2002 required it. 35. Which of the following would be considered a "red flag" for problems with management operating style if the question were answered "yes"? a) Does management take undue business risks to achieve its objectives? b) Does management attempt to manipulate performance measures such as net income? c) Does management pressure employees to achieve results regardless of the methods? d) All of the above statements would raise "red flags" if answered "yes." 36. The audit committee of the board of directors is composed of a) b) c) d) officers of the company. inside directors of the company. outside directors of the company. all of the above 37. The audit committee is responsible for a) b) c) d) overseeing the internal control structure. overseeing the financial reporting process. working with the internal and external auditors. All of the above are responsibilities. 38. Regarding the issue of internal control, the internal environment itself consists of many factors. An issue regarding a conflict of interest should be addressed as a component of which factor? a) b) c) d) organization structure commitment to integrity and ethical values the audit committee of the board of directors management's philosophy and operating style 39. The definition of the lines of authority and responsibility and the overall framework for planning, directing, and controlling is laid out by the a) b) c) d) control activities organizational structure budget framework internal environment 40. Personnel policies such as background checks, mandatory vacations, and rotation of duties tend to deter a) b) c) d) unintentional errors employee fraud or embezzlement fraud by outsiders payroll irregularities 41. The stock exchange or FASB is best described as external influences that directly affect an organization's a) b) c) d) hiring practices philosophy and operating style internal environment methods of assigning authority 42. The internal control model developed by COSO is comprised of five interrelated components. Among these components is the internal environment. Which attribute below is not part of the internal environment? a) the competence of an organization's people b) the integrity of an organization's people c) monitoring activities within the organization itself d) the ethical values of an organization's people 43. The amount of risk a company is willing to accept in order to achieve its goals and objectives is a) b) c) d) Inherent risk Residual risk Risk appetite Risk assessment 44. The risk that remains after management implements internal controls is a) b) c) d) Inherent risk Residual risk Risk appetite Risk assessment 45. The risk that exists before management takes any steps to control the likelihood or impact of a risk is a) b) c) d) Inherent risk Residual risk Risk appetite Risk assessment 46. When undertaking risk assessment, the expected loss is calculated like this. a) b) c) d) Impact times expected loss Impact times likelihood Inherent risk times likelihood Residual risk times likelihood 47. Generally in a risk assessment process, the first step is to a) b) c) d) identify the threats that the company currently faces. estimate the risk probability of negative events occurring. estimate the exposure from negative events. identify controls to reduce all risk to zero. 48. The third component of COSO's internal control model is risk assessment. Part of risk assessment is to identify threats to companies. If a company does the right things in the wrong way, this is known as a) b) c) d) a strategic threat. an operating threat. a financial threat. an information threat. 49. Management can authorize employees to handle routine transactions without special approval. This is known as a) Authorization b) General authorization c) Special authorization d) Specific authorization 50. Good internal control demands that no single employee be given too much responsibility. The segregation of duties is key to fulfilling this demand. Which two functions, when not performed by different employees, will cause a potential internal control problem due to the lack of separation of duties? a) b) c) d) digital signature, specific authorization custody, recording digital signature, general authorization custody, digital signature 51. Regarding project development and acquisition controls, this is developed to show all projects that must be completed to achieve long-range company goals. a) b) c) d) Performance evaluation Project development plan Steering committee Strategic master plan 52. Regarding project development and acquisition controls, a ________ is created to guide and oversee systems development and acquisition. a) b) c) d) Performance evaluation Project development plan Steering committee Strategic master plan 53. Regarding project development and acquisition controls, a ________ shows how a project will be completed, including tasks and who will perform them as well as a timeline and cost estimates. a) b) c) d) Performance evaluation Project development plan Steering committee Strategic master plan 54. The concept of independent checks in transaction processing is illustrated by all of the following except a) b) c) d) reconciliation of independently maintained records. extensive edit checking of input data. comparisons of actual quantities to recorded amounts. record counts of inputs and outputs. SHORT ANSWER 55. What are the three functions of internal controls? 56. What are the two categories of internal controls? 57. What is the difference between general and specific authorization? 58. What was the primary objective of the Foreign Corrupt Practices Act? 59. What is COSO? 60. What are the major components of control as defined in the COSO internal control model report? 61. What is a weakness of the internal control concept of the separation of duties? 62. Classify the following controls as preventive, detective, or corrective: Periodic bank reconciliation. Separation of cash and accounting records. Maintaining backup copies of master and transaction files. Pre-numbering of sales invoices. Chart of accounts. Retina scan before entering a sensitive R & D facility. Resubmission of transactions for subsequent processing. Internal auditor rechecking the debits and credits on the payment voucher. Depositing all cash receipts intact. Qualified accounting personnel ESSAY 63. Provide three reasons why AIS threats are increasing. Briefly discuss each one. 64. Why was the Foreign Corrupt Practices Act of interest to accountants? 65. Discuss the internal (control) environment. 66. Why is management's philosophy and operating style considered to be the most important component of the control environment? 67. What are some of the ways to assign authority and responsibility within an organization? 68. Discuss the weaknesses in COSO's internal control framework that lead to the development of the Enterprise Risk Management framework. ANSWER KEY 1) B 2) C 3) B 4) A 5) B 6) C 7) D 8) B 9) C 10) C 11) C 12) D 13) B 14) D 15) B 16) C 17) A 18) A 19) B 20) C 21) D 22) A 23) B 24) C 25) A 26) B 27) C 28) C 29) A 30) D 31) B 32) C 33) D 34) D 35) D 36) C 37) D 38) B 39) B 40) B 41) C 42) C 43) C 44) B 45) A 46) B 47) A 48) B 49) A 50) B 51) B 52) D 53) C 54) B 55) 56) 57) 58) 59) 60) 61) 62) 63) 64) 65) 66) B Preventive, detective, and corrective General and application Authorizations are often documented by signing, initializing, or entering an authorization code on a transaction document or record. Management may deem that certain transactions are of a routine nature and as such may authorize employees to handle such transactions without special approval. This is known as general authorization. Other transactions may be of such consequence that management grants specific authorization for them to occur. Usually management must approve of such transactions and oversee them to completion, requiring an additional signature required on checks exceeding a given dollar amount. Management should have written policies on both specific and general authorization for all type of transactions. The primary objective of the Foreign Corrupt Practices Act is to prevent the bribery of foreign officials by American companies. The COSO defines internal control as a process implemented by management, the board of directors, and those under their direction to provide reasonable assurance that control objectives are achieved regarding effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations. The major components of control are: the control environment; control activities; risk assessment; information and communication; monitoring of performance. When a system effectively incorporates a separation of duties, it should be difficult for any one employee to defeat the system and commit embezzlement. The problem with the separation of duties comes when two or more employees agree to defeat the system for their own dishonest ends. This problem is known as collusion. When two or more employees act together to defeat the internal controls of the system, they may likely succeed in their endeavor for a time. It is more difficult to detect such activity because the employees may have planned to "cover their tracks." This is why independent review of transaction activity by third parties is important to monitor that internal controls are in place and working as designed. Detective. Preventive. Corrective. Preventive. Preventive. Preventive. Corrective. Detective. Preventive. Preventive Students may provide a variety of acceptable reasons, such as: Client/server systems have proliferated and have enabled large numbers of employees to have access to the information. LANs and client/server systems distribute data to various users and are more difficult to control than centralized systems. EDI and e-commerce have enabled customers and suppliers to access each other's systems and data, making confidentiality a major concern. Organizations are not aggressively protecting their data for various reasons. Computer control problems are often underestimated and downplayed. Control implications of networked systems are not properly reasoned out. Top management does not grasp the effect of security of data and information on survival and profitability of the company. Internal controls become a casualty in cost cutting and productivity measures undertaken by the management. The act is important to accountants because it incorporates the language of the AICPA pronouncement on internal controls. The Act mandates that corporations should keep records that accurately and fairly reflect their transactions and assets in reasonable detail. The internal control system of these organizations should be able to provide reasonable assurance that: a) transactions are properly authorized and recorded; b) assets are safeguarded and protected from unauthorized access; and c) recorded asset values are periodically compared with actual assets and any differences are corrected. The act requires corporations to maintain good systems of internal accounting control. The control environment embraces both individuals and the environment in which they operate in an organization. Individual employees are "the engine" that drives the organization and form the foundation upon which everything in the organization rests. Among the many factors found in the control environment are: 1) a commitment to integrity and ethical values; 2) the philosophy and operating style of management; 3) organizational structure; 4) the audit committee of the board of directors; 5) methods of assigning authority and responsibility; 6) human resources policies and practices; and 7) various external influences. Each of these factors influences the internal control structure of the organization. Likewise, these factors should be examined and analyzed in detail when implementing or evaluating a system of internal controls. 67) Management truly sets the tone for the control environment of a business. If top management takes good control seriously and makes this known to everyone in the organization, then employees down the line will tend to do likewise. Management's attitude toward risk taking and the assessment of risk before acting are indications. Willingness to manipulate performance measures or to encourage employees to do likewise is another indication of attitude. Finally, pressure on subordinates to achieve certain results regardless of the methods used can be a very persuasive indicator of problems. Management concerned about control will assess risk and act prudently, manipulation of performance measures will not be tolerated, and ethical behavior will be instilled in and required of employees. 68) It is incumbent on management to identify specific business objectives and assign such objectives to certain departments and individuals. Management must also hold such departments and individuals responsible and accountable for achieving the assigned business objectives. Ways in which management may assign authority and responsibility is through formal job descriptions, employee training, budgets, operating plans, and scheduling. A formal code of conduct also sets the stage for responsible behavior on the part of employees by defining ethical behavior, acceptable business practices, regulatory requirements, and conflicts of interest. Another useful and important tool is a written policy and procedures manual. 69) Weaknesses in COSO's internal control framework that lead to the development of the ERM model include: 1. It has too narrow a focus. 2. Examining controls without first addressing purposes and risks of business processes gives little context for evaluating results. 3. Existing internal control systems often have controls that protect against items that are no longer risks or are no longer important. 4. Focusing on controls first has an inherent bias toward past problems and concerns. Chapter 7 MULTIPLE CHOICE 1. The AICPA and the CICA have created an evaluation service known as SysTrust. SysTrust follows four principles to determine if a system is reliable. The reliability principle that states that users must be able to enter, update, and retrieve data during agreed-upon times is known as a) b) c) d) availability. security. maintainability. integrity. 2. According to SysTrust, the reliability principle of integrity is achieved when a) the system is available for operation and use at times set forth by agreement. b) the system is protected against unauthorized physical and logical access. c) the system can be maintained as required without affecting system availability, security, and integrity. d) system processing is complete, accurate, timely, and authorized. 3. Which of the following is not one of the five basic principles that contribute to systems reliability according to the Trust Services framework. a) b) c) d) Confidentiality Processing speed Security System availability 4. Which of the following is the foundation of systems reliability? a) b) c) d) Confidentiality Privacy Processing Security 5. Which of the following is not one of the three fundamental information security concepts? a) b) c) d) Information security is a technology issue that hinges on prevention. Security is a management issue, not a technology issue. The idea of defense-in-depth employs multiple layers of controls. The time-based model of security focuses on the relationship between preventive, detective and corrective controls. 6. The trust services framework identifies four essential criteria for successfully implementing each of the principles that contribute to systems reliability. Which of the following is not one of those four essential criteria? a) b) c) d) Developing and documenting policies Effectively communicating policies to all outsiders Designing and employing appropriate control procedures to implement policies Monitoring the system and taking corrective action to maintain compliance with policies 7. Giving users regular, periodic reminders about security policies and training in complying with them is an example of which of the following trust services criteria? a) b) c) d) Policy development Effective communication of policies Design/use of control procedures Monitoring and remedial action 8. Because planning is more effective than reacting, this is an important criteria for successfully implementing systems reliability: a) b) c) d) Policy development Effective communication of policies Design/use of control procedures Monitoring and remedial action 9. If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack, then security is a) b) c) d) effective ineffective overdone undermanaged 10. Preventive controls require two related functions, which are: a) b) c) d) Access and control Authentication and authorization Detection and correction Physical access and logical access 11. Verifying the identity of the person or device attempting to access the system is a) b) c) d) Authentication Authorization Identification Threat monitoring 12. Restricting access of users to specific portions of the system as well as specific tasks, is a) b) c) d) Authentication Authorization Identification Threat monitoring 13. Which of the following is an example of a preventive control? a) b) c) d) Encryption Log analysis Intrusion detection Emergency response teams 14. Which of the following is an example of a detective control? a) b) c) d) Physical access controls Encryption Log analysis Emergency response teams 15. Which of the following is an example of a corrective control? a) b) c) d) Physical access controls Encryption Intrusion detection Emergency response teams 16. Which of the following is not a requirement of effective passwords? a) b) c) d) Passwords should be changed at regular intervals. Passwords should be no more than 8 characters in length. Passwords should contain a mixture of upper and lowercase letters, numbers and characters. Passwords should not be words found in dictionaries. 17. Which of the following is not a requirement of effective passwords? a) b) c) d) Passwords should be changed at regular intervals. Passwords should be no more than 8 characters in length. Passwords should contain a mixture of upper and lowercase letters, numbers and characters. Passwords should not be words found in dictionaries. 18. Multi-factor authentication a) b) c) d) Involves the use of two or more basic authentication methods. Is a table specifying which portions of the systems users are permitted to access. Provides weaker authentication than the use of effective passwords. Requires the use of more than one effective password. 19. An access control matrix a) b) c) d) Does not have to be updated. Is a table specifying which portions of the system users are permitted to access. Is used to implement authentication controls. Matches the user's authentication credentials to his authorization. 20. Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security. a) b) c) d) Training Controlling physical access Controlling remote access Host and application hardening 21. Which of the following preventive controls are necessary to provide adequate security that deals with social engineering? a) b) c) d) Controlling remote access Encryption Host and application hardening Training 22. The device that connects an organization's information system to the Internet is a a) b) c) d) Demilitarized zone Firewall Gateway Router 23. A special purpose hardware device or software running on a general purpose computer which filters information allowed to enter and leave the organization's information system. a) b) c) d) Demilitarized zone Intrusion detection system Intrusion prevention system Firewall 24. This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet. a) b) c) d) Access control list Internet protocol Packet switching protocol Transmission control protocol 25. This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination. a) b) c) d) Access control list Internet protocol Packet switching protocol Transmission control protocol 26. This determines which packets are allowed entry and which are dropped.. a) b) c) d) Access control list Deep packet inspection Stateful packet filtering Static packet filtering 27. Compatibility tests utilize a(n) __________, which is a list of authorized users, programs, and data files the users are authorized to access or manipulate. a) b) c) d) validity test biometric matrix logical control matrix access control matrix 28. This screens individual IP packets based solely on the contents of the source or destination fields in the packet header.. a) b) c) d) Access control list Deep packet inspection Stateful packet filtering Static packet filtering 29. This maintains a table that lists all established connections between the organization's computers and the Internet to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer.. a) Access control list b) Deep packet inspection c) Stateful packet filtering d) Static packet filtering 30. This processes involves the firewall examining the data in the body of an IP packet. a) b) c) d) Access control list Deep packet inspection Stateful packet filtering Static packet filtering 31. This is designed to identify and drop packets that are part of an attack. a) b) c) d) Deep packet inspection Intrusion detection system Stateful packet filtering Static packet filtering 32. This is used to identify rogue modems (or by hackers to identify targets). a) b) c) d) War chalking War dialing War driving None of the above 33. The process of turning off unnecessary features in the system is known as a) b) c) d) Deep packet inspection Hardening Intrusion detection War dialing 34. The most common input-related vulnerability is a) b) c) d) Buffer overflow attack Hardening War dialing Encryption 35. The final layer of preventive controls. a) b) c) d) Authentication Authorization Encryption Intrusion detection 36. The process of transforming normal text into cipher text a) b) c) d) Encryption Decryption Filtering Hardening 37. Which of the following is not one of the three important factors determining the strength of any encryption system? a) Key length b) Key management policies c) Encryption algorithm d) Privacy 38. Which of the following is not one of the three important factors determining the strength of any encryption system? a) b) c) d) Key length Key management policies Encryption algorithm Privacy 39. These systems use the same key to encrypt and to decrypt. a) b) c) d) Asymmetric encryption Hashing encryption Public key encryption Symmetric encryption 40. Which of the following descriptions is not associated with symmetric encryption? a) b) c) d) A shared secret key Faster encryption Lack of authentication Separate keys for each communication party. 41. Which of the following is not associated with asymmetric encryption? a) b) c) d) No need for key exchange Public keys Private keys Speed 42. A process that takes plaintext of any length and transforms it into a short code. a) b) c) d) Asymmetric encryption Encryption Hashing Symmetric encryption 43. These are used to create digital signatures. a) b) c) d) Asymmetric encryption and hashing Hashing and packet filtering Packet filtering and encryption Symmetric encryption and hashing 44. Information encrypted with the creator's private key that is used to authenticate the sender is. a) b) c) d) Asymmetric encryption Digital certificate Digital signature Public key 45. An electronic document that certifies the identity of the owner of a particular public key. a) Asymmetric encryption b) Digital certificate c) Digital signature d) Public key 46. The system and processes used to issue and manage asymmetric keys and digital certificates. a) b) c) d) Asymmetric encryption Certificate authority Digital signature Public key infrastructure 47. The system and processes used to issue and manage asymmetric keys and digital certificates. a) b) c) d) Asymmetric encryption Certificate authority Digital signature Public key infrastructure 48. In a private key system the sender and the receiver have __________, and in the public key system they have __________. a) b) c) d) different keys; the same key a decrypting algorithm; an encrypting algorithm the same key; two separate keys an encrypting algorithm; a decrypting algorithm 49. One way to circumvent the counterfeiting of public keys is by using a) b) c) d) a digital certificate. digital authority. encryption. cryptography. 50. Which of the following describes one weakness of encryption? a) b) c) d) Encrypted packets cannot be examined by a firewall. Encryption protects the confidentiality of information while in storage. Encryption protects the privacy of information during transmission. Encryption provides for both authentication and non-repudiation. 51. This creates logs of network traffic that was permitted to pass the firewall a) b) c) d) Intrusion detection system Log analysis Penetration test Vulnerability scan 52. This uses automated tools to identify whether a given system possesses any wellknown security problems. a) b) c) d) Intrusion detection system Log analysis Penetration test Vulnerability scan 53. This is an authorized attempt by an internal audit team or an external security consultant to break into the organization's information system. a) b) c) d) Intrusion detection system Log analysis Penetration test Vulnerability scan 54. A more rigorous test of the effectiveness of an organization's computer security. a) b) c) d) Intrusion detection system Log analysis Penetration test Vulnerability scan 55. These are established to deal with major security breaches. a) b) c) d) CERTs CSOs FIRSTs Intrusion detection systems 56. The ___________ disseminates information about fraud, errors, breaches and other improper system uses and their consequences. a) b) c) d) Chief information officer Chief operations officer Chief security officer Computer emergency response team SHORT ANSWER 57. Identify the five basic principles that contribute to systems reliability according to the Trust Services framework developed by the AICPA and the CICA. 58. What are the three fundamental information security concepts? 59. What are three ways users can be authenticated? 60. What three factors determine the strength of any encryption system? 61. How does an intrusion detection system work? 62. What is a penetration test? ESSAY 63. Describe four requirements of effective passwords 64. Explain social engineering. 65. What are the problems with symmetric encryption? 66. Explain the value of penetration testing. ANSWER KEY 1) A 2) D 3) B 4) D 5) A 6) B 7) B 8) A 9) B 10) B 11) A 12) B 13) A 14) C 15) D 16) B 17) B 18) A 19) B 20) C 21) D 22) D 23) D 24) D 25) B 26) A 27) D 28) D 29) C 30) B 31) B 32) B 33) B 34) A 35) C 36) A 37) D 38) D 39) D 40) C 41) D 42) C 43) A 44) C 45) B 46) D 47) D 48) C 49) A 50) A 51) A 52) D 53) C 54) C 55) 56) 57) 58) 59) 60) 61) 62) 63) 64) 65) 66) C C Security, confidentiality, privacy, processing integrity, availability. 1. Security is a management issue, not a technology issue. 2. The time-based model of security. 3. Defense-in-depth. Users can be authenticated by verifying: 1. something they know (password). 2. something they have (smart card or ID badge). 3. Something they are (biometric identification of fingerprint). 1. Key length. 2. Key management policies. 3. Encryption algorithm. An intrusion detection system creates logs of network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions. An authorized attempt by either an internal audit team or an external security consultant to break into the organization's information system. 1. Strong passwords should be at least 8 characters. 2. Passwords should use a mixture of upper and lowercase letters, numbers and characters. 3. Passwords should be random and not words found in dictionaries. 4. Passwords should be changes frequently. Social engineering attacks use deception to obtain unauthorized access to information resources, such as attackers who post as a janitor or as a legitimate system user. Employees must be trained not to divulge passwords or other information about their accounts to anyone who contacts them and claims to be part of the organization's security team. Symmetric encryption is much faster than asymmetric encryption, but it has several problems. 1. Both parties (sender and receiver) need to know the shared secret key. 2. Separate secret keys must be maintained for use with each different communication party. 3. There is no way to prove who created a specific document. Penetration testing involves an authorized attempt by an internal audit team or an external security consultant to break into the organization's information system. This type of service is provided by risk management specialists in all the Big Four accounting firms. These specialists spend more than half of their time on security matters. The team attempts to compromise the system using every means possible. With a combination of systems technology skills and social engineering, these teams often find weaknesses in systems that were believed to be secure. Chapter 8 MULTIPLE CHOICE 1. Concerning virtual private networks (VPN), which of the following is not true? a) VPNs provide the functionality of a privately owned network using the Internet. b) Using VPN software to encrypt information while it is in transit over the Internet in effect creates private communication channels, often referred to as tunnels, which are accessible only to those parties possessing the appropriate encryption and decryption keys. c) The cost of the VPN software is much less than the cost of leasing or buying the infrastructure (telephone lines, satellite links, communications equipment, etc.) needed to create a privately owned secure communications network. d) It is more expensive to reconfigure VPNs to include new sites than it is to add or remove the corresponding physical connections in a privately owned network. 2. The goal of information systems controls is a) b) c) d) To ensure that systems objectives are met. To ensure that systems function To ensure that systems are reliable. To ensure that data are confidential. 3. Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers' personal information? a) b) c) d) Choice and consent. Disclosure to third parties. Reimbursement. Use and retention. 4. Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers' personal information? a) b) c) d) Access. Monitoring and enforcement. Registration. Security. 5. A text file created by a website and stored on a visitor's hard disk. a) b) c) d) Validity check Spam Error log Cookie 6. Forms design is an example of this type of control. a) b) c) d) Data entry controls Data transmission controls Output controls Source data controls 7. Sequentially pre-numbered forms is an example of . a) Data entry controls b) Data transmission controls c) Processing controls d) Source data controls 8. Message acknowledgement techniques are an example of a) b) c) d) Data entry controls Data transmission controls Output controls Processing controls 9. File labels are an example of a) b) c) d) Data entry controls Output controls Processing controls Source data controls 10. Turnaround documents are an example of a) b) c) d) Data entry controls Output controls Processing controls Source data controls 11. Input validation checks are an example of a) b) c) d) Data entry controls Data transmission controls Output controls Source data controls 12. Parity checks are an example of a) b) c) d) Data entry controls Data transmission controls Output controls Processing controls 13. Error logs and review are an example of a) b) c) d) Data entry controls Data transmission controls Output controls Processing controls 14. Visual scanning is an example of a) b) c) d) Data entry controls Output controls Processing controls Source data controls 15. User reviews are an example of a) b) c) d) Data entry controls Data transmission controls Output controls Processing controls 16. Data matching is an example of a) b) c) d) Data entry controls Data transmission controls Processing controls Source data controls 17. Batch totals are an example of a) b) c) d) Data entry controls Data transmission controls Output controls Processing controls 18. Check digit verification is an example of a) b) c) d) Data transmission controls Output controls Processing controls Source data controls 19. Data conversion checks are an example of a) b) c) d) Data entry controls Output controls Processing controls Source data controls 20. This determines if the characters in a field are of the proper type. a) b) c) d) Field check Limit check Range check Reasonableness test 21. This ensures that the input data will fit into the assigned field. a) b) c) d) Limit check Range check Size check Validity check 22. This tests a numerical amount to ensure that it does not exceed a predetermined value. a) b) c) d) Completeness check Limit check Range check Sign check 23. This tests a numerical amount to ensure that it does not exceed a predetermined value nor fall below another predetermined value. a) b) c) d) Completeness check Field check Limit check Range check 24. This determines if all required data items have been entered. a) b) c) d) Completeness check Field check Limit check Range check 25. This compares the ID number in transaction data with similar data in the master file to verify that the account exists. a) b) c) d) Reasonableness test Sign check Size check Validity check 26. This determines the correctness of the logical relationship between two data items. a) b) c) d) Range check Reasonableness test Sign check Size check 27. This batch processing data entry control tests if a batch of input data is in the proper numerical or alphabetical sequence. a) b) c) d) Batch total Financial total Hash total Sequence check 28. This batch processing data entry control sums a field that contains dollar values. a) b) c) d) Batch total Financial total Hash total Sequence check 29. This batch processing data entry control sums a non-financial numeric field. a) b) c) d) Batch total Financial total Hash total Sequence check 30. This batch processing data entry control sums the number of items in a batch. a) b) c) d) Batch total Hash total Record count Sequence check 31. This ensures that the correct and most current files are being updated. a) b) c) d) Cross-footing balance test Data matching File labels Write-protect mechanism 32. These find processing errors. a) b) c) d) Cross-footing balance test File labels Recalculation of batch totals Write-protect mechanisms 33. This compares the results produced by more than one method to verify accuracy. a) b) c) d) Concurrent update control Cross-footing balance test Data matching Recalculation of batch totals 34. This protects records from errors that occur when two or more users attempt to update the same record simultaneously. a) b) c) d) Concurrent update controls Cross-footing balance test Data conversion controls Recalculation of batch totals 35. The system and the receiving unit calculate a summary statistic and compare it. a) b) c) d) Echo check Numbered batches Parity check Trailer record 36. This entails verifying that the proper number of bit sare set to the value 1 in each character received. a) b) c) d) Echo check Numbered batches Parity check Trailer record 37. This entails verifying that the proper number of bits are set to the value 1 in each character received. a) b) c) d) Echo check Numbered batches Parity check Trailer record 38. Concerning availability, which of the following statements is true? a) b) c) d) Human error does not threaten system availability. Proper controls can maximize the risk of threats causing significant system downtime. Threats to system availability can be completely eliminated. Threats to system availability include hardware and software failures as well as natural and manmade disasters. 39. This enables a system to continue functioning in the even that a particular component fails, a) b) c) d) Backup procedures Fault tolerance Preventive maintenance None of the above 40. This enables a system to continue functioning in the even that a particular component fails, a) b) c) d) Backup procedures Fault tolerance Preventive maintenance None of the above 41. Every organization should have a disaster recovery plan so that data processing capacity can be restored as smoothly and quickly as possible. Which item below would not typically be part of an adequate disaster recovery plan? a) b) c) d) a system upgrade due to operating system software changes uninterruptible power systems installed for key system components scheduled electronic vaulting of files backup computer and telecommunication facilities 42. ________ involves copying only the data items that have changed since the last backup. a) b) c) d) Archive Backup Differential backup Incremental backup 43. ________ copies all changes made since the last full backup. a) b) c) d) Archive Backup Differential backup Incremental backup 44. While this type of backup takes longer, it's restoration is simpler. a) b) c) d) Archive Backup Differential backup Incremental backup 45. A copy of a database, master file, or software that will be retained indefinitely as a historical record. a) b) c) d) Archive Backup Differential backup Incremental backup 46. A location that is pre-wired for necessary telecommunications and computer equipment. a) a cold site b) a hot site c) a remote sister site d) a subsidiary location 47. A facility that contains all the computing equipment the organization needs to perform its essential business activities. a) b) c) d) a cold site a hot site a remote sister site a subsidiary location 48. Which of the following is not the objective of a disaster recovery plan? a) b) c) d) Minimize the extent of the disruption, damage or loss. Permanently establish an alternative means of processing information. Resume normal operations as soon as possible. Train employees for emergency operations. 49. The most important change management technique is probably a) b) c) d) User rights and privileges are carefully monitored during change process. Changes tested thoroughly prior to implementation. All documentation is updated to reflect changes to the system. Adequate monitoring and review by top management. 50. Which of the following is not a useful control procedure to control access to system outputs? a) b) c) d) Allowing visitors to move through the building without supervision. Coding reports to reflect their importance. Requiring employees to log out of applications when leaving their desk. Restricting access to rooms with printers. SHORT ANSWER 51. Identify a fundamental control procedure for protecting that confidentiality of sensitive information. 52. Identify four source data controls. 53. Identify four data entry controls. 54. Identify four processing controls. 55. Identify four data transmission controls. 56. Identify two output controls. 57. What is fault tolerance? ESSAY 58. Identify four useful procedures for controlling access to system outputs. 59. Identify the 10 internationally recognized best practices for protecting the privacy of customers' personal information. 60. Describe some steps you can take to minimize your risk of identify theft. ANSWER KEY 1) D 2) C 3) C 4) C 5) D 6) D 7) D 8) B 9) C 10) D 11) A 12) B 13) A 14) D 15) C 16) C 17) D 18) D 19) C 20) A 21) C 22) B 23) D 24) A 25) D 26) B 27) D 28) B 29) C 30) C 31) C 32) C 33) B 34) A 35) A 36) C 37) C 38) D 39) B 40) B 41) A 42) D 43) C 44) C 45) A 46) A 47) B 48) B 49) D 50) A 51) Encryption 52) Answers include: forms design, pre-numbered forms sequence test, turnaround documents, 53) 54) 55) 56) 57) 58) 59) 60) cancellation and storage of documents, authorization and segregation of duties, visual scanning, check digit verification, RFID security. Answers include: field check, sign check, limit check, range check, size check, completeness check, validity check, reasonableness check, prompting, pre-formatting, closed-loop verification, transaction log. Answers include: data matching, file labels, recalculation of batch totals, cross-footing balance test, write-protection mechanisms, database processing integrity procedures, concurrent update controls, data conversion controls. Answers include: parity checking, echo check, trailer record, numbered batches. Answers include: user review of output, reconciliation procedures, external data reconciliation. Fault tolerance is the use of redundant components that enable a system to continue functioning in the event that a particular component fails. Not allowing visitors to move through the building without supervision. Coding reports to reflect their importance. Requiring employees to log out of applications when leaving their desk. Restricting access to rooms with printers. Management. Notice. Choice and consent. Collection. Use and retention. Access. Disclosure to third parties. Security. Quality. Monitoring and enforcement. Shred documents containing personal information. Never send personally identifying information in unencrypted email. Beware of email/phone/print requests to verify personal information that the requesting party should already possess. Do not carry your social security card with you. Print only your initials and last name on checks. Limit the amount of other information preprinted on checks. Do not use your mailbox for outgoing mail. Do not carry more than a few blank checks with you. Use special software to digitally clean any digital media prior to disposal. Monitor your credit cards regularly. File a police report as soon as you discover a purse or wallet missing. Make photocopies of driver's license, passports and credit cards and keep in a safe location. Immediately cancel any stolen or lost credit cards. Chapter 9 MULTIPLE CHOICE 1. The American Accounting Association has formulated a general definition of auditing. What is not a characteristic of this general definition? a) Auditing is a systematic process. b) Auditors are responsible for objectively obtaining and evaluating evidence regarding assertions about economic actions and events. c) Auditors are responsible for financial management and the investment of corporate assets. d) Auditors are responsible for communicating the results of audits to interested users. 2. Which characteristics below is not a characteristic of auditing? a) b) c) d) evidence collection establishing audit criteria objectivity systems development 3. Auditing involves the a) b) c) d) collection, review, and documentation of audit evidence. planning and verification of economic events. collection of audit evidence and approval of economic events. testing, documentation, and certification of audit evidence. 4. The purpose of an internal audit is a) b) c) d) to evaluate the adequacy and effectiveness of company's internal controls. to determine the extent to which assigned responsibilities are actually carried out. to collect evidence on whether the company is continuing as a going concern. A and B only 5. The type of audit in which the primary responsibility of the auditors is the management of the organization is a) b) c) d) an external audit. a governmental audit. an internal audit. a public audits. 6. What is not a typical responsibility of an internal auditor? a) b) c) d) helping management to improve organizational effectiveness assisting in the design and implementation of an AIS preparation of the company's financial statements implementing and monitoring of internal controls 7. The Institute of Internal Auditors (IIA) has established five audit scope standards that outline the internal auditor's responsibilities. Which standard below deals with the principles of reliability and integrity? a) determining whether the systems are designed to comply with operating and reporting policies b) review of how assets are safeguarded and verification of their existence as appropriate c) review of company operations and programs to determine whether they are being carried out as planned d) review of operating and financial information and how it is identified, measured, classified, and reported 8. The three different types of audits commonly performed today are a) b) c) d) internal, external, defense contracting. financial, operational, information systems. financial, operational, management. internal, external, public. 9. There are different types of internal audit work. Which type of work listed below is not typical of internal auditors? a) b) c) d) operational and management audits information system audits financial statement audit financial audit of accounting records 10. The __________ audit examines the reliability and integrity of accounting records. a) b) c) d) financial informational information systems operational 11. The __________ audit reviews the general and application controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. a) b) c) d) financial information systems management internal control 12. One type of audit that is concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives corresponds to the fourth and fifth standards set forth by the IIA. This is known as a(n) __________ audit. a) b) c) d) financial information systems internal control operational or management 13. The __________ audit is concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives. a) b) c) d) financial informational information systems operational 14. The purpose of __________ is to determine why, how, when, and who will perform the audit. a) b) c) d) audit planning the collection of audit evidence the communication of audit results the evaluation of audit evidence 15. Practically all audits follow a similar sequence of activities that can be divided into four stages. Organizing the audit team and the physical examination of assets are components of which two separate audit stages? a) b) c) d) audit planning; evaluation of audit evidence audit planning; collection of audit evidence collection of audit evidence; communication of audit results audit planning only 16. With which stage in the auditing process are the consideration of risk factors and materiality most associated? a) b) c) d) audit planning collection of audit evidence communication of audit results evaluation of audit evidence 17. A system that employs various types of advanced technology has more __________ risk than traditional batch processing. a) b) c) d) control detection inherent investing 18. An audit should be planned so that the greatest amount of audit work focuses on the areas with the highest risk factors. Regarding risk factors, control risk is defined as a) the susceptibility to material risk in the absence of controls. b) the risk that a material misstatement will get through the internal control structure and into the financial statements. c) the risk that auditors and their audit procedures will not detect a material error or misstatement. d) the risk auditors will not be given the appropriate documents and records by management who wants to control audit activities and procedures. 19. The possibility that a material error will occur even though auditors are following audit procedures and using good judgment is referred to as a) b) c) d) control risk. detection risk. inherent risk. investigating risk. 20. The __________ part of the auditing process involves (among other things) the auditors observing the operating activities and having discussion with employees. a) b) c) d) audit planning collection of audit evidence communication of audit results evaluation of audit evidence 21. The evidence collection method that is used to gather data about the system is a) reperformance. b) questionnaires. c) valuation. d) none of the above 22. Much of the effort spent in an audit entails the collection of evidence. Verifying the accuracy of certain information, often through communication with certain third parties, is known in the language of the auditor as a) b) c) d) reperformance. confirmation. substantiation. documentation. 23. The evidence collection method that examines all supporting documents to determine the validity of a transaction is called a) b) c) d) review of documentation. vouching. physical examination. analytical review. 24. The evidence collection method that considers the relationship and trends among information to detect items that should be investigated further is called a) b) c) d) review of the documentation. vouching. physical examination. analytical review. 25. Assessing the quality of internal controls, the reliability of information, and operating performance are all part of which stage of the auditing process? a) b) c) d) audit planning collection of audit evidence evaluation of audit evidence communication of audit results 26. One way an auditor gauges how much audit work and testing needs to be performed is through evaluating materiality and seeking reasonable assurance about the nature of the information or process. What is key to determining materiality during an audit? a) determining if material errors exist in the information or processes undergoing audit b) the testing of records, account balances, and procedures on a sample basis c) determining what is and is not important given a set of circumstances is primarily a matter of judgment d) none of the above 27. An auditor must be willing to accept some degree of risk that the audit conclusion is incorrect. Accordingly, the auditor's objective is to seek __________ that no material error exists in the information audited. a) b) c) d) absolute reliability reasonable evidence reasonable assurance reasonable objectivity 28. During all stages of the audit, findings and conclusions are documented in a) b) c) d) audit trails. audit working papers. audit reports. audit objectives. 29. The risk-based audit approach is a) b) c) d) a four-step approach to internal control evaluation. a four-step approach to financial statement review and recommendations. a three-step approach to internal control evaluation. a three-step approach to financial statement review and recommendations. 30. Which of the following is the first step in the risk-based audit approach? a) b) c) d) identify the control procedures that should be in place evaluate the control procedures determine the threats facing the AIS evaluate weaknesses to determine their effect on the audit procedures 31. Determining whether the necessary control procedures are in place is accomplished by conducting a) b) c) d) a systems overhaul. a systems review. tests of controls. none of the above 32. Using the risk-based auditing approach, when the auditor identifies a control deficiency, the auditor should inquire about a) b) c) d) tests of controls. the feasibility of a systems review. materiality and inherent risk factors. compensating controls. 33. The __________ to auditing provides auditors with a clear understanding of possible errors and irregularities and the related risks and exposures. a) b) c) d) risk-based approach risk-adjusted approach financial audit approach information systems approach 34. What is the purpose of an AIS audit? a) b) c) d) to determine the inherent risk factors found in the system to review and evaluate the internal controls that protects the system to examine the reliability and integrity of accounting records to examine whether resources have been used in an economical and efficient manner in keeping with organization goals and objectives 35. There are six objectives of an AIS audit. The objective that pertains to source data being processed into some form of output is a) Objective 1: overall security. b) Objective 2: program development. c) Objective 3: program modifications. d) Objective 4: processing. 36. To maintain the objectivity necessary for performing an independent evaluation function, auditors should not be involved in a) b) c) d) making recommendations to management for improvement of existing internal controls. examining system access logs. examining logical access policies and procedures. developing the system. 37. The auditor's role in systems development should be a) b) c) d) an advisor and developer of internal control specifications. a developer of internal controls. that of an independent reviewer only. A and B above 38. Regarding program modifications, which statement below is incorrect? a) Only material program changes should be thoroughly tested and documented. b) When a program change is submitted for approval, a list of all required updates should be compiled and then approved by management and program users. c) During the change process, the developmental version of the program must be kept separate from the production version. d) After the amended program has received final approval, the change is implemented by replacing the production version with the developmental version. 39. How would auditors determine if unauthorized program changes have been made? a) b) c) d) by interviewing and making inquiries of the programming staff by examining the systems design and programming documentation by using a source code comparison program by interviewing and making inquiries of recently terminated programming staff 40. Which auditing technique will not assist in determining if unauthorized programming changes have been made? a) b) c) d) use of a source code comparison program use of the reprocessing technique to compare program output interviewing and making inquiries of the programming staff use of parallel simulation to compare program output 41. Strong __________ controls sometimes can compensate for inadequate __________ controls. a) b) c) d) development; processing processing; development operational; internal internal; operational 42. The __________ procedure for auditing computer process controls uses a hypothetical series of valid and invalid transactions. a) concurrent audit techniques b) test data processing c) integrated test facility d) dual process 43. The auditor uses __________ to continuously monitor the system and collect audit evidence while live data are processed. a) b) c) d) test data processing parallel simulation concurrent audit techniques analysis of program logic 44. Auditors have several techniques available to them to test computer-processing controls. An audit routine that flags suspicious transactions is known as a) b) c) d) SCARF. an audit hook. an audit sinker. the snapshot technique. 45. When it is suspected that a particular application program contains unauthorized code or serious errors, a detailed analysis of the program logic may be necessary. The auditor has several types of software packages available to help in analyzing program logic. A program which identifies unexecuted program code is a) b) c) d) a mapping program. an audit log. a scanning routine. program tracing. 46. One way to document the review of source data controls is to use a) b) c) d) a flowchart generator program. a mapping program. an input control matrix. a program algorithm matrix. 47. To document the review of source data controls, an auditor may use a) b) c) d) an input control matrix. test data processing. computer audit software. analysis of program logic. 48. The auditor has various software programs available to help in the audit effort. A program that, based on auditor specifications, generates programs that perform certain audit functions is referred to a(n) a) b) c) d) input controls matrix. CAS. VAN. mapping program. 49. The use of a secure file library and restrictions on physical access to data files is a control procedure used in conjunction with a) b) c) d) computer processing controls. data files. program modification procedures. program development. 50. When the auditor wants to read data in different formats and convert it into a single common format, the __________ function of a generalized audit software package is used. a) b) c) d) data selection reformatting file processing statistics 51. One function of CAS is to review data files to retrieve records meeting a specified criteria. What is this function called? a) b) c) d) reformatting file processing data analysis data selection 52. What is the primary purpose of computer audit software? a) b) c) d) to free the auditor from the attest phase of the audit to assist the auditor in reviewing and retrieving information in computer files to look for unauthorized modifications and changes to system program code to assist the auditor in reviewing and retrieving information in accounting records and systems documentation 53. The scope of a(n) __________ audit encompasses all aspects of information systems management. a) b) c) d) operational information systems financial internal control 54. Evaluating effectiveness, efficiency, and goal achievement are objectives of __________ audits. a) b) c) d) financial operational information systems all of the above 55. In the __________ stage of an operational audit, the auditor measures the actual system against an ideal standard. a) b) c) d) evidence collection evidence evaluation testing internal control SHORT ANSWER 56. Name the different types of audits. 57. Name the four major stages of all audits. 58. List and explain the types of risk possible when conducting an audit. 59. Explain why the auditor's role in program development and acquisition should be limited. 60. How and to whom does an auditor communicate the audit results? 61. Why are audit tests and procedures performed on a sample basis? 62. When doing an information systems audit, auditors must review and evaluate the program development process. What two things could go wrong during the program development process? 63. Briefly describe tests that can be used to detect unauthorized program modifications. 64. What does an auditor examine when performing a detailed analysis of program logic? 65. What are embedded audit modules? 66. What is computer audit software or generalized audit software? 67. How is a financial audit different from an information systems audit? 68. Why do all audits follow a sequence of events that can be divided into four stages? 69. What are the types of evidence-gathering activities generally used in an operational audit? ESSAY 70. Name and briefly describe the different types of audits. 71. List and explain the types of risk possible when conducting an audit. 72. What is the risk-based audit approach? 73. a) What is test data processing? b) How is it done? c) What are the sources that an auditor can use to generate test data? 74. Discuss the disadvantages of test data processing. 75. Discuss the collection of evidence in audits. ANSWER KEY 1) c 2) d 3) a 4) d 5) c 6) c 7) d 8) b 9) c 10) a 11) 12) 13) 14) 15) 16) 17) 18) 19) 20) 21) 22) 23) 24) 25) 26) 27) 28) 29) 30) 31) 32) 33) 34) 35) 36) 37) 38) 39) 40) 41) 42) 43) 44) 45) 46) 47) 48) 49) 50) 51) 52) 53) 54) 55) 56) 57) 58) 59) b d d a b a c b b b b b b d c c c b a c b d a b d d c a c c b b c b a c a b b b d b a b b The financial audit. information systems audit. operational or management audit. audit planning. collection of evidence. evaluation of evidence. communication of results . Inherent risk. Control risk. Detection risk. The auditor's role in any organization systems development should be limited only to an independent review of systems development activities. The key to the auditor's role is independence; the only way auditors can maintain the objectivity necessary for performing an independent evaluation function is by avoiding any and all involvement in the development of the system itself. If auditor independence is impaired, the audit itself may be of little value and its results could easily be called into question. 60) The auditor usually prepares a written (or sometimes oral) report summarizing the findings and recommendations with references to supporting evidence in working papers. The report is 61) 62) 63) 64) 65) 66) 67) 68) 69) 70) 71) 72) presented to management, the audit committee, the board of directors, and other appropriate parties. It is not feasible (in terms of time or costs) to perform tests and procedures on the entire set of activities, records, assets, or documents under review. Using statistical sampling, reliable numeric samples can be computed and taken which will give the auditor a good degree of reliability as to the entire set of activities, records, assets, or documents under review. There can be unintentional errors due to misunderstood systems specifications, incomplete specifications, or poor programming. Developers could insert unauthorized code instructions into the program for fraudulent purposes. Source code comparison - use of a computer program to compare the auditor's copy of the source code with the program code currently in use. - on a random basis, the auditor uses a copy of source code to reprocess company data and compares the results with that obtained with the program currently in use. simulation - similar to reprocessing but auditor writes a program instead of using the source code An auditor refers to systems and program flowcharts, program documentation, and a listing or program source code. Embedded audit modules are segments of applications program code that perform audit functions. Computer audit software or generalized audit software are computer programs written for auditors that generate programs to perform audit functions based on the auditor's specifications. Financial audits examine the reliability and integrity of accounting records in terms of financial and operating information. An information systems (IS) audit reviews the general and application controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. Although the AIS may generate accounting records and financial information, it is important that the AIS itself be audited to verify compliance with internal controls and procedures. The auditor's function generally remains the same no matter what type of audit is being conducted. The process of auditing can be broken down into the four stages of planning, collecting evidence, evaluating evidence, and communicating audit results. These stages form a working template for any type of financial, information systems, or operational or management audits. There are six general categories of evidence gathering activities in an operational audit. These activities include reviewing operating policies and documentation, confirming procedures with management and operating personnel, observing operating functions and activities, examining financial and operating plans and reports, testing the accuracy of operating controls, and testing controls. The financial audit - this audit examines the reliability and integrity of accounting records (both financial and operating information). The information systems audit - this audit reviews the general and application controls of an AIS and assesses its compliance with internal control policies and procedures and effectiveness in safeguarding assets. The operational or management audit - this audit conducts an evaluation of the efficient and effective use of resources, as well as an evaluation of the accomplishment of established goals and objectives. Inherent risk - the susceptibility to material risk in absence of controls. Control risk - the risk that a material misstatement will get through the internal control structure and into the financial statements. Detection risk - the risk that auditors and their audit procedures will not detect a material error or misstatement The risk-based audit approach has four steps that evaluate internal controls. This approach provides a logical framework for conducting an audit of the internal control structure of a system. The first step is to determine the threats facing the AIS. Threats here can be defined as errors and irregularities in the AIS. Once the threat risk has been established, the auditor should identify the control procedures that should be in place to minimize each threat. The control procedures identified should either be able to prevent or detect errors and irregularities within the AIS. The next step is to evaluate the control procedures. This step includes a systems review of documentation and also interviewing the appropriate personnel to determine whether the needed procedures are in place within the system. The auditor can then use tests of controls to determine if the procedures are being satisfactorily followed. The fourth step is to evaluate weaknesses found in the AIS. Weaknesses here means errors and irregularities not covered by the AIS control procedures. When such deficiencies are identified, the auditor should see if there are compensating controls that may counterbalance the deficiency. A deficiency in one area may be neutralized given control strengths in other areas. The ultimate goal of the risk-based approach is to provide the auditor with a clear understanding of errors and irregularities that may be in the system along with the related risks and exposures. Once an understanding has been obtained, the auditor may provide recommendations to management as to how the AIS control system can be improved. 73) a) Test data processing is a technique used to examine the integrity of the computer processing controls. b) Test data processing involves the creation of a series of hypothetical valid and invalid transactions and the introduction of those transactions into the system. The invalid data may include records with missing data, fields containing unreasonably large amounts, invalid account numbers, etc. If the program controls are working, then all invalid transactions should be rejected. Valid transactions should all be properly processed. c) The various ways test data can be generated are: A listing of actual transactions. The initial transactions used by the programmer to test the system. A test data generator program that generates data using program specifications 74) The auditor must spend considerable time developing an understanding of the system and preparing an adequate set of test transactions. Care must be taken to ensure that test data does not affect the company's files and databases. The auditor can reverse the effects of the test transactions or process the transactions in a separate run using a copy of the file or database. However, a separate run removes some of the authenticity obtained from processing test data with regular transactions. Also, since the reversal procedures may reveal the existence and nature of the auditor's test to key personnel, it can be less effective than a concealed test. 75) Since the audit effort revolves around the identification, collection, and evaluation of evidence, most audit effort is spent in the collection process. To identify, collect, and evaluate evidence, several methods have been developed to assist in the effort. These methods include: 1) the observation of the activities being audited; 2) a review of documentation to gain a better understanding of the AIS; 3) discussions with employees about their jobs and how procedures are carried out; 4) the creation and administration of questionnaires to gather data about the system; 5) physical examination of tangible assets; 6) confirmation of the accuracy of certain information; 7) reperformance of selected calculations; 8) vouching for the validity of a transaction by examination of all supporting documentation; and, 9) analytical review of relationships and trends among information to detect items that should be further investigated. It is important to remember that only a sample of evidence is collected for audit purposes, as it is not feasible to perform audit procedures on the entire set of activities, records, assets, or documents that are under the review process in an audit. Chapter 10 MULTIPLE CHOICE 1. The credit manager reports to the __________ and the treasurer reports to the __________. a) b) c) d) controller; vice president of finance treasurer; controller marketing manager; vice president of finance treasurer; vice president of finance 2. The revenue cycle is a recurring set of business activities and related information processing operations associated with providing goods and services to customers and collecting cash in payment for those sales. With whom is the primary external exchange of information? a) b) c) d) competitors creditors customers marketing organizations 3. What is the primary objective of the revenue cycle? a) b) c) d) to maximize revenue and minimize expense to reduce outstanding accounts receivable balances through increased cash sales to provide the right product in the right place at the right time at the right price to sell as much product as possible and/or to maximize service billings 4. To accomplish the objectives set forth in the revenue cycle, a number of key management decisions must be addressed. Which of the decisions below is not ordinarily found as part of the revenue cycle? a) b) c) d) What credit terms should be offered? How often should accounts receivable be subjected to audit? How can customer payments be processed to maximize cash flows? What are the optimal prices for each product or service? 5. Which of the activities listed below is not part of the revenue cycle? a) b) c) d) sales order entry shipping receiving billing 6. In addition to the sales order entry process there are three other processes in the revenue cycle. Which of the following is not one of them? a) b) c) d) shipping billing general ledger cash collections 7. One way to improve sales order entry efficiency is by allowing customers to enter sales order data themselves. This can be accomplished for both in-store, mail order, and Web site sales. Such interactive sales order entry systems are referred to as a) b) c) d) bulletin boards. smorgasbords. catalogue boards. choiceboards. 8. One way to improve sales order entry efficiency is by allowing customers to enter sales order data themselves. For example, retail stores would send their orders directly to a sales order system in a format that would eliminate the need for data entry. This could be achieved using a) b) c) d) VMI. EDI. POS. VAN. 9. Matching customer accounts and inventory item numbers to the information in the customer and inventory master files is an example of a a) b) c) d) completeness test field check reasonableness test validity check 10. During the sales order entry process, a __________ is performed to compare the quantity ordered with the standard amounts normally ordered. a) b) c) d) completeness test redundant data check field check reasonableness test 11. During the sales order entry process, a __________ is performed to verify that each transaction record contains all appropriate data items. a) b) c) d) completeness test redundant data check field check reasonableness test 12. A number of edit checks should be performed to ensure that all of the data required to process an order have been collected and accurately recorded. The edit check that compares a quantity being ordered to past history for that item and customer is called a) b) c) d) a validity check. a reasonableness test. a completeness test. a limit check. 13. In the revenue cycle, a customer places an order for a certain product. Before the order is checked for inventory availability, what step should be taken? a) b) c) d) The customer's credit should be checked for a sale on account. The sales order should be created and written to a file. Shipping should be notified of an order in process. A picking list should be generated for the warehouse. 14. How is credit approval generally handled for well-established customers with a documented payment history? a) b) c) d) specific authorization by the credit manager routine approval is usually granted a new credit application is taken a formal credit check is made for each sale 15. The maximum allowable account balance for a given customer is called the a) b) c) d) credit checkpoint. credit limit. reorder point. backorder point. 16. What is the normal procedure for new customers or customers making a purchase that causes their credit limit to be exceeded? a) b) c) d) routine approval is granted without authorization specific approval must be granted by the credit manager reject the sale in either case without question check the credit bureau for a credit rating on the customer 17. Why should inventory quantities on hand be checked before a sale is actually made? a) b) c) d) to inform the customer about availability and delivery times to know which items must be back ordered to inform inventory control of mistakes in the inventory records A and B above 18. When an inventory item that is not in stock has been ordered by a customer, a back order is sent to the a) b) c) d) production department. purchasing department. billing department. A and B above 19. Customer inquiries during the sales order process are best handled by a) b) c) d) a sales order and customer service person. accounting personnel. the credit manager. A and C above 20. Responding to customer inquiries and general customer service is an important aspect in the revenue cycle. Since customer service is so important, software programs have been created to help manage this function. These special software packages are called a) b) c) d) EDI systems. POS systems. VMI systems. CRM systems. 21. Another essential part of the revenue cycle is filling customer orders and shipping merchandise to customers. Automating warehouse systems cut costs, improve efficiency, and enable more customer-responsive shipments. The essential element(s) required for an automated perpetual inventory system consist(s) of a) b) c) d) conveyor belts and forklifts conveyor belts and forklifts equipped with RFDC conveyor belts bar-code scanners 22. Once a customer order has been approved, which document is produced next? a) b) c) d) the sales invoice the packing slip the remittance advice the purchase order 23. In a shipping department, a __________ is a legal contract that defines responsibility for goods that are in transit. a) b) c) d) packing slip bill of lading picking list back order 24. The __________ is a legal contract that defines responsibility for the goods that are in transit. a) b) c) d) bill of lading freight bill sales order order acknowledgement 25. Two documents usually accompany goods sent from the vendor to the customer. What are these two documents? a) b) c) d) a bill of lading and an invoice a packing slip and a bill of lading an invoice and a packing slip an invoice and a sales order 26. For a given order, assume that goods have been picked for shipment and the items and quantities have been entered into the system. Which system update below is not triggered by these actions? a) b) c) d) any back orders are initiated inventory quantities are updated the customer accounts receivable is posted shipping documents such as the bill of lading are produced 27. The third basic activity in the revenue cycle involves billing customers and maintaining accounts receivable. What is the basic document created in the billing process? a) the bill of lading b) the purchase order c) the packing list d) the sales invoice 28. A company uses an invoice method whereby customers typically pay according to each invoice. This is the __________ method. a) b) c) d) monthly statement open-invoice balance forward cycle billing 29. A type of accounts receivable system that matches specific invoices and payments from the customer is called a(n) __________ system. a) b) c) d) closed invoice balance forward cycle billing open invoice 30. A customer returns a document along with cash payment. The document identifies the source and the amount of the cash payment. It is called a a) b) c) d) remittance advice. remittance list. credit memorandum. debit memorandum. 31. With a(n) __________ system, customers pay according to the amount showing on their monthly statement and payments are simply applied against the total account balance. a) b) c) d) closed invoice open invoice balance forward invoice forward 32. In billing systems, the __________ is sent to the customer that summarizes all transactions occurring during a given period of time and it indicates the amount due. a) b) c) d) remittance list monthly statement invoice aging report 33. When a customer pays off the balance on an invoice, the transaction is credited to the __________ file. a) b) c) d) customer master sales transaction cash receipts All of the above are correct. 34. A type of business document in which part of the original document is returned to the source for further processing is called a __________ document. a) feedback b) returnable c) closed-loop d) turnaround 35. A __________ system spreads out the monthly statements to customers over the entire month with the idea being that the processing load and cash flow will be more even. a) b) c) d) closed invoice open invoice cycle billing balance forward 36. The last step in the revenue cycle is cash collections. The accounts receivable department must know when customers pay their invoices, yet segregation of duty controls dictate that the collection and recording functions be kept separate from each other. What is a solution to this potential internal control problem? a) b) c) d) have customers send a remittance advice with their payment have mailroom personnel prepare a remittance list which can be forwarded to accounts receivable establish a lockbox arrangement with a bank all of the above 37. The benefits of a cash lockbox system are maximized when a) b) c) d) the bank is located close to the company. several banks around the country are used. only one bank is designated. EFT is used. 38. A system where the bank electronically notifies a company about customers' remittances received through the postal system is known an a) b) c) d) e-cash system. electronic lockbox. electronic funds transfer (EFT). electronic data interchange (EDI). 39. When customers send their remittances electronically to the company's bank, this is called a) b) c) d) FEDI. EFT. to use procurement cards. an electronic lockbox. 40. Automating the cash collection process is a desirable goal of the organization. A way to incorporate the advantages of EDI with the electronic funds transfer process is a) b) c) d) FEDI. EFT. to use procurement cards. an electronic lockbox. 41. Key differences exist when an integrated Enterprise Resource Planning system (ERP) replaces an existing AIS or legacy system. For example, __________ are more accurate and timely, enabling sales order entry staff to provide customers more accurate information about delivery dates. a) b) c) d) inventory records cash receipts credit approval decisions exception reports 42. When an ERP is used, it is assumed that there will be increases in efficiency and the effectiveness of the activities related to the revenue cycle. However, what must be in place and functioning well to fully realize these benefits? a) b) c) d) an effective marketing staff all the components of the expenditure cycle adequate controls adequate system flowchart documentation 43. Well-designed AIS controls must ensure that all transactions are authorized, valid, and properly recorded. In addition, there are three other AIS objectives. Which is not an AIS objective? a) b) c) d) transactions are recorded accurately transactions are matched into the proper time period assets are safeguarded from loss or theft business activities are performed efficiently and effectively 44. The activities involved in soliciting and processing customer orders within the revenue cycle are known as the __________. a) b) c) d) sales order entry process shipping order process revenue process marketing process 45. To ensure proper separation of duties the __________ makes decisions concerning issuance of credit memos. a) b) c) d) accounts receivable supervisor warehouse manager credit manager cashier 46. It has been discovered that credit sales have been made to customers with a poor credit rating. If this activity continues, the company may face uncollectible sales and losses due to bad debts. What applicable control procedure may help the company to gain control over this situation? a) b) c) d) separation of shipping and billing duties credit approval by a credit manager and not marketing personnel data entry application controls price lists 47. Consider the following revenue cycle scenario: The company has been exposed to customer dissatisfaction and the suggested control procedure to be implemented is to install and use bar-code scanners. What is the threat? a) b) c) d) The company may be shipping the wrong merchandise. The company may be shipping the wrong quantities of merchandise. The company may be shipping orders to the wrong address. All of the above threats may apply to this scenario. 48. Which of the following would be the least effective control to minimize the loss of inventory? a) b) c) d) secure the storage location of inventory release inventory only with proper documentation periodically back up all perpetual inventory records reconcile the physical and book inventories 49. One applicable control procedure is to separate the shipping and billing functions within an organization. This control feature is designed to neutralize the threat of a) b) c) d) the failure to bill customers. billing errors. loss of data. poor performance. 50. A company fails to bill customers due to a lack of controls. The exposure the company faces is a) b) c) d) customer dissatisfaction. an overstated accounts receivable balance. a loss of inventory and revenue. uncollectible sales and losses due to bad debts. 51. All of the following edit checks for online editing of accounts receivable transactions would probably be included except a) b) c) d) validity checks on customer and invoice numbers. check digit verification on the amount of the sale. closed loop verification on the customer name to ensure the proper account is being updated. field checks on the values in dollar fields. 52. When a proper segregation of duties exists in the area of handling cash receipts, the __________, who reports to the __________, actually handles the cash and is not the same person who posts cash receipts to customer accounts. a) b) c) d) cashier; treasurer cashier; controller accountant; treasurer accountant; controller 53. In a cash collection system with proper controls, the __________ function, responsible to the __________, is separate and distinct from the cash handling activities. a) b) c) d) accounts receivable; treasurer accounts receivable; controller cashier; controller cashier; treasurer 54. A serious exposure for an organization that is connected with the revenue cycle is the loss of assets. What is the related threat and applicable control procedure association with this exposure? a) b) c) d) shipping errors; reconciliation of sales order with picking ticket and packing slip theft of cash; segregation of duties and minimization of cash handling loss of data; backup and recovery procedures poor performance; preparation and review of performance reports 55. Which of the following duties could be performed by the same individual and not violate segregation of duty controls? a) b) c) d) handling cash and posting to customer accounts issuing credit memos and maintaining customer accounts handling cash and authorizing credit memos handling cash receipts and mailing vendor payments 56. To prevent the loss of valuable data in the revenue cycle, internal file labels can be used to a) b) c) d) keep competitors from accessing files. record off-site storage locations. organize the on-site physical storage site. reduce the possibility of erasing important files. 57. In the shipping area of the company, the __________ is used to obtain the goods from the warehouse facility and prepare them for shipment to the customer. a) b) c) d) picking ticket packing slip bill of lading invoice SHORT ANSWER 58. a) Define revenue cycle. b) What are the basic revenue cycle activities? 59. Explain how validity checks, completeness tests and reasonableness tests can be users to ensure accuracy of customer ordes. 60. What is a CRM system? 61. How can EDI help the billing and account receivable process? 62. How does a company avoid overbilling customers for items not yet shipped? 63. In billing and accounts receivable, what documents are commonly used? 64. Why is credit approval an important part of the revenue cycle? 65. Name and briefly define the two types of accounts receivable systems. 66. What is cycle billing? 67. Poor performance in the area of cash collections is a threat to the business. What controls can be used to help neutralize this threat? 68. A well-designed AIS should provide adequate controls to ensure that objectives in the revenue cycle are met. What are those objectives? ESSAY 69. Discuss ways in which information technology can be used to streamline cash collections. 70. Describe four threats and identify appropriate controls for each threat in the revenue cycle. 71. Discuss the general control issue of the loss of data as it relates to the revenue cycle. 72. Explain how to effectively segregate duties in the sales order cycle. 73. Discuss the revenue cycle threat of stockouts, carrying costs, and markdowns. ANSWER KEY 1) D 2) C 3) C 4) B 5) C 6) C 7) D 8) B 9) D 10) D 11) A 12) B 13) A 14) B 15) B 16) B 17) D 18) A 19) A 20) D 21) D 22) B 23) B 24) A 25) B 26) C 27) D 28) B 29) D 30) A 31) C 32) B 33) A 34) D 35) C 36) D 37) B 38) B 39) B 40) A 41) A 42) 43) 44) 45) 46) 47) 48) 49) 50) 51) 52) 53) 54) 55) 56) 57) 58) 59) 60) 61) 62) 63) 64) 65) C B A C B D C A C B A B B D D A a) The revenue cycle is a recurring set of business activities and related information processing operations associated with providing goods and services to customers and collecting cash in payment for those sales. b) The basic activities in the revenue cycle are: order entry - soliciting and processing customer activities- filling customer orders and shipping merchandise- invoicing customers and maintaining customer accounts collections - the cashier handles remittances and deposits them in the bank; accounts receivable personnel credits customer accounts for the payments received Validity checks can be used to compare the customer and inventory information on the customer order with the information in the customer and inventory master files. A completeness test can ensure that all the necessary information is present on the customer order. A reasonableness test can compare the quantity ordered with the customer's past order history for that item. CRM stands for customer relationship management. Since customer service is so important today, special CRM software packages have been created that support this vital process. CRM systems help a company to organize detailed data about customers so that more personalized service can be given to them. A CRM system may retain customer preferences and customer transaction history, which can be used to suggest other products the customer may wish to purchase. The system could also take a pro-active marketing approach in contacting customers at certain re-order points. A well-implemented CRM system can help the business achieve the goal of turning satisfied customers into loyal customers. The basic document created in the billing process is the sales invoice. Many companies still print paper invoices and send them to customers in the mail. Batch processing of invoices may create cash flow problems because of the time it takes invoices to flow through the regular mail system. Companies that use EDI can create quicker turnaround for payment, and save costs by reducing paper handling and processing. Depending on the number of invoices processed per year, these savings can be significant. By having the shipping department personnel enter actual quantities shipped into the system that processes and creates the sales invoices. Sales invoice notifies customer of amount to be paid. Monthly statement summarizes all transactions that occurred during month. Credit memo authorizes the billing department to credit the customer's account, should be issued by credit manager Most business-to-business sales are made on credit. Key to revenue cycle success is the approval of credit sales before they are processed and goods shipped. A part of good control in this area is to establish a credit limit for customers. With new customers, or when orders exceed a customer's credit limit, or the customer has a past due balance, specific authorization for the credit manager should specifically authorize and approve further credit. The system can also be programmed to do a limit check for each order processed to maintain further control in this area. Also, marketing personnel should not make credit decisions, as a potential conflict of interest is possible. Open invoice system - customers pay the invoice by returning a remittance advice turnaround document and a check. Remittances are applied against specific open invoices.The open-invoice method can be used to offer discounts for prompt payments since invoices are individually 66) 67) 68) 69) 70) 71) tracked. However, such individual tracking adds complexity in maintaining information. Balanceforward method - customers pay according to the amount shown on a monthly statement and remittances are applied against the total outstanding balance; this method is used by department stores typically where customers make a large number of smaller dollar amount purchases. Cycle billing is spreading out the customer base so that a portion of the billing is done each day to a group of customers. Credit card and utility companies use it extensively because of their large customer bases. The advantage of this method is that the billing load is dispersed and the cash flow of the company is evened out dramatically. Both accounts receivable and cash flows should be monitored. Segregation of duty controls should always be implemented and monitored for compliance. Also, a control used to deal with accounts receivable (which directly impacts cash flow) is to use an accounts receivable aging schedule. This schedule lists customer account balances by length of time outstanding and provides information for estimating bad debts. It can also assist in evaluating credit policies and specific customer credit limits. Also, a cash budget can be used to provide a more precise estimate of cash inflows (cash collected from sales) and cash outflow (outstanding payables). An organization can be alerted to a pending cash flow shortage, thus enabling it to secure short-term financing at competitive rates to deal with the problem in a timely manner. 1. All transactions are properly authorized. 2. All recorded transactions are valid. 3. All valid, authorized transactions are recorded. 4. All transactions are recorded accurately. 5. Assets are safeguarded from loss or theft. 6. Business activities are performed effectively and efficiently. Answers may include the following points: A lockbox system can reduce delays due to processing and geographical distance between customer and company. Customers send remittances to a nearby P.O. box; a local bank picks up remittances, deposits cash and sends remittance advices and copies of all checks to the company. The main disadvantage is cost; the banks charge a service fee up to 1% of the cash processed through the system. Information technology can provide additional efficiencies in the use of lockboxes. An electronic lockbox sends electronic notification of remittances to the company. This method enables the company to begin applying remittances to customer accounts before the photocopies of the checks arrive. ---- An EFT system eliminates paper checks and uses electronic payments between banks. Integrating EFT and EDI, called the financial electronic data interchange, automates billing and cash collections. ---Procurement cards or credit cards can be used. These cards eliminate the risks and costs associated with creating and maintaining accounts receivable, but cost between 2% to 4% of the gross sales price. Threat 1: Sales to customers with poor credit - Controls: Having an independent credit approval function and maintaining good customer accounting can help to prevent problems. 2: Shipping errors - Controls: Reconciling shipping notices with picking tickets; bar-code scanners; and data entry application controls will help to catch these errors. 3: Theft of inventory - Controls: Secure the location of inventory and document transfers; release only with valid shipping orders; have good accountability for picking and shipping; and finally, periodically reconcile records with a physical count. 4: Failure to bill customers - Controls: Separating shipping and billing and prenumbering of shipping documents helps along with reconciliation of all sales documents. 5: Billing errors - Controls: Reconciliation of picking tickets and bills of lading with sales orders; data entry edit controls; and price lists may prevent billing errors. 6: Theft of cash - Controls: Segregation of duties is essential to prevent this serious problem (the following duties should be separate: handling cash and posting to customer accounts; handling cash and authorizing credit memos and adjustments; issuing credit memos and maintaining customer accounts); use of lockboxes for receipts and EFT for disbursements; mailing customer statements monthly; use cash registers in retail operations where cash payments are received; deposit cash daily in the bank; and have the bank reconciliation function performed by independent third parties. 7: Posting errors in updating accounts receivable - Controls: Use of editing and batch totals is essential here. 8: Loss of data - Controls: Regular backups are essential with one copy stored off-site; and logical and physical access controls to prevent leakage to competitors and irregularities. 9: Poor performance Controls: Use sales and profitability analyses; accounts receivable aging; and cash budgets to track operations. One of the two general objectives that pertain to all revenue cycle activities is the loss of data. The primary threats related to the data availability objective are the loss of data and access controls. It is imperative that accurate customer account and inventory records be maintained for external and internal reporting purposes and for customer inquiries. Such records must be protected from loss and damage by using backup files. One backup file should be kept on-site, while a second should be kept off-site. Backup files of the most recent transactions should also be maintained. Also, all disks and tapes should have both external and internal file labels to reduce the possibility of accidental erasure of important files. Access controls are also important as a general control. Unauthorized access to information may cause leaks of the information to competitors and the risk of damage to sensitive and important data files. Employees should have certain access restrictions to help prevent this threat from occurring. Passwords and user IDs will help to limit access to files and the operations allowed to be performed on files. For example, the sales staff should not be allowed write-access to customers' credit limit and approval information. Individual terminals should also have access controls in place. An example of this control would be to prevent someone at a shipping dock terminal from entering a sales transaction order. Another control that should be put in place is to require activity logs of any management approved transaction. Such a log should be maintained for audit trail purposes. 72) Recording - should be done by sales order personnel - by the credit manager, not sales order, also, use of sales order to authorize release of goods to shipping. - separate warehouse and stores personnel, and shipping, all separate from sales. Because a computer does recording and authorization, it is important to ensure integrity of the programs and to perform edit checks on any online entries 73) Stockouts, carrying costs, and markdowns are a threat in the sales order entry process. The problem with stockouts is that when goods are not available to ship to customers, the business risks losing the sale to a competitor that can provide the goods in a timely manner. The opposite problem can also occur where excess inventory increases carrying costs, with the result that markdowns may be necessary in order to sell the inventory. Two controls can be implemented to cope with this threat. One control that can be put into place is to establish accurate inventory control. An AIS with real-time online capabilities can be programmed to use the perpetual inventory method. This will ensure that accurate records are maintained about the quantity of inventory for sale. This will eliminate mistakes in placing orders for goods when a sufficient inventory amount is on hand. Periodic physical counts of inventory will also verify the perpetual amounts recorded by the AIS. Another important control in this situation is that of accurate sales forecasting. Proper marketing efforts should be made in conjunction with regularly reviewing sales forecasts for accuracy. Such forecasts should be revised as necessary. Sales force marketing efforts should be commensurate with inventory levels as well. Chapter 11 MULTIPLE CHOICE 1. In the expenditure cycle, the primary external exchange of information occurs with a) b) c) d) customers. suppliers. management. the audit committee. 2. Within the expenditure cycle, internal information flows a) b) c) d) from the production cycle to the expenditure cycle. from the revenue cycle to the expenditure cycle. to the general ledger from the expenditure cycle. All of the above are correct. 3. To accomplish the objectives set forth in the expenditure cycle, a number of key management decisions must be addressed. Which of the decisions below is not ordinarily found as part of the expenditure cycle? a) b) c) d) How can cash payments to vendors be managed to maximize cash flow? What is the optimal level of inventory and supplies to carry on hand? Where should inventories and supplies be held? What are the optimal prices for each product or service? 4. There are three basic activities in the expenditure cycle. One of the basic activities is the receiving and storage of goods, supplies, and services. What is the counterpart of this activity in the revenue cycle? a) b) c) d) the sales order entry process the shipping function the cash collection activity the cash payments activity 5. The first major business activity in the expenditure cycle is ordering inventory and supplies. The traditional approach to management of inventory to ensure sufficient inventory to maintain production is known as a) b) c) d) safety stock. just-in-time production. economic order quantity. optimal inventory quantity. 6. EOQ includes several variables that must be taken into consideration when calculating the optimal order size. One variable, the costs associated with holding inventory, is referred to as a) b) c) d) ordering costs. carrying costs. the reorder point. stockout costs. 7. The decision of when to place an order in a traditional inventory system is specified by the a) company inventory policies. b) economic order quantity. c) stockout point. d) reorder point. 8. When goods are being ordered from a vendor, which electronic files are either read or updated? a) b) c) d) inventory, vendors, and accounts payable vendors and accounts payable open purchase orders and accounts payable inventory, vendors, and open purchase orders 9. One alternative approach to managing inventory is materials requirements planning (MRP). What is a key feature of this approach? a) b) c) d) to minimize or entirely eliminate carrying and stockout costs to reduce required inventory levels by scheduling production rather than estimating needs to determine the optimal reorder point to determine the optimal order size 10. The major advantage of an MRP inventory system is that it reduces inventory levels. This is because a) the uncertainty about when materials are needed is reduced, thus reducing the need to carry large levels of inventory. b) the system is able to compute exactly the cost of purchasing by taking into account all costs associated with inventory carrying. c) inventory is brought to the production site exactly when needed and in the correct quantities by the vendor. d) None of the above are correct. 11. The inventory management approach that attempts to minimize, if not eliminate, carrying and stockout costs is a) b) c) d) the materials requirements planning. the economic order quantity. a just-in-time inventory system. There is no such inventory management approach. 12. What aspect below best characterizes a JIT inventory system? a) b) c) d) frequent deliveries of smaller quantities of items to the work centers frequent deliveries of large quantities to be held at the work centers less frequent deliveries of large quantities of goods to central receiving infrequent bulk deliveries of items directly to work centers 13. What is the key difference between the MRP and JIT inventory management approaches? a) b) c) d) Only JIT reduces costs and improves efficiency. MRP is especially useful for products such as fashion apparel. JIT is more effectively used with products that have predictable patterns of demand. MRP schedules production to meet estimated sales needs; JIT schedules production to meet customer demands. 14. MRP will be a preferred method over JIT when the a) b) c) d) demand for inventory is fairly predictable. demand for inventory is mostly unpredictable. product has a short life cycle. None of the above are correct. 15. A key decision in ordering is selecting a suitable vendor. Which of the following would not be a major criterion in vendor selection? a) b) c) d) prices of goods quality of goods credit rating of the vendor ability to deliver on time 16. Once a vendor is selected for a product, the company's identity is recorded in the a) b) c) d) general ledger. purchase requisition file. product inventory transaction file. product inventory master record. 17. The paper document or electronic form that formally requests a supplier to sell and deliver specified products at designated prices is called a) b) c) d) a purchase order. a materials requisition. a sales invoice. a receiving report. 18. A purchase order is a) b) c) d) a document formally requesting a vendor to sell a certain product at a certain price. a request for delivery of certain items and quantities. a contract between the buyer and vendor once accepted by the vendor. All of the above are true. 19. A standing order to purchase specified items at a designated price, from a particular supplier for a set period of time, is called a a) b) c) d) set order. blanket purchase order. purchase order. commodity order. 20. A major cost in the purchasing function is the number of purchase orders processed. One technique that may reduce purchasing-related expenses is to have suppliers compete with each other to meet demand at the lowest price. This name of this technique is a) b) c) d) an EDI auction. a trading exchange. a reverse auction. a supplier consortium. 21. The receiving and storage of goods is the responsibility of the receiving department, which usually reports to the __________ function in the company. a) b) c) d) inventory control stores production purchasing 22. The receiving department has two major responsibilities in connection with the expenditure cycle. Identify one of these responsibilities. a) b) c) d) shipping products most efficiently and at the lowest cost deciding if the delivery should be accepted verifying any purchase discounts for the delivery deciding on the location where the delivery will be stored until used 23. Which of the following is generally not shown on a receiving report? a) b) c) d) price of the items quantity of the items purchase order number counted and inspected by 24. A receiving clerk notes that a delivery of 10 units has been received, but the purchase order specified 12 units. A debit memo will be prepared to adjust for the difference in the quantity ordered and received. Who should prepare this document? a) b) c) d) the receiving clerk management the sales department the purchasing department 25. Identify which of the following scenarios the buyer could adjust by using a debit memo document. a) b) c) d) quantity different from that ordered damage to the goods goods that fail inspection for quality All of the above are possible scenarios. 26. What is one of the best ways to improve the overall efficiency and effectiveness of the receipt and storage of ordered items? a) requiring all suppliers to have a second party verify quantities purchased before shipment b) requiring all suppliers to have bar-codes on their items to allow electronic scanning upon delivery by the receiving department c) requiring all suppliers to use EDI to expedite the receiving department function d) requiring all delivery trucks to have satellite data terminals to expedite the receiving department function 27. All of the following technologies could be useful aids in the receiving process except a) b) c) d) bar coding. radio frequency identification tags. EFT. satellite technology. 28. Vendor invoices are approved by the __________, which reports to the __________. a) purchasing department; controller b) accounts payable department; treasurer c) purchasing department; treasurer d) accounts payable department; controller 29. From a legal standpoint, when does the obligation to pay a vendor arise? a) b) c) d) when the goods are requisitioned when the goods are ordered when the goods are received by the purchaser when the goods are billed 30. The disbursement voucher and supporting documents are sent to the __________ for payment prior to the due date. a) b) c) d) cashier treasurer controller accounts payable department 31. A __________ system is a system in which an approved invoice is posted to the vendor account and is stored in an open invoice file until payment is made by check. a) b) c) d) voucher nonvoucher cycle blanket invoice 32. A disbursement voucher contains a) b) c) d) a list of outstanding invoices. the net payment amount after deducting applicable discounts and allowances. the general ledger accounts to be debited. All of the above are correct. 33. A legal obligation arises at the time goods are received from a supplier. The objective of accounts payable is to authorize payment only for goods or services actually ordered and received. The best way to process supplier invoices is to use a) b) c) d) electronic funds transfer for small, occasional purchases from suppliers. a nonvoucher system. EDI for all small, occasional purchases from suppliers. a disbursement voucher system. 34. What is not an advantage to using disbursement vouchers? a) Disbursement vouchers reduce the number of checks written. b) Disbursement vouchers can be prenumbered which simplifies the tracking of all payables. c) Disbursement vouchers facilitate separating the time of invoice approval from the time of invoice payment. d) There are no disadvantages to using disbursement vouchers. 35. Which of the following is not an advantage of a voucher system? a) b) c) d) several invoices may be included on one voucher, reducing the number of checks disbursement vouchers may be pre-numbered and tracked through the system the time of voucher approval and payment can be kept separate it is a less expensive and easier system to administer than other systems 36. What is the final activity in the expenditure cycle? a) b) c) d) ordering goods receipt and storage of goods approving vendor invoices for payment the payment of approved invoices 37. In a typical cash disbursement procedure, who usually handles the checks and may even be able to sign checks up to a certain dollar limit? a) b) c) d) the accounts payable supervisor the controller the cashier the treasurer 38. Duties in the expenditure cycle should be properly segregated to promote internal control. This means that the authorization function is performed by __________, the recording function is performed by __________, and the cash disbursement function is performed by the __________. a) b) c) d) accounts payable; purchasing; cashier purchasing; accounts payable; cashier purchasing; cashier; accounts payable purchasing; accounts payable; treasurer 39. A voucher package should include a) b) c) d) a purchase requisition, vendor invoice, and receiving report. a purchase order, vendor invoice, and receiving report. a purchase requisition, purchase order, and receiving report. a bill of lading and vendor invoice. 40. The evaluated receipt settlement (ERS) replaces the more traditional 3-way matching process with a 2-way match of the purchase order and the a) b) c) d) vendor invoice. sales invoice. receiving report. disbursement voucher. 41. What may be the biggest opportunity to improve the efficiency of accounts payable? a) b) c) d) convert a manual AIS system to EDI and EFT streamline noninventory purchases use ERS use disbursement vouchers 42. When purchasing miscellaneous supplies, companies can reduce costs, improve efficiency, and combat employee fraud by using a) b) c) d) procurement cards. a JIT inventory system. credit cards. debit cards. 43. If available, a 1% discount for payment within 10 days represents an approximate savings of __________ % annually. a) b) c) d) 1 12 18 36 44. When a legacy system is replaced with an integrated Enterprise Resource Planning (ERP) system, many benefits are realized for the organization. What is a key improvement in the record keeping function? a) b) c) d) Any department can now submit a request to purchase items. The system tracks the exact time of delivery. Major suppliers send electronic notification of incoming deliveries. Inventory records are more accurate and timely. 45. The threat of paying prices that are too high for goods ordered can pose a problem in the expenditure cycle. What is an appropriate control that would be applicable to help mitigate this threat? a) b) c) d) require the receiving department to verify the existence of a valid purchase order use only approved suppliers and solicit competitive bids only pay invoices that are supported by the original voucher package use bar-code technology 46. What is probably the most effective control for the prevention of kickbacks to purchasing agents? a) b) c) d) purchasing from approved vendors good supervision in the purchasing area a corporate policy to prohibit purchasing agents from accepting kickbacks reviews of vendor performance 47. There are several threats that are associated with the process and activity of receiving and storing goods. Identify one of these threats below. a) b) c) d) errors in counting kickbacks requests for unnecessary items errors in vendor invoices 48. What is the easiest way to prevent the acceptance of unordered goods? a) order only from approved vendors b) always require that a valid purchase order exists before goods can be accepted at the time of delivery c) have an appropriate conflict of interest policy in place d) require receiving personnel to call the vendor before accepting any goods 49. Which of the following is not a common control for ensuring inventory is secure and inventory counts are accurate? a) control of physical access to the inventory storage areas b) transfers of inventory with proper documentation c) sending "blind" copies of purchase orders to inventory control for data entry d) making physical counts of inventory at least once per year 50. Double-checking the accuracy of an invoice is an applicable control that can help to neutralize a threat in the expenditure cycle. What process or activity would specifically be associated with this control? a) b) c) d) order goods receive and store goods pay for goods and services general issues 51. There is a threat of paying an invoice twice. What is an applicable control that may help mitigate this threat? a) b) c) d) payment should never be authorized for a photocopy of an invoice double-check invoice accuracy approval of a purchase order adequate perpetual inventory records 52. Which control would be best to prevent payments made to fictitious vendors? a) b) c) d) allow payments only to approved vendors restrict access to any payment or approval documents have an independent bank reconciliation make sure all documents are in order before approving payments 53. In the expenditure cycle, good control dictates that expenditures should be paid by check. This may not be feasible when minor purchases are made. To facilitate quick payment for minor purchases, a(n) __________ should be set up and maintained using __________. a) b) c) d) special bank account; disbursement vouchers imprest fund; vouchers cash box; small denomination bills petty cash fund; procurement cards 54. A surprise count of petty cash by the auditor should find the total of __________ equal to the amount authorized for the fund. a) b) c) d) cash and credit memos cash and petty cash vouchers cash cash and checks 55. Special care should be taken when EFT payments are made to vendors. What control should be put in place that assigns responsibility for EFT payments? a) b) c) d) encrypt all EFT transmissions time stamp all EFT transactions establish a control group to monitor EFT transactions for validity and accuracy number all EFT transactions 56. Which of the following threats is not specific to the purchase requisition process of the expenditure cycle? a) stockouts b) purchasing from unauthorized vendors c) requisitioning goods not needed d) All of the above are threats in the purchase requisition process. 57. The loss of data is a threat encountered in the expenditure cycle. What is the related process/activity and applicable control used to counteract the threat? a) b) c) d) order goods; backup and disaster recovery plans general issues; backup and disaster recovery plans general issues; development of periodic review of appropriate performance reports order goods; various data entry and processing edit controls SHORT ANSWER 58. a) Define expenditure cycle. b) What are the basic expenditure cycle activities? 59. What is the EOQ approach? What are the components of EOQ? 60. Define the materials requirement planning (MRP) 61. Define just-in-time (JIT) inventory methods. 62. Briefly discuss the differences among EOQ, MRP, and JIT. 63. a) What is the major cost driver in the purchasing function? b) How can information technology be used to control this cost driver? 64. How is the expenditure cycle a "mirror image" of the revenue cycle? 65. What are the possible problems associated with receiving goods ordered from a vendor? 66. Name and describe the two common systems for approving vendor payments. 67. How can information technology be used to improve the vendor invoice approval process? ESSAY 68. Under what conditions is MRP preferable to JIT and vice versa? 69. In the expenditure cycle, the majority of payments made are by check. What are some control issues related to payment of vendors by check? 70. Identify ten threats and applicable control procedures for each in the expenditure cycle. 71. What types of decision-making and strategic information should the AIS provide in the expenditure cycle? 72. How can using bar codes on goods or products provide significant benefit in the expenditure cycle? ANSWER KEY 1) B 2) D 3) D 4) B 5) C 6) B 7) D 8) D 9) B 10) A 11) C 12) A 13) D 14) A 15) C 16) D 17) A 18) D 19) B 20) C 21) C 22) B 23) A 24) D 25) D 26) B 27) C 28) D 29) C 30) A 31) B 32) D 33) D 34) D 35) D 36) D 37) C 38) B 39) B 40) C 41) B 42) A 43) C 44) D 45) B 46) C 47) A 48) B 49) C 50) C 51) A 52) A 53) B 54) B 55) 56) 57) 58) C B B a) The expenditure cycle is a recurring set of business activities and related data processing operations associated with the purchase of and payment for goods and services. The basic activities in the expenditure cycle are: Requesting the purchase of needed goods. Ordering goods to be purchased. Receiving ordered goods. Approving vendor invoices for payment. Paying for goods purchased. 59) EOQ (economic order quantity) is the traditional inventory control method to maintain sufficient inventory levels so production can continue without interruption. EOQ should take into account a situation where inventory use is greater than expected. EOQ calculates the optimal order size to minimize the sum of ordering, carrying, and stockout costs. Ordering costs - all expenses associated with processing purchasing transactions. Carrying costs - costs associated with holding inventory. Stockout costs - costs from inventory shortages, such as lost sales or production costs. 60) Materials requirements planning (MRP) is an inventory management technique that seeks to reduce required inventory by better scheduling production. MRP basically estimates the sales demand for a product. 61) Just-in-time (JIT) is another inventory management technique that minimizes carrying and stockout costs by having deliveries made in quantities and at the time needed for production based on customer demand. 62) Economic Order Quantity (EOQ) is the traditional approach to managing inventory. EOQ is used to find the optimal order size. Ordering costs, carrying costs, and stockout costs are considered in finding the EOQ. The MRP (Materials Requirements Planning) inventory method seeks to reduce inventory levels by scheduling production, based on estimated sales, rather than by estimating needs (which EOQ does). A just-in-time inventory system (or JIT) attempts to minimize, if not totally eliminate, both carrying and stockout costs through the frequent delivery of small amounts of materials, parts, and supplies when they are needed. JIT does not attempt to estimate needs or schedule production based on estimated sales, as it is based on customer demand at a given time. A JIT system almost eliminates finished goods inventory. 63) a) The major cost driver in the purchasing function is the number of purchase orders processed. b) The number of purchase orders can be reduced or streamlined by: Electronic data interchange (EDI) for transmitting purchase orders to vendors. Use procurement cards for small dollar and small quantity purchases of non-inventory items. Reduce clerical costs by using the Internet to perform certain purchasing functions. Use vendor-managed inventory programs to reduce purchasing and inventory costs. 64) The expenditure cycle has been called a "mirror image" of the revenue cycle because the activities of the expenditure cycle are the opposite, or "reflection" of several activities found in the revenue cycle. For example, the order goods activity generates a purchase order, which serves as customer input to the sales order entry process. The receive goods activity handles the goods sent via the supplier's shipping function. The pay for goods activity generates the payments that are processed by the supplier's cash collection activity. This mirror image also means that major technological improvements in the expenditure cycle may bring about complementary improvements in suppliers' revenue cycle as well. 65) When a shipment of goods arrives, the quantity of goods received may not be the same as the quantity ordered; the goods may have been damaged in shipment and therefore are not suitable for use; and, goods may be received that are inferior in quality and fail an inspection. Whenever any of these problems occur, the purchasing department should deal with the vendor and issue a debit memo to record an adjustment to the order. The vendor should then issue a credit memo in acknowledgment of the problem and the pending adjustment. 66) Non-voucher (open invoice) system - approved invoices are posted to vendor records and stored in an open invoice file; checks are written for each individual invoice; when paid, the documents are marked "paid" and placed in a paid invoice file. Voucher system - a disbursement voucher is prepared to summarize information contained in a set of vendor invoices and specify the general ledger accounts to be debited; the voucher authorizes the cashier to make payment to the vendor. The voucher system reduces the number of checks written since several invoices can be paid by one check. 67) EDI eliminates the need to enter invoice data and the matching of payment documents - all of this can be done using computers and network technologies. Technology can eliminate the need for vendor invoices by approving payment upon receipt of the goods. Imaging systems can eliminate paper flow, and universal languages such as XML can provide a paperless means of receiving and storing vendor invoices. Use of procurement cards, credit cards, and electronic expense forms can improve the efficiency of non-inventory purchases. 68) MRP systems schedule production based on estimated sales, and JIT systems schedule production based on customer demand. The choice between these two systems is based on the types of products a company sells. For example, products that have predictable patterns of demand and a long life cycle are more suitable for MRP systems. In this case, sales can be forecast with greater accuracy. Conversely, if the product has an unpredictable pattern of demand and a shorter life cycle, then a JIT system is more suitable. JIT is able to adapt better to continuously changing production levels. 69) Key control problems in the area of payment by check can give rise to fraudulent activity. Fraudulent disbursements made by check to fictitious suppliers are one of the most common types of fraud. Control over checks can be strengthened in a number of ways. First, all checks should be sequentially pre-numbered and kept under lock and key until use. The cashier should randomly audit the supply of unused checks and verify that none are missing. Use of the voucher system will also provide control over paying a "phantom" supplier, since several supporting documents must be present in the voucher packet in order to have a check issued. The cashier and/or treasurer should be the only parties authorized to sign checks. Two signatures should be required on all checks in excess of a predetermined dollar amount to provide independent review of large expenditures. Also, signed checks should not be returned to accounts payable, but should be mailed by the cashier or treasurer. When a check is issued, all documents in the voucher package should be cancelled so that the voucher cannot be resubmitted for payment. To provide another independent review of checking account activity, someone not connected with either accounts payable or the treasurer's office should reconcile all bank accounts. To help circumvent check alteration and forgery, check protection machines should be used to write the dollar amount of the check as well as the date. The paper the check is printed on should have some special watermark or identifying mark that is readable at a certain angle as well. 70) Answers can include the following information:1: Stock-outs - Controls: Inventory control system; accurate perpetual inventory; and vendor performance analysis is needed to prevent this problem 2: Requesting goods not needed - Controls: Review and approval by supervisors; use of prenumbered requisition forms; and restricted access to blank purchase orders 3: Purchasing goods at inflated prices - Controls: Competitive bidding and proper supervision; approved purchase orders; and price list consultations are needed to prevent this problem 4: Purchasing goods of inferior quality - Controls: Use experienced buyers who know good vendors; review purchase orders; and incorporate approved vendor list into formal procedures 5: Purchasing from unauthorized vendors - Control: Pre-numbered purchase orders should be approved; restrict access to approved vendor list and have procedures in place for any change to the list 6: Kickbacks paid to buyers to influence their decisions - Controls: Clear conflict of interest policy prohibiting the acceptance of any gift from vendors; disclosure of financial interest policy for purchasing agents; and vendor audits 7: Receiving unordered goods - Controls: Receiving department must reject any goods for which there is no approved purchase order 8: Errors in counting goods received - Controls: Use "blind" P.O. copies to force receiving personnel to actually count goods; provide incentives for counting goods 9: Theft of inventory - Controls: Secure inventory storage locations; make transfers of inventory with proper approval and documentation; do periodic physical count and reconciliation with recorded amounts 10: Errors in vendor invoices - Controls: Invoice accuracy should be verified and compared to P.O.s and receiving report data 11: Paying for goods not received - Controls: Voucher package and original invoice should be necessary for payments 12: Failure to take available purchase discounts - Controls: File approved invoices by due date; track invoices by due date; use a cash budget to plan for cash needs 13: Paying same invoice twice - Controls: Invoices should be approved only with a full voucher package and paid ones should be canceled so they cannot be used again; do not pay invoices marked "Duplicate" or "Copy" 14: Recording and posting errors for purchases and payments - Controls: Data entry controls, and periodic reconciliation of subsidiary ledger with general ledger control account 15: Misappropriation of cash by paying fictitious vendors and alteration of checks - Controls: Restrict access to cash, blank checks, and check signing machine; use check protection, prenumbered checks, and imprinted amounts on checks to cut down on forgery and fraud; use petty cash fund for small expenditures only; have proper segregation of duties and independent bank reconciliation function 16: Theft associated with EFT use - Controls: Access controls to the system; encryption of transmissions; time-stamp and number transmissions; control group should monitor all EFT activity 17: Loss of data - Controls: Use file labels, back up of all data files regularly; and, use access controls 18: Poor performance - Controls: Preparation and review of performance reports 71) The AIS should provide decision making information to: Determine when and how much additional inventory to order. Select the appropriate vendors from whom to order. Verify the accuracy of vendor invoices. Decide whether purchase discounts should be taken. Monitor cash flow needs to pay outstanding obligations. AIS should also provide the following strategic and performance evaluation information on: Efficiency and effectiveness of the purchasing department. Analysis of vendor performance such as on-time delivery, quality, etc. Time taken to move goods from the receiving dock into production. Percentage of purchase discounts taken 72) Bar codes can significantly improve the process of receiving goods from suppliers for several reasons. First, a bar code can easily be scanned electronically. Electronically capturing the unique bar code number of a product not only provides identification and quantity data about the product; it can also provide specific production information such as date and time of manufacture, production run information, etc. Electronically encoding such information into an integrated AIS provides up-to-the-minute inventory counts, as well as counts of units sold, and returns for use in a perpetual inventory system. One significant factor in the wide use of bar codes is that it is cost effective to maintain such a system. Also, both vendor and suppliers can read bar codes, and certain bar code formats are universal in nature. This allows goods to be sold virtually anywhere in the world, allowing for easier global marketing efforts to be made by businesses. CH 13 MULTIPLE CHOICE 1. The AIS compiles and feeds information among the business cycles. What is the relationship between the revenue and production cycles regarding the exchange of information? a) The revenue cycle provides sales forecast and customer order information to the production cycle, but the production cycle sends information back to revenue about finished goods production. b) The revenue cycle receives information from the production cycle about raw materials needs. c) The production cycle sends cost of goods manufactured information back to the revenue cycle. d) The production cycle does not exchange information with the revenue cycle. 2. Whether a company uses an AIS, ERP, or incorporates some degree of CIM into its production process, it still needs to collect data about four basic facets of its production operations. The facet that impacts the company's human resource cycle the most is a) b) c) d) the amount of raw material used in a production order. the labor hours expended to complete a production order. the machine operations performed during a production order. the tracking of manufacturing overhead costs incurred for a production order. 3. An AIS should be designed to provide timely and accurate information about production cycle activities that impact the other business cycles. One type of information deals with planning and controlling manufacturing costs and evaluating performance. This type of information is called a) b) c) d) product mix. product pricing. resource allocation. cost management. 4. The basic activities in the production cycle are a) b) c) d) product design and production operations. planning, scheduling, and cost accounting. raw materials requisitioning, planning, and scheduling. Both A and B are correct. 5. The first step in the production cycle is product design. There are several objectives connected with this step. Which objective below is not a product design objective? a) b) c) d) to design a product that meets customer requirements to design a quality product to minimize production costs to make the design easy to track for cost accounting purposes 6. The bill of materials shows the __________ of each product component. a) b) c) d) part number and description quantity used quantity ordered both A and B 7. The operations list shows a) b) c) d) the labor and machine requirements. the steps and operations in the production cycle. the time expected to complete each step or operation. all of the above 8. The list which specifies the labor and machine requirements needed to manufacture a product is called the a) b) c) d) bill of materials. bill of lading. master production schedule. operations list. 9. The second step in the production cycle is planning and scheduling. One of the methods of production planning is referred to as push manufacturing. This method is also known as a) b) c) d) manufacturing resource planning (MRP). just-in-time manufacturing system (JIT). the economic order quantity (EOQ) system. ahead-of-time production implementation (ATPI). 10. The second step in the production cycle is planning and scheduling. One of the methods of production planning is referred to as pull manufacturing. This method is also known as a) b) c) d) manufacturing resource planning (MRP). just-in-time manufacturing system (JIT). the economic order quantity (EOQ) system. ahead-of-time production implementation (ATPI). 11. MRP-II and JIT manufacturing systems both plan production in advance. What is the main difference between these two systems? a) b) c) d) the length of the planning horizon JIT uses long-term customer demand for planning purposes MRP-II relies on EDI There are no differences between the two systems. 12. A master production schedule is used to a) b) c) d) develop detailed timetables of daily production and determine raw material purchasing. develop detailed reports on daily production and material usage. develop daily direct labor needs. develop detailed inventory charts. 13. The form in the production cycle that specifies how much of each product is to be produced during the planning period and when product should begin is the a) b) c) d) bill of materials. bill of lading. master production schedule. operations list. 14. The production planning department develops the master production schedule based on information from several sources. What information is necessary to create this schedule? a) b) c) d) engineering department specifications and inventory levels engineering department specifications and sales forecasts special orders information and engineering department specifications sales forecasts, special orders information, and inventory levels 15. What document authorizes the manufacturing of a product? a) b) c) d) master production schedule materials requisition move ticket production order 16. A __________ authorizes the transfer of raw goods needed for production from the storeroom to the production facilities. a) b) c) d) master production schedule materials requisition move ticket production order 17. The document that authorizes the removal of the necessary quantity of raw materials from storeroom to factory is referred to as a) b) c) d) a bill of materials. a production order. a materials requisition. a move ticket. 18. Information found on the materials requisition form is based in part on information obtained from which other form? a) b) c) d) a bill of materials. a move ticket. a production order. a picking list. 19. A __________ is used to document the subsequent relocation of materials through the factory for manufacturing in process. a) b) c) d) master production schedule materials requisition move ticket production order 20. An integral part of the production process is the use of raw materials. One way to enable an AIS to efficiently track and process information about raw materials used in production is to implement __________. a) b) c) d) a just-in-time inventory system bar coding a materials resources planning inventory system job-order costing 21. The use of various forms of information technology in the production process is referred to as a) b) c) d) computerized investments and machines. computerized integration of machines. computer-integrated manufacturing. computer intense manufacturing. 22. The accountant's role in the __________ step of production cycle activities is to understand how CIM affects the AIS. a) b) c) d) production operations product design planning and scheduling cost accounting methods 23. A company's production process may incorporate various forms of information technology such as robots and computer-controlled machinery. One effect of using such a process is a shift from mass production to custom order manufacturing. This process is called a) b) c) d) ERP. CRM. AIS. CIM. 24. The final step in the production cycle is the cost accounting function. There are several principal objectives of the cost accounting system. Which objective listed below is not a principal cost accounting objective? a) to provide information for planning, controlling, and evaluating the performance of production operations b) to provide cost data about products used in pricing and product mix decisions c) to collect and process the information used to calculate inventory and cost of goods sold amounts that appear in the financial statements d) to provide tests of audit control functions as part of the AIS 25. Factory supervisory costs would be assigned to departments for a) b) c) d) product-mix decisions. pricing decisions. performance evaluation purposes. All of the above are correct. 26. Which of the following is not a type of cost accounting system? a) b) c) d) activity-based costing just-in-time costing job order costing process costing 27. The type of cost accounting system that primarily assigns costs to specific batches, or jobs, and is used where production items can be discretely identified is known as __________ cost accounting. a) b) c) d) just-in-time process job-order manufacturing resources 28. Which type of information below should not be maintained by the AIS in accounting for fixed assets? a) b) c) d) identification/serial number cost improvements market value 29. There are four basic activities in the production cycle. The step that may incorporate robots and computer-controlled machinery to achieve its goals is a) b) c) d) product design. planning and scheduling. production operations. cost accounting. 30. Job-time tickets are used to a) b) c) d) specify each production task. collect the time spent by a worker on a specific task. allocate machine costs. All of the above are correct. 31. Direct labor must be tracked and accounted for as part of the production process. Traditionally, direct labor was tracked using __________ but an AIS enhancement is to use __________ to record and track direct labor costs. a) b) c) d) job-time tickets; coded identification cards move tickets; coded identification cards employee earnings records; job-time tickets time cards; electronic time entry terminals 32. Manufacturing overhead consists of all manufacturing costs that are not economically feasible to trace directly to specific jobs or processes. Which of the costs below would not be considered an overhead cost? a) b) c) d) utilities rent earnings of factory production employees salaries of factory production supervisors 33. Detailed data about warranty and repair costs is considered an applicable control used to mitigate the threat of a) b) c) d) underproduction. overproduction. poor product design. suboptimal investment of fixed assets. 34. For replacement of inventories and assets destroyed by fire or other disasters, an organization needs a) b) c) d) stand-by facilities. adequate insurance coverage. source data automation. All of the above are correct. 35. Overproduction or underproduction can be a threat to an organization. To which process or activity does this threat relate? a) b) c) d) product design planning and scheduling production operations cost accounting 36. Inaccurate recording and processing of production activities can diminish the overall effectiveness of production operations. One of the application controls that can help to ensure accounting records are accurate is to restrict the rights of authorized users only to the portion of the database needed to complete job duties. What specific control can help achieve this objective? a) b) c) d) an access control matrix passwords and user IDs closed-loop verification bar-code scanners 37. To curtail the threat of theft or destruction of inventories and other fixed assets, the organization may wish to implement which of the following controls? a) b) c) d) review and approval of fixed asset acquisitions improved and timelier reporting better production and planning systems document all movement of inventory through the production process 38. The best control procedure for accurate data entry is a) b) c) d) the use of on-line terminals. an access control matrix. passwords and user IDs. the automation of data collection. 39. The general threat of the loss of production data can greatly slow or halt production activity within an organization. To counteract such a major threat, which of the following organization controls should be implemented and maintained? a) b) c) d) store key master inventory and production order files on-site only to prevent their theft back up data files only after a production run has been physically completed access controls should apply to all terminals within the organization allow access to inventory records from any terminal within the organization to provide efficient data entry 40. The threat of loss of data exposes the company to a) b) c) d) the loss of assets. ineffective decision making. inefficient manufacturing. All of the above are correct. 41. Activity-based costing (ABC) can refine and improve cost allocations using either job-order or process cost systems. There are three significant differences between ABC and traditional cost accounting approaches. One difference between the two systems is how clearly the results of management activities are measured on overall profitability. This benefit is better known as a) b) c) d) batch related overhead. improved cost management. product related overhead. improved cost drivers. 42. There are several criticisms of traditional cost accounting systems. One criticism is that the traditional cost system uses a volume-driven base, such as direct labor or machine hours, to apply overhead to products. What is the drawback to the use of such a measurement in a traditional cost accounting system? a) b) c) d) The cost accountant may not fully understand how to track direct labor or machine hours. It is difficult for an AIS to incorporate such a measurement into its system. It is difficult for an ERP to incorporate such a measurement into its integrated system. Many overhead costs are incorrectly allocated to products since they do not vary with production volume. 43. __________ links costs to the corporation's strategy for production of goods and services. a) b) c) d) Activity-based costing Job-order costing Process costing Manufacturing costing 44. Activity-based costing (ABC) can refine and improve cost allocations using either job-order or process cost systems. There are three significant differences between ABC and traditional cost accounting approaches. An ABC system attempts to identify anything that has a cause-and-effect relationship on costs. This cause-andeffect relationship is known as a a) b) c) d) cost stimulator. overhead stimulator. cost driver. cost catalyst. 45. What may be perceived as a drawback of using an activity-based costing (ABC) system? a) b) c) d) The ABC system may provide more accurate data results. The ABC system may help to establish a better product mix. The ABC system may improve management's ability to control total costs. The ABC may cost more to run and be more complex in nature. 46. Throughput is a measure of a) b) c) d) production yield. production effectiveness. production capacity. production quality. 47. Quality control problems and inefficiencies in production operations will most likely result in increased expenses. The AIS can produce a measure of throughput to quantify and measure the number of "good" units produced in a time period. What does the first term in the throughput formula, productive capacity, represent? a) b) c) d) the maximum number of units that can be produced given current technology the percentage of total production time used to manufacture a product the percentage of "good" units produced given current technology the percentage of "bad" units produced given current technology 48. __________ are incurred to ensure that products are created without defects the first time. a) b) c) d) External failure costs Inspection costs Internal failure costs Prevention costs 49. __________ are associated with testing to ensure that products meet quality standards. a) b) c) d) External failure costs Inspection costs Internal failure costs Prevention costs 50. __________ represent testing to identify defective units before they are ready for sale. a) b) c) d) External failure costs Inspection costs Internal failure costs Prevention costs 51. There are various costs associated with quality control, or its absence in a production operation. Such information can help a company determine the effects of actions taken to improve production and identify areas of improvement. The cost of a product liability claim can be classified as a(n) a) b) c) d) prevention cost. inspection cost. internal failure cost. external failure cost. SHORT ANSWER 52. What is the production cycle. 53. What are the basic activities in a production cycle? 54. Identify and discuss the two documents that are the result of product design activities. 55. What is a master production schedule (MPS)? 56. Define the following: production order, materials requisition, and move ticket. 57. What is CIM? 58. Explain the difference between job-order and process costing. 59. What types of data are accumulated by cost accounting? What is the accountant's role in this phase? ESSAY 60. What role does the AIS play in the production cycle? 61. Discuss the role the accountant can play in the production cycle. 62. Identify and briefly discuss the two common methods of production planning. 63. What are the two major types of cost accounting systems and what are the differences between the two? 64. Describe five threats to the production cycle and the applicable control procedures used to mitigate each threat. 65. Discuss two measures that can address the threats of inefficiencies and quality controls problems. 66. Discuss the criticisms of traditional cost accounting methods. 67. What is activity-based costing (ABC)? How does it compare with the traditional costing methods? What are the benefits of activity-based costing? ANSWER KEY 1) A 2) B 3) D 4) D 5) D 6) D 7) D 8) D 9) A 10) B 11) A 12) A 13) C 14) D 15) D 16) B 17) C 18) A 19) C 20) B 21) C 22) A 23) D 24) D 25) C 26) B 27) C 28) 29) 30) 31) 32) 33) 34) 35) 36) 37) 38) 39) 40) 41) 42) 43) 44) 45) 46) 47) 48) 49) 50) 51) 52) 53) 54) 55) 56) 57) 58) 59) 60) D C B A C C B B A D D C D B D A C B B A D B C D The production cycle is a recurring set of business activities and related data processing operations associated with the manufacture of products. There are four basic activities in the production cycle: product design, planning and scheduling, production operations, and cost accounting. The two documents that are the result of product design activity are the bill of materials and the operations list. The bill of materials specifies the part number, description, and quantity of each component used in a finished product. The operations list specifies the labor and machine requirements needed to manufacture the product. The operations list is sometimes also called a routing sheet, since it indicates how a product moves through the factory. A master production schedule (MPS) specifies how much of each product should be produced during the planning period and when the production should occur. It is used to develop a detailed timetable for daily production. A production order authorizes the manufacture of a specified quantity of a particular product. It contains information about the operation to be performed, quantity to be produced, and delivery location. A materials requisition authorizes the removal of raw materials from storeroom to the production floor. This document contains the production order number, date of issue, and, based on the bill of materials, the part numbers and quantities of all necessary raw materials. Raw material movement through the factory is documented on the move ticket, which identifies the parts being transferred, the locations to which they are transferred, and time of the transfer. CIM is the acronym that stands for computer integrated manufacturing. It incorporates various forms of information technology in the production process such as the use of robots and computercontrolled machinery. The benefit of CIM is that it can significantly reduce production costs. Job-order costing assigns costs to specific production batches or jobs. It is used whenever the product or service being sold can be distinctly identified. Process costing assigns costs to each process, or work center, and then calculates the average cost for all units produced. It is used whenever similar goods or services are produced in mass quantities. There are three types of cost data accumulated in a cost accounting system: raw materials; direct labor; and, manufacturing overhead. The role of the accountant is to control costs by assessing how product mix changes affect total manufacturing overhead and by identifying factors that drive changes in costs. A company’s AIS plays a vital role in the production cycle. Accurate and timely cost accounting information is essential input to decisions about the following: Product mix (what to produce), 61) 62) 63) 64) 65) Product pricing, Resource allocation and planning (e.g., whether to make or buy a product, relative profitability of different products), Cost management (planning and controlling manufacturing costs, evaluating performance). These decisions require much more detailed information about costs than the data needed to prepare financial statements in accordance with generally accepted accounting principles (GAAP). Thus, the design of a company’s production cycle AIS must go beyond merely meeting external financial reporting requirements. The accountant can play a role and provide meaningful input into each area of the production cycle. Accountants should participate in product design since 65 to 80% of product costs are determined at this stage of the production process. Accountant analysis of cost behavior and variations in product design can prove invaluable to the organization in this stage of production. In the planning and scheduling stage, accountants can help a company choose whether MRP-II or JIT is more appropriate for planning and scheduling. The accountant also should verify that the AIS collects and reports costs in a manner consistent with the production planning techniques it has chosen to use. In production operations, the accountant should develop a working knowledge of CIM in order to understand its effect on the AIS. The accountant will also be integrally involved with the cost accounting system, whether it is a traditional cost accounting system or an activity-based cost accounting system. Accountants can provide excellent insight into the cost aspect of the production process, which is key to the profitability and success of the organization. The two common methods of production planning are manufacturing resource planning (MRP-II) and just-in-time (JIT) manufacturing. MRP-II is an extension of the MRP inventory control system. MRP-II seeks to balance the existing production capacity and raw materials required to meet forecasted sales demand. JIT manufacturing seeks to minimize or eliminate inventories of raw materials, work in process, and finished goods. A JIT manufacturing system only produces a product in response to customer demands. MRP-II systems are referred to as push manufacturing, since products are made in expectation of customer demand. JIT systems are called pull manufacturing systems, since goods are produced only in response to customer demands. Most companies will use either job-order or process costing to assign production costs in the production of products. Job-order costing is designed to assign costs to specific production batches, or jobs (hence the name "job-order"). It is used in a production process where a product is specifically, discreetly identifiable (such as a custom-built home or office building). It should be noted that job-order costing can also be successfully used in the service sector by law or accounting firms to calculate and track the costs incurred in legal cases and audits, respectively. Process costing differs in that it assigns costs to each process, or work center, in the production cycle, and then averages these costs across the number of units produced. Process costing is useful whenever similar or homogenous goods are produced in mass quantities, such as laundry detergent, some types of food items, or soft drinks. Costs can be assigned at each stage in the production process for these items, and then an average total unit cost for the product can be calculated based on output. Process costing has also been incorporated by mutual funds to find the average cost of handling customer deposits and withdrawals. Threat 1: Unauthorized transactions - Controls: Accurate sales forecasts, maintaining accurate inventory records; authorizing production; restricting access to the production planning program; and review and approval of capital expenditures 2: Theft or destruction of inventories and fixed assets - Controls: Restrict physical access to inventories; document internal physical flow of assets; proper segregation of duties; periodic physical count and reconciliation of inventory; document and authorize materials requests and disposal of fixed assets; and have adequate insurance 3: Recording and posting errors - Controls: Automate data collection procedures; online data entry edit controls; and conduct periodic physical inventory and fixed asset counts 4: Loss of data - Controls: Regularly back up files; keep additional master files; use internal and external file labels; restrict access; and keep logs of all activities 5: Inefficiencies and quality control problems - Controls: Prepare regular performance reports; highlight exception reports and variances; compare actual performance to budgeted performance; measure throughput; and measure the cost of quality control Throughput represents the number of good (nondefective) units produced in a given period of time. It consists of three factors, (productive capacity, productive processing time, and yield), each of which can be separately controlled as shown in the formula: Throughput = (total units produced/processing time) x (processing time/total time) x (good units/total units). Knowing about quality costs can help companies determine the effects of actions taken to improve yield and identify areas for further improvement. The main objective of quality control is to minimize the sum of the four types of costs recognizing the trade-offs between costs. These costs are: prevention costs, inspection costs, internal failure costs, and external failure costs. 66) There can be an inappropriate allocation of overhead costs. The factors contributing to this problem are: A volume-driven form used for activity-driven overhead costs assigned to products. Overhead cost is either over- or understated due to allocation method used. The system may distort costs across products, especially if manufacturing is highly automated can be inaccurate performance measures which do not accurately reflect the effects of factory automation: Measures collected are not integrated with performance measures. Lack of information about standard costs, variance, and functioning of production process. Lack of information about defect rates, breakdown frequency, percentage for finished goods completed without rework, etc. 67) Activity-based costing (ABC) traces costs to the activities that created them and then allocates those costs to products or shipments thereby linking the costs to a corporate strategy. ABC versus traditional cost systems: ABC attempts to directly trace most costs to products, ABC uses more cost pools to accumulate manufacturing overhead instead of lumping all overhead costs together as in the traditional approach. For example: 1) Batch-related overhead results in larger quantities having lower batch-related costs than smaller quantities; 2) Product-related overhead results in costs being allocated to only the product(s) that are linked to the cost; and 3) Company-wide overhead results in such overhead costs (e.g., rent) being allocated based on department or plant rates. ABC uses cost drivers that have a cause-and-effect relationship on the products in order to allocate the costs instead of using the traditional financial variables. Advantages of ABC systems: Better decisions because can be made with an ABC system because product cost data is more accurate and data is used to improve product design. Improved cost management is seen due to four reasons: 1) There are clearer measures of managerial actions on profitability. 2) The consumption of resources is measured in addition to the amount spent on acquiring resources. 3) The cost of activity capability = Cost of activity used + Cost of unused capacity. 4) Performance reports help direct managerial attention to the effect of policy decision on all costs. Chapter 13 MULTIPLE CHOICE 1. Which activity below is not performed by the HRM? a) b) c) d) compensation training discharge recruitment and hiring 2. In most companies the HRM/payroll cycle activities are accomplished by two separate systems. Which task below is typically not performed by an HRM system? a) b) c) d) training performance evaluation compensation recruiting and hiring of new employees 3. What is the payroll system's principal output? a) b) c) d) hiring information checks to employees checks to government agencies internal and external use reports 4. Which area provides information to the system about hiring, terminations, and pay rate changes? a) b) c) d) payroll timekeeping purchasing HRM 5. Which of the following is not one of the major sources of input to the payroll system? a) b) c) d) payroll changes time and attendance data checks for insurance and benefits withholdings and deduction requests from employees 6. In the payroll system, checks are issued to a) b) c) d) employees and to banks participating in direct deposit. a separate payroll bank account. government agencies. All of the above are correct. 7. Some companies have created a position called "director of intellectual assets." What is the objective of this position? a) measurement and development of intellectual assets and human resources b) implementation of a more integrated HRM/payroll system c) improvement of the hiring and firing procedures in the company d) All of the above are correct. 8. Some stock analysts believe that a company's human resources may be worth several times the value of its tangible assets. However, the AIS typically does not account for or track such assets. Why is this the case? a) Employees are not "owned" by the company, and may not be considered an asset. b) Financial statements report on assets that have not yet been used by the organization. c) The value of human resources is only acknowledged when used and is tracked as an expenditure and not an asset. d) all of the above 9. Employee turnover will always occur and some experts believe it may even be desirable in an organization. Experts estimate that on average the costs associated with replacing an employee are about __________ that of the employee's annual salary. a) b) c) d) one-quarter one-half one and one-half twice 10. Payroll is one AIS application that is processed in __________ mode. a) b) c) d) sequential batch real time safe 11. The first step in the payroll process is to a) b) c) d) calculate gross pay. update the payroll master file. input time card data. print paychecks. 12. The payroll master file is updated with a) b) c) d) new hire and termination data. changes in pay rates and discretionary withholdings. changes in time card data. A and B above are correct. 13. When a person quits or is terminated from a company, what should be done with the person's record in the payroll system? a) It should be deleted immediately to prevent bogus paychecks from being issued. b) It should be kept indefinitely. c) It needs to be kept at least until the end of the current year. d) There is no rule about the retention of payroll records. 14. Given the four activities below, which of the HRM/payroll cycle activities occurs infrequently relative to the others? a) b) c) d) updating of the payroll master file updating information about tax rates and withholdings validating each employee's time and attendance data preparing payroll 15. Time cards are generally used for employees who are paid on a(n) a) b) c) d) monthly basis. overtime basis. hourly basis. production or piece-rate basis. 16. For recording time spent on specific work projects, manufacturing companies usually use a a) b) c) d) job time ticket. time card. time clock. labor time card. 17. Which category of employee below is least likely to use a time card or electronic time clock to track their hours? a) b) c) d) employees who manufacture a product accountants attorneys managers and professional staff 18. Regarding the use of incentives, commissions and bonuses in payroll, which of the following statements is false? a) Using incentives, commissions, and bonuses requires linking the payroll system and the information systems of sales and other cycles in order to collect the data used to calculate bonuses. b) Bonus/incentive schemes must be properly designed with realistic, attainable goals that can be objectively measured. c) Poorly designed incentive schemes can result in undesirable behavior. d) All of the above are true 19. Many companies use incentives and bonuses to motivate greater productivity and better quality work. An effective bonus/incentive system should incorporate realistic, attainable goals that can be objectively measured. What is not a desired result of an employee bonus/incentive system? a) employees may recommend unnecessary services to customers in order to exceed set sales quotas and earn a bonus b) employees may look for ways to improve service c) employees may analyze their work environment and find ways to cut costs d) employees may work harder and may be more motivated to exceed target goals to earn a bonus 20. Which of the following is most likely to be a daily activity in the HRM/Payroll system? a) b) c) d) Approve payroll disbursement Prepare paychecks Sign payroll checks Update HRM/Payroll database 21. A manufacturing company is likely to use __________ to collect employee time data for payroll and job time. a) b) c) d) badge readers supervisor's entries preprinted time cards retina scanning 22. These are used to transmit time and attendance data directly to the payroll processing system. a) Badge readers b) Electronic time clocks c) Magnetic cards d) None of the above 23. Payroll deductions fall into the broad categories of __________ and __________. a) b) c) d) payroll tax withholdings; voluntary deductions unemployment; social security taxes unemployment taxes; income taxes voluntary deductions; income taxes 24. Which of the following deductions is not classified as a voluntary deduction? a) b) c) d) pension plan contributions social security withholdings insurance premiums deductions for a charity organization 25. Which type of payroll report contains information such as the employees' gross pay, payroll deductions, and net pay in a multicolumn format? a) b) c) d) payroll register deduction register employee earnings statement federal W-4 form 26. Which type of payroll report lists the miscellaneous voluntary deductions for each employee? a) b) c) d) payroll register deduction register earnings statement federal W-4 form 27. Which type of payroll report includes the details of the current paycheck and deductions as well as year-to-date totals for each category? a) b) c) d) payroll register deduction register earnings statement federal W-4 form 28. Which HR report is used in preparing labor-related reports for government agencies? a) b) c) d) payroll register deduction register skills inventory workforce inventory 29. Which HR report is useful in planning future workforce needs and training programs? a) payroll register b) deduction register c) skills inventory report d) workforce inventory 30. Which HR report is sent to each employee for use in preparing individual tax returns? a) Form 941 b) Form W-2 c) Form W-4 d) Form 1099 31. Why is a separate payroll account used to clear payroll checks? a) for internal control purposes to help limit any exposure to loss by the company b) to make bank reconciliation easier c) banks don't like to commingle payroll and expense checks d) All of the above are correct. 32. One good way to eliminate paper paychecks is to a) b) c) d) pay in cash only. pay with money orders. use the direct deposit method to transfer funds into employee bank accounts. use EFT. 33. What step can be taken to reduce the distribution of fraudulent paychecks? a) b) c) d) have internal audit investigate unclaimed paychecks allow department managers to investigate unclaimed paychecks immediately mark "void" across all unclaimed paychecks match up all paychecks with time cards 34. This organization maintains the payroll master file for each of its clients and performs the payroll process. a) b) c) d) Cashier Payroll service bureau Professional employer organization Virtual private network 35. This organization provides payroll as well as other HRM services such as employee benefit design and administration. a) b) c) d) Cashier Payroll service bureau Professional employer organization Virtual private network 36. Which of the following is not a benefit of using a payroll service bureau or a professional employer organization? a) b) c) d) Freeing up of computer resources Increased internal control Reduced costs Wider range of benefits 37. Many companies offer their employees a "cafeteria" approach to voluntary benefits in which employees can pick and choose the benefits they want. This approach is normally called a(n) a) b) c) d) elective plan. menu options benefit plan. flexible benefit plan. pay-as-you-go plan. 38. The fourth step in the payroll cycle is preparing payroll. Pay rate information is needed in order to complete this task. The pay rate information is accessed by the system from __________. a) b) c) d) the employees' personnel files the employee subsidiary ledger the payroll master file electronic time cards 39. Part of the calculation necessary to process a payroll involves summing payroll deductions and subtracting the total from an employee's gross pay to arrive at net pay. Payroll deductions fall into two broad categories. Which deduction below would not be considered a voluntary deduction? a) b) c) d) disability insurance pension plan contribution union dues social security taxes 40. In a batch system, the payroll transaction file would contain a) b) c) d) entries to add new hires. time card data. changes in tax rates. All of the above are correct. 41. One step in the payroll cycle is the preparation of paychecks. In the next step the payroll register is sent to accounts payable for review. What is the following step in the process? a) The paychecks are distributed to the employees. b) A disbursement voucher is prepared to authorize the transfer of funds from the company’s general account. c) The payroll taxes are computed. d) The earnings statements are printed. 42. The document that lists each employee's gross pay, payroll deductions, and net pay in a multicolumn format is called a) b) c) d) an employee earnings statement. the payroll register. a deduction register. an employee time sheet summary. 43. As the payroll system processes each payroll transaction, the system should also perform which activity listed below? a) allocate labor costs to appropriate general ledger accounts b) use cumulative totals generated from a payroll to create a summary journal entry to be posted to the general ledger c) both A and B above d) The HRM system should not perform either activity A or B. 44. Direct deposit of employee paychecks is one way an organization can improve efficiency and reduce payroll-processing costs. Which statement regarding direct deposit is incorrect? a) The cashier does not have to authorize the transfer of funds from the organization's checking account to a payroll checking account. b) The cashier does not have to sign employee paychecks. c) Employees who are part of a direct deposit program receive a copy of their paycheck indicating the amount deposited. d) Employees who are part of a direct deposit program receive an employee earnings statement. 45. Many demands are placed on the company's HRM/payroll system. For example, federal and state laws require employers to contribute a specified percentage of each employee's gross pay into certain funds. Such funds are used for a) b) c) d) social security taxes. flexible benefit plans. federal and state unemployment compensation funds. federal income taxes. 46. The employer pays a portion of some payroll taxes and employee benefits. Both the employee and employer pay which benefit or tax listed below? a) b) c) d) social security taxes federal income taxes state income taxes none of the above 47. Some organizations outsource their payroll and/or HRM functions in an effort to reduce costs. A third party that maintains the payroll master file for each of its clients and processes payroll for them is called a) b) c) d) a professional employer organization (PEO). a payroll service bureau. a value-added network. an electronic data interface. 48. When using electronic documents, __________ increase the accuracy of data entry. a) b) c) d) access controls separation of duties general controls application controls 49. The key to preventing unauthorized changes to the payroll master file is a) hiring totally honest people to access and make changes to this file. b) segregating duties between the preparation of paychecks and their distribution. c) segregation of duties between the authorization of changes and the physical handling of paychecks. d) having the controller closely review and then approve any changes to the master file. 50. Which of the following is not a potential effect of inaccurate time data? a) b) c) d) increased labor expenses erroneous labor expense reports damaged employee morale inaccurate calculation of overhead costs 51. Which control would be most appropriate to address the problem of inaccurate payroll processing? a) b) c) d) encryption direct deposit cross-footing of the payroll register an imprest payroll checking account 52. What is the purpose of a general ledger payroll clearing account? a) to check the accuracy and completeness of payroll recording and its allocation to cost centers b) to make the bank reconciliation easier c) to make sure that all employees are paid correctly each week d) to prevent the cashier from having complete control of the payroll cycle 53. A "zero balance check" refers to which of the following control procedures? a) b) c) d) batch totals cross-footing the payroll register a payroll clearing account online edit control 54. Which of the following controls is inappropriate for payroll check writing? a) restrict access to blank payroll checks and documents b) use of a payroll clearing account c) someone independent of the payroll process should reconcile the payroll bank account d) sequential numbering of paychecks and accounting for the numbers 55. What is the best control to reduce the risk of losing payroll data? a) passwords b) physical security controls c) backup and disaster recovery procedures d) encryption 56. One threat to the HRM/payroll cycle is the potential for violation of employment laws. This threat relates directly to the process or activity of a) b) c) d) payroll processing. general activities found in the cycle. hiring and recruiting. none of the above 57. What is a potential threat to the activity of payroll processing? a) b) c) d) hiring unqualified employees poor system performance violations of employment laws unauthorized changes to the payroll master file 58. The results of an internal audit finds that there is a problem with inaccurate time data being entered into the payroll system. What is an applicable control that can help prevent this event from occurring in the future? a) b) c) d) proper segregation of duties automation of data collection sound hiring procedures review of appropriate performance metrics 59. Theft or fraudulent distribution of payroll checks is a potential threat to the payroll processing activity. What is one control that can be implemented to help prevent paychecks being issued to a "phantom" or "ghost" employee? a) b) c) d) the cashier should sign all payroll checks prenumber all payroll checks use an imprest account to clear payroll checks paychecks should be physically distributed by someone who does not authorize or record payroll SHORT ANSWER 60. Define an HRM/payroll cycle. What are the basic activities in an HRM/payroll cycle? 61. List the various ways used to compensate employees. 62. What are different types of deductions in payroll? 63. Why are accurate cumulative earnings records important? 64. Explain the functions of the payroll register, deduction register, and earnings statement. 65. What is a payroll service bureau? 66. What is a professional employer organization? 67. Discuss the various types of input into an AIS HRM/payroll system. 68. What are some of the benefits of using incentives and bonuses? What are some dangers? 69. Name some of the benefits of using electronic direct deposit to pay employees. ESSAY 70. What is the role of "soft assets" in the new information economy? Why has an AIS not reported on the company's human resources? 71. What factors should be considered in outsourcing payroll to a payroll service bureau? Discuss the advantages and disadvantages of using a payroll service bureau to process a payroll. 72. What are the control objectives in an HRM/payroll cycle? 73. Discuss the threat of unauthorized changes to the payroll master file and its consequences. 74. What controls are available to address the threat of payroll errors? ANSWER KEY 1. A 2. C 3. B 4. D 5. C 6. D 7. A 8. D 9. C 10. B 11. B 12. D 13. C 14. B 15. C 16. A 17. D 18. D 19. A 20. D 21. A 22. B 23. A 24. B 25. A 26. B 27. C 28. D 29. C 30. B 31. A 32. C 33. A 34. B 35. C 36. B 37. C 38. C 39. D 40. B 41. B 42. B 43. C 44. A 45. C 46. A 47. B 48. D 49. C 50. D 51. C 52. A 53. C 54. B 55. C 56. C 57. D 58. B 59. D 60. The HRM/payroll cycle is a recurring set of business activities and related data processing operations associated with effectively managing the employee work force. Important activities in the HRM/payroll cycle include the following tasks: Recruitment and hiring of new employees. Training. Job assignment. Compensation (payroll). Performance evaluation. Discharge. 61. Hourly rate; Piece rate (based on some form of production activity); Fixed salary; Commission based on sales or some quantitative measure; Salary plus commission; Bonus incentives; stock options. 62. Payroll deductions include: Payroll tax withholdings such as federal, state, and local income taxes social security taxes, unemployment taxes; Voluntary deductions such as contributions to a pension plan, premium for group life, etc. 63. Accurate records of cumulative earnings are necessary because social security and other deductions have maximum earnings amounts upon which taxes are paid; and the appropriate amount of income and payroll taxes should be remitted to the government agencies. 64. The payroll register is a report that lists each employee's gross pay, payroll deductions, and net pay for each pay period. The deduction register lists the voluntary deductions for each employee. The earnings statement lists the amount of gross pay, deductions, and net pay for the current period, as well as providing year-to-date totals. 65. A payroll service bureau is a company that can be hired as an independent contractor to maintain the payroll master file and perform the payroll processing activities for an organization. 66. A professional employer organization is a company that provides not only full payroll services but also provides HRM services such as employee benefit design and administration. 67. An HRM/payroll system relies on input from various sources. Employees provide input when they make changes in their discretionary deductions (contributions to charities or retirement plans); various departments provide data about the actual hours employees work. The HRM department provides information about employees who have been hired or terminated, pay-rate changes, and promotions. Government agencies provide tax rates and various instructions for meeting regulatory requirements. Insurance companies and other organizations provide instructions for calculating and remitting various withholding amounts. 68. Sales staffs are often paid either on a straight commission basis or a combination of a salary plus commissions. This is done to keep sales at a certain level or to increase sales. The HRM/payroll system will need input from the sales and other cycles to properly calculate commissions and bonuses for such employees. It is important that an incentive and bonus system sets realistic, attainable goals that are congruent with corporate objectives. It is also important that managers monitor incentive and bonus goals and ensure that the attainment of such goals is appropriate for the organization and does not lead to undesirable behavior, which can result from poorly designed incentive schemes. 69. Direct deposit of paychecks provide a savings to employers because the costs of purchasing, processing, and distributing paper checks is eliminated. Using direct deposit also reduces postage and bank fees. The cashier's time can be better spent because paychecks do not have to be signed. Employees save time as well as they do not have to make a physical trip to the bank to cash their checks. Direct deposit is safer as it eliminates misplaced paychecks and reduces the possibility of the theft of checks. 70. Soft assets represent intangible employee skills and knowledge in the organization, whereas hard assets represent tangible assets like buildings, land, or machinery. Many established information technology companies like Microsoft and new Internet companies like Amazon.com have relatively few hard assets (termed "bricks and mortar" in e-commerce). Their market value represents primarily the skills and knowledge of their employees. The accounting profession has traditionally ignored this "intellectual capital" due to problems with establishing objective valuation methods. Under GAAP, assets mean resources "owned" by an organization. Human resources, using this definition, are not assets since they are not "owned" by the company. Thus, salaries, bonuses, commissions, and direct labor are recorded by an AIS as expenses--there is no comprehensive review of measurement and reporting of human resources as assets. To help enable such measurement and establish value, an AIS should be integrated with the HRM system so employee costs and information about employee skills and knowledge can be readily accessed. 71. The following questions should be considered: How much does the service cost? How would the data be submitted-online or hand carried? What kind of reports and documents could be obtained from the service bureau? How would the service interface with the existing general ledger system? What resources are now being devoted to payroll and how could these resources be re-deployed into other areas? Could security and control be improved by the outsourcing? What would be the time length of a contract for outsourcing services? Could the service bureau system be integrated so that an online query could be made by the organization? What kind of track record does the service bureau have with other clients? Are there new technologies and approaches that would become available to the company via the service bureau? Advantages: No need to deal with complexity and changes in tax codes. No need to worry about what to do if equipment crashes. Less chance of employees accessing the payroll files (confidentiality). Possible efficiency and cost reductions. Wider range of benefits. Reed-up computer resources. Disadvantages: Less control over the payroll files because they are stored off-site. Extra costs for any special reports. Slower response to adhoc queries. 72. All payroll transactions are properly authorized. All recorded payroll transactions are valid. All valid, authorized payroll transactions are recorded. All payroll transactions are accurately recorded. Applicable government regulations regarding remittance of taxes and filing of payroll and HRM reports are met. Assets (both cash and data) are safeguarded from loss or theft. HRM/payroll cycle activities are performed efficiently and effectively. 73. Many problems may result when there are unauthorized changes to the payroll master file. Unauthorized changes may be made to employee pay rates, resulting in the company paying too much in wages. "Ghost" or "phantom" employees may be added to the payroll master to divert funds to dishonest employees through the issuance of paychecks to such "employees." Likewise, terminated employees may still be paid, resulting in the fraudulent diversion of payroll funds. Two controls that should be implemented and maintained to provide overall control of the payroll master file: proper segregation of duties and controlling access to the file. Good internal control dictates that only authorized HRM personnel be allowed to update the payroll master file for any hiring, termination, pay raise, and promotion. HRM personnel, who have such access to the payroll master file, should never be allowed to directly participate in actual payroll processing or paycheck distribution. This way an adequate control is created to match actual paychecks (or earnings statements when direct deposit is in place) with employees when a manager, supervisor, or other third party hand out the checks (or earnings statements). Also, a different individual should approve all changes to the payroll master file in writing other than the individual who recommends or initiates the changes. User IDs and passwords should always be used to control access to the payroll master file, and an access control matrix should be established to define what actions each authorized employee is allowed to make and confirms the files the employee may access. 74. Three types of controls can be used to circumvent payroll errors in an HRM/payroll system. Batch totals are used to verify totals entered into the system both at the time of data entry and at each stage in the processing. Hash totals are particularly useful in this regard, since hash totals calculated at the time of original data entry and again at each stage in the process can be compared. When the comparisons match throughout the process, three conclusions can be made: 1) all payroll records have been processed; 2) the data input was accurate; and 3) no bogus time cards were entered at any point after initial input. Upon completion of a payroll, the payroll register should be cross-footed to verify that the totals of the net pay column and other deduction columns equal the total of the gross pay column. A third control is the use of a payroll clearing account. This is a general ledger account that can be used as part of a two-step accuracy and completeness process. First, the payroll control account will be debited for the amount of the gross pay for the pay period; cash and other various withholding liability accounts are credited. Second, the cost accounting process distributes labor costs to various expense categories and credits the payroll control account for the total amount of the debits made to the other accounts. The result is that the payroll control account will have a zero balance. This becomes an internal check known as a zero balance check, indicating that the proper postings have been made to all of the accounts associated with payroll for a given pay period. Chapter 14 MULTIPLE CHOICE 1. The general ledger and reporting system consists of the __________ involved in __________ the general ledger and __________ reports. a) b) c) d) business transactions; updating; processing data processing; business transactions for; printing information processing; updating; creating business transactions; data processing; preparing 2. Which item below is not considered a major input to the general ledger and reporting system? a) b) c) d) summary entries from the major subsystems reports from managers adjusting entries financing and investing activities 3. Who provides the adjusting entries for a well-designed general ledger and reporting system? a) b) c) d) various user departments the treasurer's area the other major AIS subsystems the controller's area 4. The general ledger and reporting system is designed to provide information for which of the following user groups? a) b) c) d) internal users external users inquiry processing by internal or external users all of the above 5. The general ledger system of an organization should be designed to serve the information requirements of both financial and nonfinancial users. This means that the system should a) b) c) d) support producing regular periodic reports. support the real-time inquiry needs of all users. support producing regular periodic reports and respond to real-time inquiry needs. support access by investors and creditors of the organization to general ledger balances. 6. The first activity in the general ledger system is to update the general ledger. Updates come from the various accounting subsystems as well as from the treasurer. How is general ledger updating accomplished by the various accounting subsystems? a) Individual journal entries for each accounting subsystem transaction update the general ledger every 24 hours. b) Summary journal entries that represent the results of all transactions for a certain time period are used to update the general ledger. c) The controller or treasurer must approve accounting subsystem journal entries before any updating may occur. d) Nonroutine transactions are entered into the system by the treasurer's office. 7. When updating the general ledger, sales, purchases, and production are examples of __________ entries, and issuance or retirement of debt and the purchase or sale of investment securities are examples of __________ entries. a) b) c) d) adjusting; controller originated accounting subsystem; treasurer originated adjusting; special journal controller generated; special journal 8. Entries to update the general ledger are often documented by which of the following? a) b) c) d) general journal subsidiary journal subsidiary ledgers journal vouchers 9. In accounting terminology, the form that documents journal entry updates to the general ledger is called a) b) c) d) a trial balance. an adjusted trial balance. a journal voucher. an accounting update memo. 10. Adjusting entries that reflect events that have already occurred but for which no cash flow has taken place and not previously entered into the accounts are called a) b) c) d) accruals. deferrals. revaluations. corrections. 11. The recording of interest earned on an account balance or wages payable is an example of which type of adjusting journal entry? a) b) c) d) accrual entry deferral entry revaluation entry correcting entry 12. The posting of adjusting journal entries is the second activity found in the general ledger system. Adjusting entries fall into several categories. An adjusting entry made at the end of an accounting period that reflects the exchange of cash prior to performance of a related event is called a(n) a) b) c) d) accrual entry. deferral entry. revaluation entry. correcting entry. 13. Depreciation and bad debts expense are examples of which type of adjusting entries? a) deferrals b) accruals c) revaluations d) estimates 14. Adjusting entries that are made to reflect differences between the actual and recorded value of an asset or a change in accounting principle are called a) b) c) d) reconciliations. revaluations. estimates. accruals. 15. Adjusting entries that are made to counteract the effects of errors found in the general ledger are called a) b) c) d) accruals. corrections. deferrals. estimates. 16. Corrections are entries made to correct errors found in __________. a) b) c) d) all journals. special journals. the general ledger. the financial statements. 17. Immediately after the adjusting entries are completed, the next step in the general ledger and reporting system is to prepare a) b) c) d) an adjusted trial balance. a closing entry. a worksheet. the statement of cash flows. 18. There are four basic activities performed in the general ledger and reporting system. Several of these activities represent the basic steps in the accounting cycle. In what step is the adjusted trial balance prepared? a) b) c) d) update the general ledger post adjusting entries prepare financial statements produce managerial reports 19. The preparation of financial statements is the third activity in the general ledger system. To properly complete the accounting cycle, financial statements are prepared in a certain sequence. Which statement is prepared last in the sequence? a) b) c) d) the adjusted trial balance the income statement the balance sheet the statement of cash flows 20. A listing of journal vouchers by numerical sequence, account number, or date is an example of a) a general ledger control report. b) a budget report. c) a batch to be processed. d) responsibility accounting. 21. The final activity in the general ledger and reporting system is the production of various managerial reports. The report that shows planned cash inflows and outflows for each project is the a) b) c) d) journal voucher list. statement of cash flows. operating budget. capital expenditures budget. 22. Various budgets can be produced for planning and evaluating performance within an organization. The operating budget a) b) c) d) compares estimated cash flows from operations with planned expenditures. shows cash inflows and outflows for each project. depicts planned revenues and expenditures for each organizational unit. is used for the purchase and retirement of property, plant, and equipment. 23. Budgets and performance reports should be developed on the basis of a) b) c) d) responsibility accounting. generally accepted accounting principles. financial accounting standards. managerial accounting standards. 24. Cost center reports compare actual versus budget regarding __________ costs. a) b) c) d) controllable noncontrollable fixed variable 25. Sales departments are most likely to be evaluated as ______ centers a) b) c) d) cost profit investment revenue 26. Departments that mostly provide services to other units and charge those units for services rendered should be viewed as __________ centers. a) b) c) d) cost profit investment revenue 27. Variances for variable costs will be misleading when the planned output differs from budgeted output. A solution to this problem would be a) b) c) d) calling all costs fixed. to use flexible budgeting. better prediction of output. to eliminate the budgeting process. 28. Most budgets compare a standard budget amount to actual amounts that reflect the true performance of the organization. The budget standard is often a fixed target; however, given that these amounts are static, the budget does not account for unforeseen changes in the operating environment. A solution to this type of problem is to use a(n) a) b) c) d) operating budget. capital expenditures budget. cash flow budget. flexible budget. 29. Concerning the reporting environment, which of the following statements is not true? a) Many companies can submit required financial and tax fillings electronically to the SEC and IRS. b) Management reports are usually developed in spreadsheets and disseminated either through e-mail or by posting on the company intranet. c) For many companies, the electronic dissemination of reports containing financial information has been an efficient process for some time. d) Many companies post their financial statements on their corporate web sites. 30. Concerning XBRL, which of the following statements is not true? a) b) c) d) XBRL is a variant of XML. XBRL is specifically designed for use in communicating the content of financial data. XBRL creates unique tags for each data item. XBRL's adoption means accountants and systems professionals must know how to write XBRL code to take advantage of its benefits. 31. The benefits of XBRL include: a) XBRL enables organizations to publish financial information only once, using standard XBRL tags. b) XBRL tagged information is interpretable and doesn't need to be re-entered by users. c) Both are benefits of XBRL d) Neither are benefits of XBRL 32. Communications technology and the Internet can be used to reduce the time and costs involved in disseminating financial statement information. Users of such financial information still struggle in that many recipients have different information delivery requirements and may have to manually reenter the information into their own decision analysis tools. The ideal solution to solve these problems and efficiently transmit financial information via the Internet is to use a) b) c) d) HTML code. XML. the pdf file format. XBRL. 33. Which of the following would be an effective control for achieving the general control objectives in the general ledger and reporting system? a) b) c) d) using well-designed documents and records online data entry with the use of appropriate edit checks prenumbering documents and accounting for the sequence numbers All of the above are appropriate. 34. A type of edit check that would ensure that entries are made to existing general ledger accounts is called a(n) __________ check. a) b) c) d) validity existence closed loop verification field 35. Journal entries made by either the treasurer or controller should be subject to input edit and processing controls. A check that can be made to ensure that the amount field in a journal entry contains only numeric data is called a __________. a) b) c) d) validity check field or format check zero-balance check sign check 36. One way of ensuring that recurring adjusting journal entries that are needed each month are in fact made each month would be a) b) c) d) to make all the entries a month in advance. to rotate the responsibility among the accounting staff. to program the entries to be made automatically. to create a standard adjusting journal entry file. 37. The edit check that verifies the ending balance of an account in fact fully reflects the beginning balance and all debit and credit entries made thereafter is referred to as a a) b) c) d) run-to-run total. completeness check. closed loop verification. zero balance check. 38. Reconciliation and control reports can help detect whether any errors have been made during the process of updating the general ledger. One reconciliation that indicates whether the sum of debit balances is equal to the sum of credit balances in the general ledger is commonly known as a) b) c) d) a trial balance. a completeness test. a closed-loop verification. a general journal listing. 39. This report indicates whether the total debits equal the total credits posted to the general ledger. a) b) c) d) a trial balance. a completeness test. a closed-loop verification. a general journal listing. 40. Which of the following tasks are accomplished by following the audit trail? a) trace a transaction from original source document to the general ledger to a report b) trace an item in a report back through the general ledger to the original source c) trace all changes in the general ledger from beginning to ending balances d) All of the above are correct. 41. Which one of the following measures four dimensions of performance? a) b) c) d) human resources accounting social responsibility accounting a balanced scorecard integrated databases 42. A report containing measures that relate to the financial, internal operation, customer, and innovation and learning perspectives of an organization is called a(n) a) b) c) d) ERP. AIS. balanced scorecard. data warehouse. 43. Which one of the following dimensions provides measures on how efficiently and effectively the organization is performing key business processes? a) b) c) d) financial internal operations innovations and learning customer perspectives 44. To support the strategic decision-making requirements of organizations, a separate database may be created and maintained. The name used for such a database depends on its size. What is the smaller version of such a database called? a) b) c) d) a data warehouse a data mart a data store a database management system 45. A financial data warehouse provides support for strategic decision making because it a) b) c) d) consolidates current financial data. contains both current and historical financial data. contains current financial and operational data. summarizes historical data. 46. Which statement below about data warehouses and data marts is true? a) The typical size of a data warehouse is small. b) Data warehouses may replace the transaction processing databases of an organization. c) A data warehouse or data mart complements the other databases within the organization by providing support for strategic decision making. d) Data marts can be used for transaction processing. 47. The process of accessing the data contained in a data warehouse and using it for strategic decision making is often referred to as: a) b) c) d) artificial intelligence business intelligence data mart data warehousing 48. Which of the following techniques is not used in data mining? a) b) c) d) statistical analysis artificial intelligence expert systems neural networks 49. Which of the following is not one of the basic principles that make bar charts easy to read? a) b) c) d) Include data values with each element. Use 3-D rather than 2-D bars to make reading easier. Use colors or shades instead of patterns to represent different variables. Use titles that summarize the basic message. SHORT ANSWER 50. What is a general ledger and reporting system? 51. What are the four basic activities involved in the general ledger and reporting system? 52. What is a journal voucher file? What is the purpose of this file? 53. What is responsibility accounting? 54. How is a balanced scorecard used to assess organizational performance? 55. How is an audit trail used in the general ledger and reporting system? 56. Explain the benefits of XBRL. ESSAY 57. Discuss the value and role of budgets as managerial reports. 58. What is data mining? Give an example of how it is used. 59. What are the control objectives in the general ledger and reporting system? 60. Describe three threats in the general ledger and reporting system and identify corresponding controls for each threat. 61. Explain the preparation of financial statements as the third step in the general ledger and reporting system. ANSWER KEY 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. C B D D C B B D C A A B D B B C A B D A D C A A D B B D C D C D D A B D A A D D C C B B B C B C B A general ledger and reporting system consists of the information processing operations involved in updating the general ledger and preparing reports that summarize the results of activities for both external and internal users. The information contained in the general ledger is also part of the preparation of financial statements. 51. Update general ledger. Post adjusting entries. Prepare financial statements. Produce managerial reports 52. A journal voucher is a form on which journal entries to update the general ledger are documented. The individual entries are stored in the journal voucher file. This file is equivalent to the general journal in a manual AIS. The journal voucher file forms an important part of the audit trail as well. Various internal controls must be implemented in order to maintain adequate security and access control over the file, because it provides a way to alter and change the data contained in the general ledger. 53. Responsibility accounting involves the reporting of financial results on the basis of managerial responsibilities within an organization. Reports show actual amounts and variances to budget for the current month and year to date for items controllable at that level. 54. The balanced scorecard contains four perspectives of measurement of the organization. The perspectives are financial, internal operations, innovation and learning, and customer. Together these different perspectives provide a dimensional overview of organizational performance that is greater than financial measures alone. A scorecard that has been properly designed will measure key aspects of the organization's strategy as well as show important links across the perspectives or dimensions. 55. An audit trail shows the path of a transaction through the accounting system. It can provide information needed to trace any changes made to the general ledger by tracing either to or from an original source document to the general ledger. It helps in tracing all changes in general ledger accounts from beginning balances to ending balances as well as any adjustments made to the accounts. 56. XBRL (eXtensible Business Reporting Language) is a variation of XML, which is designed to communicate the content of data. XML improves upon HTML by being able to describe the content of the data presented. However, XML is limited when communicating financial information. For financial purposes, XBRL identifies each piece of data, along with how the data should be processed and how the data relate to other data items. XBRL may soon become the universal standard computer language for communicating financial data. XBRL enables organizations to publish financial information only once, using standard XBRL tags. XBRL tagged information is interpretable and doesn't need to be re-entered by users. 57. Budgets are managerial reports that can be extracted from the general ledger and reporting system. Budgets are used for planning and evaluating the organization's performance. There are several different types of budgets that an organization may use in this regard. The operating budget shows the planned revenues and expenditures for each organizational unit. Cash flow budgets compare the estimated cash inflows from operations with planned expenditures, and they are particularly useful to determine the borrowing needs of the organization. A capital expenditure budget shows the projected cash inflows and outflows for a given project. Budgetary reports should be tailored to the nature of the unit or department being evaluated, and they should show actual versus projected budget amounts. Unfortunately, many budget amounts are viewed as fixed targets, and they are therefore static and inflexible. Such an approach may either reward or penalize managers for factors that are beyond their control. A solution to this problem is to develop a flexible budget, in which variable budgeted amounts change in relation to some measure of organizational activity, such as labor hours, or a percentage of sales. A flexible budget may also break amounts into their respective fixed and variable components. Variable amounts can then be adjusted for fluctuations in sales or production. 58. Data mining is another way to access the information stored in a data warehouse. Data mining involves the use of sophisticated statistical analysis, including artificial intelligence techniques like neural networks, to discover new hypothetical relationships in the data. Credit card companies use data mining to identify patterns of use indicative of fraud. Similarly, data mining techniques can be used to identify previously unknown relationships in sales data that can then be used as the basis for future promotions. 59. All updates to the general ledger are properly authorized. All recorded general ledger transactions are valid. All valid, authorized general ledger transactions are recorded. All general ledger transactions are accurately recorded. General ledger data are safeguarded from loss or theft. General ledger system activities are performed efficiently and effectively. 60. Threat 1: Errors in updating the general ledger because of inaccurate/incomplete journal entries or posting of journal entries - Controls: (1) Input, edit, and processing controls over summary entries from subsystems. (a) Validity check over existence of general ledger accounts. (b) Field check over numeric data in amount field. (c) Zero-balance check ensures equality of debits and credits (d) Completeness test - all pertinent data are entered (e) Redundant data check - closed loop verification to see if on account numbers and descriptions (f) Standard adjusting entry file for recurring entries - improves accuracy of the process (g) Sign check on debit and credit entries (h) Calculation of run-to-run totals can verify the accuracy of journal voucher batch processing (2) Reconciliation and control reports - can detect errors made during updating and processing; trial balances, clearing, and suspense accounts are examples (a) Balancing of control and subsidiary accounts (b) Control reports can help identify the source of errors in the general ledger update process - listings of journal vouchers and general journal entries will show entries posted to the general ledger and ensures equality of debits and credits (3) The audit trail - the path of transactions through the system-should be able to perform the following tasks: (a) Trace any transaction from its original source document to the general ledger; any other document or report using that data (b) Trace any item from a report or an output document to the general ledger and thence to the source document (c) Trace all changes in the general ledger balances from their beginning balance to their ending balance. THREAT 2: Loss or unauthorized disclosure or alteration of financial data - Controls: (1) User IDs, passwords, and access controls should be used (2) Enforce segregation of duties (3) Adjusting entries only from the controller's area (4) Valid authorization for journal voucher submission. THREAT 3: Loss or destruction of the general ledger - Controls: (1) Use of internal and external file labels to protect from accidental data loss (2) Make regular backup copies of the general ledger, one copy stored off-site (3) A good disaster recovery plan and (7) access and processing integrity controls to ensure confidentiality and accuracy of data transmitted to branch offices or externally. THREAT 3: Poor performance – Controls: (1) XBRL, (2) redesign business processes, and (3) redesign metrics used to report results of business activities. 61. The general ledger collects and reports financial information, and is it used to prepare the financial statements for an organization. The first statement that is prepared is the income statement. It is based on data from revenue and expense accounts that have been subject to adjustment. The adjusted trial balance is used to provide the balances used on the income statement (of course the adjusted trial balance is generated as part of the second step in the general ledger and reporting system). Revenue and expense accounts can then be "zeroed out" using closing entries, which will transfer any net income or loss to the retained earnings account. The balance sheet can then be prepared. The statement of cash flows is prepared after the balance sheet, because it uses data obtained from both the income statement and the balance sheet as well as other information about the organization's investing and financing activities. Chapter 15 MULTIPLE CHOICE 1. There are five basic stages in the database design process. The step which includes developing the conceptual-, external-, and internal-level schema into the actual database structures is known as a) b) c) d) stage one. stage two. stage three. stage four. 2. Accountants should be involved in __________ aspect(s) of the database design process. a) b) c) d) only the physical modeling all only the data flow diagram only the requirements analysis 3. At what stage should accountants participate in the database design process? a) b) c) d) in stages one, two, and three in stages four, five, and six only in stage one in all six stages, although their level of participation may vary 4. The process of defining a database so that it faithfully represents all aspects of the organization including its interactions with the external environment is called a) b) c) d) data modeling. data designing. data development. data definition. 5. Accountants may provide the greatest value to their organization by taking responsibility for data modeling. In which stage(s) of the database design process does data modeling occur? a) b) c) d) only in the systems analysis stage only in the design stage in both the systems analysis and design stages of database design neither the systems analysis nor the design stages of database design 6. A(n) __________ diagram graphically depicts a database's contents by showing entities and relationships. a) b) c) d) DFD flowchart E-R REA 7. An entity-relationship diagram (E-R) is useful because it shows the various entities being modeled and the important relationships among them. Anything about which the organization wants to collect and store information is called a) a data model. b) an entity. c) a schema. d) a tuple. 8. An E-R diagram represents entities as __________ and the relationships between them as lines and __________. a) b) c) d) circles; squares squares; diamonds rectangles; diamonds rectangles; circles 9. An E-R diagram a) b) c) d) Can represent the contents of any database. Are only used in conjunction with REA models. Can show a limited number of entities and relationships Are used only to design new databases. 10. An E-R diagram a) b) c) d) only depicts the contents of a database. only graphically models an organization. only defines a database so that it represents all aspects of the organization. depicts both the contents of a database and graphically models an organization. 11. The REA data model a) b) c) d) Is used in many areas of business and science. Was developed solely for use in designing accounting information systems. Classifies data into relationships, entities and accounts. All of the above. 12. An example of an event is a) b) c) d) employees customers sales cash 13. An example of a resource is a) b) c) d) employees customers sales cash 14. An example of an agent is a) b) c) d) customer sales cash inventory 15. What does the acronym REA mean? a) resources, events, agents b) resources, entities, agents c) relations, events, agents d) relations, entities, agents 16. In the REA data modeling technique, the identifiable objects that have economic value to the organization are called a) b) c) d) resources. assets. entities. objects. 17. The __________ in the REA model include all of the organization's business activities. a) b) c) d) resources events agents entities 18. The groups of people about which an organization collects data to help it better plan, control, and evaluate performance of its basic business activities are the a) b) c) d) employees. events. agents. entities. 19. Events must be linked to at least one a) b) c) d) Account Agent Entity Resource 20. Events must be linked to at least two a) b) c) d) Agents Entities Events Resources 21. Which of the following is not one of the rules that describe how the three types of entities should relate to one another in an REA data model? a) b) c) d) Each event is linked to at least one resource that it affects. Each event is linked to at least one other event. Each event is linked to at least two participating agents. All of the above are important rules. 22. The REA data model supports both __________ and __________ types of data. a) b) c) d) financial; nonfinancial logical; physical planning; control traditional; nontraditional 23. Nonfinancial information should be collected because a) b) c) d) it may indicate events that may affect resources. it can be used to plan other activities. it can be used in transaction processing. both A and B 24. Which is a true statement about the REA data model? a) b) c) d) The REA data model classifies entities into three distinct categories. The term REA is an acronym that stands for resources, entities, and agents. Using an REA data model is not helpful when creating an R-E diagram. The "E" in the REA data model stands for things that have an economic value to the organization. 25. An REA diagram must link every event to at least one __________ and two __________. a) b) c) d) resource; agents agent; resources transaction; entities resource; relationships 26. Each event in an REA model will in most cases have at least one __________ agent and one __________ agent involved with the event. a) b) c) d) internal; resource external; entity internal; employee internal; external 27. Relationships that affect the quantity of a resource are sometimes referred to as _______ relationships. a) b) c) d) commitment exchange stockflow none of the above 28. Using the REA data model, promises to engage in future economic exchanges are called a) b) c) d) commitments. economic exchanges. resources. agents. 29. The "give" event represents an activity which a) b) c) d) includes a promise to engage in future economic exchanges. increases the organization's stock of an economic resource. reduces the organization's stock of a resource that has economic value none of the above. 30. The "get" event represents an activity which a) includes a promise to engage in future economic exchanges. b) increases the organization's stock of an economic resource. c) reduces the organization's stock of a resource that has economic value d) none of the above. 31. Concerning the development of an REA model, which of the following statements is true? a) b) c) d) Events that pertain to the entry of data are included in the REA model. The objective is to model the basic value-chain activity. REA diagrams model individual transactions and data collections. Information retrieval events are modeled as events in the REA model. 32. Developing an REA diagram for a specific transaction cycle consists of how many steps? a) b) c) d) one two three four 33. Developing an REA diagram for a specific transaction cycle consists of steps. The first step involves a) b) c) d) Identifying events Identifying agents Identifying resources Identifying cardinality 34. Developing an REA diagram for a specific transaction cycle consists of steps. The second step involves a) b) c) d) Identifying agents Identifying resources Identifying cardinality Both a and b 35. Developing an REA diagram for a specific transaction cycle consists of steps. The third step involves a) b) c) d) Identifying events Identifying agents Identifying resources Identifying cardinalities of each relationship 36. The measure of how many instances of the other entity can be linked to one specific instance of a given entity is called a) b) c) d) a resource. a cardinality. an agent. an exchange event. 37. Concerning cardinality, which of the following is false? a) b) c) d) Cardinalities describe the nature of the relationship between two entities. No universal standard exists for representing information about cardinalities in REA diagrams. The minimum cardinality can be zero. The maximum cardinality can be zero. 38. Concerning cardinality, which of the following is true? a) b) c) d) The three basic types of relationship between entities are identified by their minimum cardinality. The choice of cardinalities is arbitrary. The minimum cardinality is generally given last. Cardinality information is the final step in drawing an REA diagram 39. In an REA diagram, the pair of numbers next to each entity represents the cardinalities for the entity. The first number in the pair is known as a) b) c) d) the minimum cardinality. the maximum cardinality. the x axis cardinality. the y axis cardinality. 40. The minimum cardinality of a relationship in an REA diagram can be either a) b) c) d) 0 or 1. 0 or N. 1 or N. none of the above 41. The maximum cardinality of a relationship in a REA diagram can be either a) b) c) d) zero or one. one or many. zero or many. none of the above 42. How many types of relationships are possible between entities? a) b) c) d) one two three an infinite number 43. A one-to-many relationship exists between entities when the maximum cardinality of one entity is __________ and the maximum cardinality for the other entity in that relationship is __________. a) b) c) d) 1; 1 1; N M; N M; M 44. Cardinalities reflect __________ about the organization being modeled and its business practices. a) b) c) d) assumptions opinions facts theories 45. Assume the cardinalities associated in a relationship all have zero minimums and N maximums. This would be an example of which cardinality rule? a) b) c) d) agent-event relationship resource-event relationship event-event relationship none of the above relationships 46. Concerning REA diagrams, which of the following is false? a) b) c) d) Each organization will have its own unique REA diagram. An REA diagram for a given organization will change over time. Data modeling and REA diagram development involve complex and repetitive processes. Redrawing an REA diagram several times during development is uncommon. 47. Which of the following is not one of the five stages of database design? a) systems analysis b) conceptual design c) data modeling d) implementation 48. Data modeling is an element of a) Systems analysis b) Conceptual design c) Both A and B d) None of the above 49. The REA model classifies entities into three basic categories. Which of the following is one of these three? a) resources b) relationships c) accounting d) entities 50. Developing an REA model involves three steps. In which step are the agents identified? a) First b) Second c) Third d) None of the above SHORT ANSWER 51. What is data modeling? 52. What is an REA data model? 53. Name and describe the three parts of the REA data model. 54. List the five stages in the database design process. 55. Define cardinality. 56. Identify the three basic rules that apply to the REA model pattern. 57. What are the three steps in developing an REA diagram? 58. Explain how an AIS system can be viewed as a set of "give-to-get" exchanges. ESSAY 59. Define minimum and maximum cardinalities. 60. Describe the possible relationships between entities in terms of cardinalities. 61. Comment on the statement, "Accountants can and should participate in all stages of the database design process." ANSWER KEY 1. B 2. B 3. D 4. A 5. C 6. C 7. B 8. C 9. A 10. D 11. B 12. C 13. D 14. A 15. A 16. A 17. B 18. C 19. D 20. A 21. D 22. A 23. D 24. A 25. A 26. D 27. C 28. A 29. C 30. B 31. B 32. C 33. A 34. D 35. D 36. B 37. D 38. D 39. A 40. A 41. B 42. C 43. B 44. C 45. B 46. D 47. C 48. C 49. A 50. B 51. Data modeling is the process of defining a database so that it faithfully represents all aspects of the organization, including its interaction with the external environment. 52. The REA data model is a conceptual modeling tool specifically designed to provide structure for designing an AIS database. The REA data model identifies what entities should be included in the AIS database and prescribes how to structure relationships among the entities in the AIS database. 53. REA stands for resources, events, and agents. Resources are defined as those things that have economic value to the organization. Events are the various business activities about which management wants to collect information for planning and control purposes. Agents are the people and organizations that participate in events and about which information is desired for planning, control, and evaluation purposes. 54. Systems Analysis, conceptual design, physical design, implementation and conversion, and operation and maintenance. 55. The cardinality of the relationship indicates how many occurrences of the entity on the other side of the relationship can be linked to a single occurrence of the entity on this side of the relationship. In relational database terms, cardinality provides information about how many rows in the other table can be linked to each row in this table. 56. Each event is linked to at least one resource that it affects. Each event is linked to at least one other event. Each event is linked to at least two participating agents. 57. Developing an REA diagram involves three steps. First, identify the basic events of interest (any activity about which management wants to collect information in order to plan, control, and evaluate performance). Second, identify the resources affected by and the agents who participate in those events. Third, use knowledge about the organization’s business practices to add relationship cardinality information to the diagram. 58. An AIS system can be viewed as a set of "give-to-get" exchanges because such exchanges reflect the nature of the five transaction cycles: revenue, expenditure, human resources, production, and financing. In each cycle the organization "gives" some resource in exchange for another resource (the "get" part of the transaction). The goal is that the "give" part of the exchange is of lesser value than the "get" portion, thus generating a profit for the organization. The AIS should capture, record, and organize information relating to any transaction that occurs within a cycle. 59. A minimum cardinality indicates the number of instances of that entity that must be associated with at least one instance of the other entity. Minimum cardinalities can be 0 or 1. A maximum cardinality indicates the number of instances of that entity that can be linked to at most one instance of the other entity. Maximum cardinalities can be 1 or N (many). 60. There are three types or relationships possible between entities depending upon maximum cardinality. These are: A one-to-one relationship exists when the maximum cardinality of each entity is 1. A one-to-many relationship exists when the maximum cardinality on one entity is 1 and maximum cardinality of the other entity is N. A many-to-many relationship exists when the maximum cardinality of both entities is N. 61. Accountants are in a unique position within a business organization. They are intimately acquainted with the many business transactions that occur in an organization and they are knowledgeable about the policies and practices of the business itself as well as the environment within which it operates. The knowledge base and skill sets of the accountant should be put to good use in the development of database design to the fullest extent possible (although some accountants may not possess AIS coding and development skill sets). Consider that during the planning stage accountants provide some of the information used to evaluate the feasibility of the proposed project and they participate in making the decision itself. Accountants can identify user information needs and develop logical schema during the requirement analysis and design stages. Accountants can also help test the accuracy of the new database and application programs during the implementation stage of development. Accountants can also act as "subject matter experts" since they are knowledgeable users of the new system. They can also serve as managers of the system once it is up and running. Chapter 16 MULTIPLE CHOICE 1. Integrating separate REA diagrams developed for individual transaction cycles into a single, comprehensive enterprise-wide data model a) is possible. b) requires understanding what the cardinalities in each separate diagram reveal about the organization’s business policies and activities. c) provides a single comprehensive enterprise-wide model of the organization. d) all of the above are true. 2. An integrated REA diagram merges multiple copies of _______ and ______entities but retains multiple copies of ______ entities. a) b) c) d) Resource, event, agent Relationship, economic, accounting Resource, economic, agent Relationship, event, accounting 3. An integrated REA diagram contains multiple copies of a) b) c) d) 4. Accounts Agents Events Resource An integrated REA diagram merges multiple copies of some entities in order to a) Minimize the repetition of agent entities. b) Maximize the legibility of the comprehensive REA diagram by avoiding the need to have relationship lines cross one another. c) Both A and B are true. d) Both A and B are false. 5. An integrated REA diagram merges multiple copies of some entities in order to a) Minimize the repetition of agent entities. b) Maximize the legibility of the comprehensive REA diagram by avoiding the need to have relationship lines cross one another. c) Both A and B are true. d) Both A and B are false. 6. Combining REA diagrams for individual transaction cycles into a single, enterprisewide model adds two more rules to the three basic principles for drawing REA diagrams. Which of the following is not one of those two new rules? a) Every resource must be linked to at least one event that increments that resource and to at least one event that decrements that resource. b) If a specific event can be linked to more than one other type of event, but cannot be linked simultaneously to all of those other events, then the minimum cardinality between that event and every other event with which it may be associated must be 0. c) If a specific event can be linked to more than one other type of event, but cannot be linked simultaneously to all of those other events, then the maximum cardinality between that event and every other event with which it may be associated must be 0. d) None of the above 7. Concerning a correctly drawn enterprise-wide REA diagram, which of the following statements is not true? a) Every event must be linked to at least one resource. b) Merging two transaction cycles on a common event may affect the minimum cardinalities between the merged event and the agents participating in that event. c) Every event must be linked to one agent who participates in that event. d) Creating a set of tables from an REA diagram automatically results in a well-structured relational database. 8. Which of the following is not one of the three steps to implementing an REA diagram in a relational database? a) b) c) d) Assign attributes to appropriate tables. Create a table for each distinct entity in the diagram and for each many-to-many relationship. Every event must be linked to at least one resource. Use foreign keys to implement one-to-one and one-to-many relationships. 9. REA diagrams for different organizations may be similar, but will likely result in different relationship cardinalities because of a) b) c) d) Differences in business policies Different designers of REA diagrams Different methods of drawing REA diagrams Errors in drawing REA diagrams 10. What is the first step to implementing an REA diagram in a relational database? a) b) c) d) Assign attributes to appropriate tables. Create a table for each distinct entity in the diagram and for each many-to-many relationship. Identify cardinalities. Use foreign keys to implement one-to-one and one-to-many relationships. 11. Concerning REA diagrams and relational databases, which of the following is true? a) A well designed relational database is the starting point for creating an REA diagram. b) A well-designed REA diagram will result in the occasional update, insert or delete anomaly problem in the relational database. c) Database design is generic for similar organizations. d) The design of a database is specific to the organization being modeled. 12. Concerning the creation of tables from an REA diagram, which of the following is false? a) A properly designed relational database has a table for each distinct entity in an REA diagram. b) A properly designed relational database has a table for each many-to-many relationship in an REA diagram. c) To reduce confusion, table names should not duplicate REA diagram entities' names. d) Many-to-many relationships will be shown in tables with hyphenated concatenations of the entities' names. 13. When assigning attributes to each table, a) The database designer must interview users to identify which facts should be included in the database. b) The database designer must interview management to identify which facts should be included in the database. c) The database designer must use the REA diagram to help determine in which tables those facts belong. d) All of the above. 14. Multiple attribute primary keys are a) b) c) d) Common Concatenated keys Disallowed Secondary keys 15. The primary key for M:N relationship tables a) b) c) d) Is a single attribute Always consists of two attributes Is the primary key of the most important entity linked to that relationship Is impossible to determine 16. Other attributes besides the primary key are a) b) c) d) Included to satisfy transaction processing requirements. Included to meet management's information needs. Both A and B None of the above 17. Concerning tables for M:N relationships, which of the following statements is false? a) b) c) d) Non-key attributes may be included. Multiple attribute primary keys are used. Single attribute primary keys may be used. Concatenated keys are used. 18. Concerning the creation of tables from an REA diagram, which of the following is false? a) b) c) d) Foreign keys are used to implement 1:1 and 1:N relationships. A table is created for each distinct entity. A table is created for each M:N relationship. Tables are completed with input data. 19. When implementing 1:1 and 1:N relationships a) b) c) d) Foreign keys are used. Separate tables could be used. The primary key of one entity becomes a foreign key in the other entity's table. Concatenated primary keys are used. 20. Concerning the creation of tables from an REA diagram, which of the following is false? a) M:N relationships must be implemented as separate tables. b) 1:N relationships are implemented with the primary key of the 1 side becoming a foreign key on the N side. c) 1:1 relationships are implemented with the primary key of either entity included as a foreign key in the table representing the other entity. d) All of the above are true 21. M:N relationships must be implemented a) b) c) d) As separate tables With concatenated primary keys Both A and B Neither A nor B 22. Which of the following is not part of a "final accuracy check" when creating relational tables from an REA diagram? a) b) c) d) Every attribute in every table is single-valued (i.e., each table is a flat file). Every event must be linked to at least one resource. Every table must have a primary key. Other non-key attributes in each table must be either a fact about the thing designated by the primary key or foreign keys used to link that table to another table. 23. When comparing REA diagrams used to design an AIS with a traditionally designed AIS, a) b) c) d) Traditional AIS information, such as journals and ledgers no longer exist. Similar information is present as in a traditional AIS but stored in a different format. Queries are used to input data into the AIS. An REA designed AIS cannot recreate a traditional journal. 24. Concerning the use of REA diagrams to retrieve information from a database: a) Although neither journals nor ledgers appear explicitly in an REA diagram, each can be created through appropriate queries. b) The information normally found in a journal is contained in the tables used to record data about events. c) Much of the information about an organization’s assets that is traditionally recorded in ledgers is stored in resource tables in an REA-based relational database. d) All of the above 25. Much of the information about an organization’s assets that is traditionally recorded in ledgers is stored in ______ tables in an REA-based relational database. a) b) c) d) Account Agent Event Resource 26. In an REA-based relational database, the information normally found in a _______ is contained in the tables used to record data about _______. a) b) c) d) Journal, events. Journal, resources. Ledger, events. Ledger, resources. 27. Concerning REA models, which of the following is false? a) Many financial statement accounts are represented as resources in the REA model. b) Accounts such as Accounts Receivable show up as entities in the REA model. c) Some accounts represent an imbalance between two related events in the REA model. d) Much of the information about an organization’s assets that is traditionally recorded in ledgers is stored in resource tables in an REA-based relational database. 28. Because information about temporal imbalances between two _________, such as accounts receivable and accounts payable, is needed so frequently, such calculated values are sometimes stored as _________ in the appropriate tables. a) b) c) d) Events, agents. Events, attributes. Resources, agents. Resources, attributes. 29. Concerning the generation of financial statements from an REA-based relational database, which of the following is false? a) It is possible to use a completed REA diagram to guide the writing of queries to produce the information that would be included in financial statements. b) Many financial statement items can be displayed by querying a single table. c) It is unnecessary to understand the REA data model to know which tables need to be included in each query to generate the correct answers to financial statement questions. d) A major advantage of the REA data model is that it integrates non-financial and financial data. 30. In comparing the REA model to the traditional AIS, which of the following is false? a) Traditional AISs contain only data about the financial aspects of transactions. b) A major advantage of the REA data model is that it integrates non-financial and financial data in the AIS and makes both types of data easily accessible to management. c) In the REA model, many financial statement items can be displayed by querying a single table. d) Accounts in the traditional AIS are analogous to resources in the REA-based relational database. 31. The majors benefits of using the REA model as the basis for designing an AIS include all of the following except: a) The REA data model integrates non-financial and financial data in the AIS b) The REA data model makes both non-financial and financial data easily accessible to management. c) The REA data model provides the basis for building the kind of flexible AIS that is responsive to management’s changing information needs, d) The REA data model reduces the need for accountants to understand the underlying accounting journals and ledgers. 32. Technological changes a) b) c) d) Do not change the mechanics of accounting procedures. Have little effect on accounting process. Do not change the need for management reports and financial statements. Are more easily adapted using traditional AIS models. 33. REA data modeling a) b) c) d) Can be used only to model financial data. Can provide accountants with a method for more easily adapting the AIS to respond to change. Is an example of a traditional accounting concept. Is just a fancy way of doing E-R diagramming. 34. Concerning REA diagrams for individual transaction cycles, which of the following is false? a) They depict basic give-to-get economic duality relationships b) They usually provide only a partial view of resources c) They need to be combined in order to provide a comprehensive enterprise-wide data model. . d) They show both how resources are acquired and how they are used 35. Concerning enterprise-wide REA diagrams, which of the following is false? a) Merging two or more REA diagrams that contain the same resource entity does not require any changes to the cardinality pairs in the individual diagrams. b) Merging two or more diagrams that contain a common event entity, however, often requires changing the minimum cardinalities associated with the other events to 0, to reflect the fact that the merged event may be connected to any one of several different events, but not to all of them simultaneously. c) The minimum cardinalities associated with agents may also have to be changed to 0. d) All of the above are true 36. Concatenated keys a) b) c) d) Are only needed when combining two or more REA diagrams. Are foreign keys used to implement 1:N or 1:1 relationships. Are multiple attribute keys used to implement 1:M relationships. Are required to implement M:N relationships. 37. Which types of REA entities become separate tables in a relational database? a) b) c) d) Agents Events Resources All of the above. 38. How many tables are needed to implement an REA data model that has six distinct entities, three M:N relationships and four 1:N relationships in a relational database? a) b) c) d) 6 9 11 13 39. How many tables are needed to implement an REA data model that has five distinct entities, two M:N relationships and three 1:N relationships in a relational database? a) b) c) d) 5 7 8 10 40. Which type of relationship cardinality requires the implementation of a separate table? a) 1:0 b) 1:1 c) 1:N d) M:N 41. When combining two REA diagrams by merging common entities, changes in the cardinality of the merged entity is needed when it is a a) b) c) d) Agent Event Relationship Resource 42. Where is information traditionally found in journals stored in an REA database? a) b) c) d) Agent Event Relationship Resource 43. Which table is most likely to have a concatenated key? a) b) c) d) customer sales customer-sales none of the above 44. An REA diagram contains five instances of the Customer entity. How many tables does this require in a relational database? a) b) c) d) one two three four 45. In an REA relational database, traditional ledger information is obtained by querying a) b) c) d) Agents Events Resource All of the above 46. Cardinalities reflect __________ about the organization being modeled and its business practices. a) b) c) d) assumptions opinions facts theories 47. _______ databases are commonly used to support transaction processing. a) b) c) d) Access E-R REA Relational 48. Integrating separate REA diagrams into a single comprehensive enterprise-wide model of the organization, requires understanding what the __________ in each separate diagram reveal about the organization's business policies and activities. a) b) c) d) cardinalities data events transactions 49. When merging redundant resource entities into a new REA diagram, a) b) c) d) Common resources are placed between the events that affect them. Each resource is connected to two agents that either increase or decrease it. Resources are duplicated to show the give and get of economic duality relationships. None of the above. 50. The five rules for drawing an integrated REA diagram a) Help develop a correct REA diagram b) Are used as check figures to validate the accuracy of a completed REA diagram. c) Both d) None of the above SHORT ANSWER 51. What kinds of databases can the REA data model be used to design? 52. In order to integrate separate REA diagrams into an integrated organizational REA model, what must the designer understand? 53. List the five rules for drawing integrated REA diagrams. 54. What is a concatenated key? 55. What are the three steps to implementing an REA diagram in a relational database? ESSAY 56. Explain a completeness check. 57. Explain where in the REA model you can find the information normally found in a ledger. 58. Explain where in the REA model you can find the information normally found in a journal. 59. What are the advantages of the REA data model over the traditional AIS model? ANSWER KEY 1. D 2. A 3. B 4. B 5. B 6. C 7. C 8. C 9. A 10. B 11. D 12. C 13. D 14. B 15. B 16. C 17. C 18. D 19. A 20. D 21. C 22. B 23. B 24. D 25. D 26. A 27. B 28. B 29. C 30. D 31. D 32. C 33. B 34. D 35. D 36. D 37. D 38. B 39. B 40. D 41. B 42. B 43. C 44. A 45. D 46. C 47. D 48. A 49. A 50. C 51. The REA data model can be used to design both relational and object-oriented databases. 52. The designer must understand what the cardinalities in each separate diagram reveal about the organization’s business policies and activities. 53. Every event must be linked to at least one resource. Every event must be linked to two agents who 54. 55. 56. 57. 58. 59. participate in that event. Every event that involves the disposition of a resource must be linked to an event that involves the acquisition of a resource. (This reflects the economic duality underlying “give-to-get” economic exchanges.) Every resource must be linked to at least one event that increments that resource and to at least one event that decrements that resource. If a specific event, referred to as the focal event, can be linked to more than one other type of event, but cannot be linked simultaneously to all of those other events, then the minimum cardinality between that focal event and every other event with which it may be associated must be 0. A concatenated key is a multiple-attribute primary key, general used for M:N relationships. Create a table for each distinct entity in the diagram and for each many-to-many relationship. Assign attributes to appropriate tables. Use foreign keys to implement one-to-one and one-tomany relationships. The list of attributes that users and management want included in the database provides a means to check and validate the implementation process. Every attribute in that list should appear in at least one table, as either a primary key or “other” attribute. Checking this list against the table column names may reveal not only the fact that a particular attribute has not been assigned to the appropriate table in the database but may even indicate the need to modify the REA diagram itself. In traditional AISs, ledgers are master files that contain cumulative information about specific accounts. In a relational database designed according to the REA data model, resource and agent entities contain permanent information that is carried over from one fiscal year to the next. Thus, much of the information about an organization’s assets that is traditionally recorded in ledgers is stored in resource tables in an REAbased relational database. In traditional AISs, journals provide a chronological listing of transactions. In a relational database designed according to the REA data model, event entities store information about transactions. Thus, the information normally found in a journal is contained in the tables used to record data about events. For example, each row in the Sales event table contains information about a particular sales transaction. Thus, a sales journal can be produced by writing a query that displays the appropriate entries in the sales table for a given period. In a similar manner, queries of the Order Inventory event and Cash Disbursements event tables can be used to generate purchases and cash disbursements journals. A major advantage of the REA data model is that it integrates non-financial and financial data in the AIS and makes both types of data easily accessible to management. In contrast to the REA data model, the general ledger in traditionally designed AISs uses the chart of accounts to store and organize data based on the structure of financial statements. Consequently, traditional AISs contain only data about the financial aspects of transactions. Other information that may be of use to management, such as the time of day a sale occurred or the reason why a customer was purchasing a specific item, would have to be stored in a separate database or information system. The existence of separate systems makes it more difficult for management to easily and quickly access the information it needs. It also provides opportunities for data entry errors to create inconsistencies between systems, thereby reducing the utility of any reports that are generated. Thus, a major benefit of using the REA model as the basis for designing an AIS is the ability to easily integrate information that traditionally appears in financial statements with other, non-financial information necessary to effectively manage operations and evaluate performance. It is vitally important that an organization’s AIS be capable of storing both traditional financial measures and other operational performance measures. Chapter 17 MULTIPLE CHOICE 1. Explicitly identifying the different employees who participate in each event by their job functions is helpful when verifying a) Internal controls. b) Job descriptions. c) Proper supervision. d) Segregation of duties. 2. Many companies sell software, music, or digital photographs over the Internet. They give up a digital copy of those resources, but not the actual resource itself. How will this company's REA model differ from those selling traditional inventory? a) These companies do not need an Inventory table. b) The structure of Inventory table is completely different from that of massproduced merchandise. c) The inventory table is only different in that it doesn't need attributes such as quantity-on-hand, quantity-available, reorder point, and standard reorder quantity. d) The Inventory table need not include information about the standard list price of each item and its description. 3. The minimum cardinality from the Take Order event to the Call on Customer event is _____ and the maximum cardinality is _____. a) b) c) d) 0;0 0;1 1;0 1;1 4. The relationship between the Fill Customer Order and Ship Order events is 1-1. The minimum cardinalities reflect the fact that the two events are sequential. a) b) c) d) 0:N 1:1 1:N M:N 5. Sales order number is most likely to be a foreign key in: a) Call on Customers b) Fill Customer Order c) Ship Order d) Take Customer Order 6. Sales order number is most likely to be a primary key in: a) Call on Customers b) Fill Customer Order c) Ship Order d) Take Customer Order 7. Customer number is least likely to be a foreign key in: a) Call on Customers b) Customers c) Fill Customer Order d) Take Customer Order 8. Picking ticket number is most likely to be a primary key in: a) Call on Customers b) Fill Customer Order c) Ship Order d) Take Customer Order 9. Picking ticket number is most likely to be a foreign key in: a) b) c) d) Call on Customers Customers Fill Customer Order Ship Order e) Take Customer Order 10. In an REA model, rental transactions differ from sales transactions in that a) b) c) d) Each rental has a part number. Each rental has a unique serial number Rental transactions require completely different REA models than sales transactions. All of the above. 11. Concerning the relationship from the Rent Item to the Receive Cash event: The minimum cardinality is______ because customers typically pay first, prior to taking possession of the item. The maximum cardinality is _____ because there may be additional charges imposed when the item is returned. a) 0,1 b) 1,1 c) 1,N d) N,M 12. The relationship between the Rent Item and Return Item events is ____. a) b) c) d) 13. 0:N 1:1 1:N M:N Which of the following is an example of an additional event that larger organizations might want to include in their REA models? a) Purchase requests b) Purchase orders c) Sales d) None of the above 14. Concerning cost data, which of the following is false? a) Cost information is stored in several tables. b) Standard cost is stored as an attribute of the Inventory table because it is the same for all units of a given inventory item for a fiscal year. c) In contrast, the actual cost of inventory is stored in the Inventory-Order_Goods table because purchase prices can vary over time. d) Actual cost can be stored as an attribute of the Inventory table for organizations using LIFO or FIFO. 15. Which is the most likely primary key for the Inventory—Request_Goods table? a) b) c) d) Product number Product number - Purchase order number Product number - Purchase requisition number Purchase requisition number 16. Which is the most likely primary key for the Pay for Goods table? a) b) c) d) Cash transaction number Check number Receiving report number Receiving report number, check number 17. Concerning the sale of services, the minimum cardinality from the Sales event to the Services entity is ____. However, the minimum cardinality from the Sales event to the Inventory Resource is ____. a) 0;0 b) 0;1 c) 1;0 d) 1;1 18. The REA model for sale of services includes relationships between the Sales event and both the Services and Inventory Resource entities. The nature of the cardinality of those relationships depends on the specific business, but usually both relationships will be modeled as being _____because most businesses provide the same types of services to many different customers, using standard mass-produced parts. a) b) c) d) 0:N 1:1 1:N M:N 19. M:N agent-event relationships occur whenever an activity is performed by _________ employee and management wants to retain the ability to monitor _________ performance. a) More than one, group b) More than one, individual c) One, group d) One, individual 20. Most locations, such as Warehouse or Financial Institution, will have a minimum cardinality of a) b) c) d) 0 1 M None of the above 21. Since, the same inventory items may be stored in several different warehouses, hence the maximum cardinality from Inventory to Warehouses is ____ and the minimum cardinality from the Inventory resource to Warehouses may be ____. a) b) c) d) 0; N N; 0 1; N M; N 22. Relationships between resources and agents, such as the Inventory Resource entity and the Supplier Agent entity, reflect the common best practice of identifying preferred and alternative suppliers for specific inventory items. Similar relationships between resources and employees can be used to model __________ and __________. a) b) c) d) Cost; revenue Performance; behavior Responsibility; accountability Segregation of duties; internal control 23. Warehouse number is most likely to be a foreign key in: a) b) c) d) Order Goods Pay for Goods Receive Goods Warehouse 24. Supplier number is least likely to be a foreign key in: a) b) c) d) Order Goods Pay for Goods Receive Goods Warehouse 25. Financial institution number is most likely to be a foreign key in: a) b) c) d) Cash Pay for Goods Receive Goods Warehouse 26. The cardinality pair from the Financial Institution entity to the Cash resource has a ___ minimum and an ___ maximum because companies will probably only keep information about financial institutions with which they have accounts but may have more than one account at the same financial institution. a) b) c) d) 0; N 0; 1 1; N M; N 27. Supplier number is most likely to be a foreign key in: a) b) c) d) Inventory—Request_Goods Receive Goods Supplier Warehouse 28. In the HR REA M/payroll diagram, the __________ entity is linked to almost every other entity in the diagram. a) Employee b) Job title c) Payroll d) Worker I.D. 29. In the human resources REA model, the relationship between Skills and Employees is modeled as a) b) c) d) 0:N 1:1 1:N M:N 30. The __________ entity stores much of the data typically found in the employee (payroll) master file: a) b) c) d) Accounting Employee HR Payroll 31. In the human resources REA model, the relationship between the Employees and Training is a) b) c) d) 1:1 1:N M:N None of the above 32. The ______ relationship between Skills and Recruiting reflects the fact that each advertisement may seek several specific skills and that, over time, there may be several advertisements for a given skill. a) b) c) d) 1:1 1:N M:N None of the above 33. The Interview event stores detailed data about each job interview. It is linked to the Hire Employees event in a(n) _____ relationship. a) b) c) d) 1:1 1:N M:N None of the above 34. Concerning the issuance of debt, the cardinality of the relationship from the Disburse Cash event to the Issue Debt event has a _____ maximum. a) b) c) d) 0 1 M None of the above 35. Concerning the issuance of debt, the cardinality of the relationship from the Disburse Cash event to the Issue Debt event has a _____ minimum. a) b) c) d) 0 1 M None of the above 36. The cardinality pair from the Order Goods event back to the Request Goods event also has a ___ minimum and ___ maximum. a) 0,1 b) 0,N c) 1,N d) N,M 37. The cardinality pair from the Request Goods event to the Order Goods event has a minimum cardinality of ____ and a maximum of ____. a) 0,1 b) 0,N c) 1,N d) N,M 38. The relationship between the Disburse Cash and Issue Stock events is modeled as being a) b) c) d) 1:1 1:N M:N None of the above 39. Concerning the relationship between the Disburse Cash and Issue Stock events the minimum cardinalities are (respectively) a) 0;0 b) 0;1 c) 1;0 d) 1;1 40. The relationship between the Acquire Services and Disburse Cash events is modeled as ____ to reflect the common situation in which the organization obtains the use of a specific service for a particular period of time and makes a payment each month for the services it acquired and used that month. a) b) c) d) 1:1 1:N M:N None of the above 41. Concerning tracking employee time, it is not necessary to link the Track Time Used entity to specific business events, however, but doing so facilitates a) evaluating performance at a very detailed level b) general performance evaluation c) evaluating the quality of the services d) All of the above are true 42. An REA diagram for the production cycle, models the relationships between the Job Operations event and the Job Operations List entity, and between the Machine Operations event and the Machine Operations List entity, as being (respectively) a) b) c) d) 1:1; 1:1 1:N; 1:N M:N; M:N 1:N; M;N 43. Data about actual raw materials used in production is stored in the __________ entity. a) b) c) d) Finished goods Raw materials Raw materials issuance Work-in-process 44. The _________ entity is used to collect and summarize data about the raw materials, labor, and machine operations used to produce a batch of goods. a) b) c) d) Finished goods Raw materials Raw materials issuance Work-in-process 45. In the table called Perform Machine Operations, which is the likeliest primary key? a) Equipment number b) Job Operation number c) Machine Operation Number d) Machine Operations List Number 46. Employee number is most likely to be a foreign key in: a) b) c) d) Perform Job Operations Perform Machine Operations Machine Operations List Work in Progress 47. W-I-P job number is least likely to be a foreign key in: a) b) c) d) Perform Job Operations Perform Machine Operations Issue Raw Materials Machine Operations List 48. There are four main events of interest included in a typical production cycle REA diagram. Which of the following is not one of them? a) Issuance of raw materials b) Use of general and administrative expenses c) Use of labor in production d) Use of machinery and equipment in production 49. One of the benefits of an integrated enterprise-wide data model is that a) Auditors can use it to guide the development of queries to validate the completeness and accuracy of transaction processing. b) Journals and ledgers will be more accurate than in a traditional AIS data model. c) Workers can understand information flows better. d) All of the above 50. An REA diagram for the production cycle would likely show _____ relationships between the Bill of Materials entity and both the Raw Materials and Finished Goods entities. a) b) c) d) 1:1 1:N M:N None of the above SHORT ANSWER 51. What four main events of interest are included in a typical production cycle REA diagram? 52. Give an example of an M:N Agent-Event relationship 53. Why is the event Issue Debt often modeled as a separate event entity? 54. Why might an REA diagram show relationships between agents? 55. Why might an REA diagram show relationships between resources and agents? ESSAY 56. Why is cost information stored in several relational tables? 57. What are the benefits of an integrated enterprise-wide data model? 58. Describe the relationships between Recruiting event and Skills, and between Recruiting event and Job Applicants. ANSWER KEY 1. D 2. C 3. B 4. B 5. B 6. D 7. B 8. B 9. D 10. B 11. C 12. B 13. A 14. D 15. C 16. B 17. C 18. D 19. B 20. A 21. B 22. C 23. C 24. D 25. A 26. C 27. B 28. A 29. D 30. B 31. C 32. C 33. B 34. B 35. A 36. B 37. B 38. C 39. A 40. A 41. A 42. B 43. C 44. D 45. C 46. A 47. D 48. B 49. A 50. B 51. 1 Issuance of raw materials. 2 Use of labor in production. 3 Use of machinery and equipment in production. 4 Production of new finished products. 52. Some deliveries are so large that several employees must work together to unload and store the 53. 54. 55. 56. 57. 58. items. M:N agent-event relationships occur whenever an activity is performed by more than one employee, yet management wants to retain the ability to monitor each individual’s performance. The event Issue Debt is a special kind of cash receipt. It is often modeled as a separate event entity because it contains distinctly different attributes from those associated with cash receipts that arise from the Sales event, such as the face amount of debt issued, total amount received, date issued, maturity date, and interest rate. Relationships between internal agents may be created to model lines of responsibility. Relationships between internal and external agents can also occur. For example, some organizations that provide primarily services, such as banks and insurance companies, may assign customers to specific employees who are responsible for effectively managing the overall quality of the ongoing association with each customer. Relationships between external agents are rare but may sometimes be implemented to satisfy the requirements for a well-structured database. For example, the REA model for the expenditure cycle includes a relationship between the Inventory Resource entity and the Supplier Agent entity. This relationship reflects the common best practice of identifying preferred and alternative suppliers for specific inventory items. Similar relationships between resources and employees can be used to model responsibility and accountability. Cost information is stored in several tables. Standard cost is stored as an attribute of the Inventory table because it is the same for all units of a given inventory item for a fiscal year. In contrast, the actual cost of inventory is stored in the Inventory- Order_Goods table. This reflects the fact that purchase prices can vary over time. By storing the cost of each order with the quantity purchased, the system can calculate the actual cost of ending inventory and the cost of goods sold according to any accepted inventory valuation method (LIFO, FIFO, weighted-average, or specific identification). If, on the other hand, actual cost were stored as an attribute of the Inventory table, it would necessitate using the weighted-average method because all units of a given inventory item would be assigned the same cost. In addition, cost data would be available only in this format; it would be impossible to compute alternative values for inventory because the detailed data about the cost associated with each purchase would not be stored in the database. One of the benefits of an integrated enterprise-wide data model is that auditors can use it to guide the development of queries to validate the completeness and accuracy of transaction processing. In contrast, an integrated, enterprise-wide data model provides greater flexibility for analyzing data. Creating an integrated, enterprise-wide data model also facilitates the amalgamation of financial and non-financial information in the same database. Effective integration of financial and nonfinancial data also results in improved internal reporting. It can also significantly improve the support provided for managerial decision-making. The Recruiting event entity stores data about activities performed to notify the public of job openings. The data recorded in this entity are useful for documenting compliance with employment laws and also for evaluating the effectiveness of various methods used to announce job opportunities. The M:N relationship between Skills and Recruiting reflects the fact that each advertisement may seek several specific skills and that, over time, there may be several advertisements for a given skill. The relationship between the Recruiting event and Job Applicants is modeled as being M:N because many people typically apply for each job opening, but a given individual may also respond to more than one recruiting event. Also, more than one employee may participate in each recruiting event, and, over time, a given employee may participate in many such events. CH 18 MULTIPLE CHOICE 1. Organizations continually face the need for new, faster, and more reliable ways of obtaining information. One reason why companies change their systems is to increase quality, quantity, and the speed with which information can be accessed and processed. Such an improvement may result in an improved product or service and may help lower costs. This change is referred to as a(n) a) b) c) d) competitive advantage improved business process productivity gain technological change 2. An antiquated information system used by an office supply manufacturer caused customer dissatisfaction since it took two days to process a telephone order. After the system was upgraded and redesigned, the time to process a telephone order was reduced to three minutes. This is a prime example of a) b) c) d) a competitive advantage. a technological change. an improved business process. growth. 3. What is the correct sequence of the phases in the systems development life cycle? a) conceptual design, physical design, system analysis, implementation and conversion, and operations and maintenance b) conceptual design, system analysis, physical design, implementation and conversion c) system analysis, conceptual design, physical design, implementation and conversion, and operations and maintenance d) system analysis, physical design, conceptual design, and operations and maintenance 4. In which phase of the systems development life cycle are the broad needs of the users converted into detailed specifics that are coded and tested? a) b) c) d) conceptual design implementation and conversion physical design systems analysis 5. In which phase of the systems development life cycle are the new hardware and software for a system tested? a) b) c) d) conceptual design implementation and conversion operations and maintenance physical design 6. Which of the following activities is performed during the systems development life cycle? a) b) c) d) assessing the ongoing feasibility of the project managing the behavioral reactions to change planning All of the above activities are performed during the life cycle. 7. Which group of individuals listed below can be the most effective in generating employee support and encouraging the development and acceptance of an AIS project? a) b) c) d) accountants information systems steering committee management project development team 8. Which group listed below has responsibility for ensuring that the new AIS will meet the needs of users? a) b) c) d) accountants the information system steering committee the project development team the system analysts and programmers 9. Who is responsible for preparing the specifications that are used to create the programs? a) b) c) d) management programmers systems analysts the information systems steering committee 10. Whether systems changes are major or minor, most companies go through a system development life cycle. How many steps are there in this cycle? a) b) c) d) 2 3 4 5 11. One step in the systems development life cycle (SDLC) identifies and evaluates design alternatives and to develop design specifications. This step is called a) b) c) d) conceptual design. implementation and conversion. physical design. systems analysis. 12. In which step of the SDLC do all of the elements of the system come together? a) b) c) d) conceptual design implementation and conversion physical design systems analysis 13. What is the role of the information systems steering committee? a) It is a team of systems specialists, managers, accountants, and auditors that guides project development. b) Since AIS development spans functional and divisional boundaries, an executive-level group is established to plan and oversee the IS function. c) The group takes an active role in designing system controls and periodically monitoring and testing the system to verify the controls are implemented and functioning properly. d) None of the descriptions above are appropriate. 14. Which group of professionals is responsible for planning and monitoring a project to ensure timely and cost-effective completion? a) b) c) d) information systems steering committee management project development team system analysts 15. All of the following are benefits of planning and managing systems development with the exception of a) b) c) d) controlling costs ensuring that the system is consistent with the organization's goals. guaranteeing use of the system helping keep the organization abreast of technological change 16. In which plan is the prioritized list of projects contained? a) b) c) d) project development plan scheduled project plan the master plan all of the above 17. What is the planning horizon for the master plan? a) b) c) d) one year three years five years seven years 18. What is the basic building block of information systems planning? a) b) c) d) the master plan the project development plan systems analysis adaptability 19. A planning horizon of at least __________ years is reasonable for any master plan; however, the plan should be updated at least __________ each year. a) b) c) d) 3; twice 5; twice 7; once 5; once 20. __________ requires that all activities and the precedent and subsequent relationships among them be identified. a) b) c) d) CASE The Gantt chart The PERT diagram The SDLC cycle 21. A network of arrows and nodes representing project activities that require an expenditure of time and resources and the completion of initiation of activities, respectively, is called a) b) c) d) a Gantt chart. a PERT diagram. a SDLC cycle. CASE. 22. Which planning technique does not show the relationships among various activities? a) b) c) d) Gantt chart PERT the critical path method VAN 23. In which phase of the systems development life cycle is the feasibility study first performed? a) b) c) d) conceptual design implementation and conversion physical design system analysis 24. A federal law demands that certain information about foreign customers should be maintained in the information system. In which part of a feasibility study should this requirement be considered? a) b) c) d) economic feasibility legal feasibility operational feasibility technical feasibility 25. Which of the following parts of a feasibility study is generally considered the most important and is frequently re-analyzed? a) b) c) d) economic feasibility operational feasibility scheduling feasibility technical feasibility 26. What is the basic model used to create a framework for economic feasibility analysis? a) b) c) d) the capital budgeting model the cash budgeting model the cost/benefit model All of the above models are used to create a framework. 27. What is most difficult item to quantify when assessing economic feasibility? a) b) c) d) benefits costs Costs, benefits, and the payback period are all of equal difficulty. the payback period 28. When using the payback method to determine economic feasibility of projects, the company usually accepts the project with the a) b) c) d) longest payback period. mid-range payback period. payback period that is equal to the project's economic life. shortest payback period. 29. Systems development planning is an important step in the SDLC for a number of reasons. When management is better prepared for future resource needs and employees are better prepared for the changes that will occur, it can be said that the systems development planning has a) b) c) d) adaptability. attained lower costs. consistency. reached a level of efficiency. 30. What is another name for a feasibility study? a) b) c) d) a business case a Gantt chart an executive summary PERT 31. There are several important aspects to be considered during a feasibility study. The aspect that asks the question, "Can people use the system and will they use it?" is called a) b) c) d) economic feasibility. operational feasibility. scheduling feasibility. technical feasibility. 32. The question of economic feasibility is important when designing and implementing a new system. Accountants can contribute to feasibility study analysis by evaluating cost savings and other benefits versus operating costs and other cash outflows. This is better known as a) b) c) d) the "best guess" model of benefit analysis. the "value added" benefit model. the capital budgeting model. the estimated benefits model. 33. It is appropriate to develop several different design approaches to meeting system requirements for a project. Capital budgeting techniques are used to evaluate the economic merits of each alternative. The technique where estimated future cash flows are discounted back to the present is referred to as a) b) c) d) the future value method. the internal rate of return. the net present value method. the payback method. 34. The type of resistance in which data are erroneously entered into a system is called a) b) c) d) acceptance. aggression. avoidance. projection. 35. Continuing to use a manual system instead of the new AIS is a form of resistance known as a) b) c) d) acceptance. aggression. avoidance. projection. 36. To minimize adverse behavioral reactions, the organization must first understand why resistance to change occurs. One behavioral problem occurs when there is insufficient explanation of why a change must take place. This type of problem falls into the general category of a) b) c) d) communication. natural resistance to change. the manner in which the change is introduced. top management support of change. 37. Major resistance to change takes one of several forms. What is the name of the form of resistance where the new system is blamed for any and every unpleasant occurrence? a) b) c) d) aggression avoidance procrastination projection 38. To minimize adverse behavioral reactions, the organization must first understand why resistance to change occurs. One behavioral problem occurs when there is insufficient explanation of why a change must take place. In order to curtail this resistance from occurring within the organization, what guideline should be implemented and followed? a) b) c) d) attempt to meet the users' needs avoid emotionalism keep communication lines open keep the system simple 39. A good rule to follow is "Avoid complex systems that cause radical changes." What expression is used to describe this system design rule? a) b) c) d) humanize the system keep the system simple present the system in its proper context test the system's integrity 40. During what step in systems analysis is an examination made of each development activity to define the problem to be solved? a) information needs and systems requirements b) the feasibility study c) the initial investigation d) the systems survey 41. When is a proposal to conduct a systems analysis prepared? a) b) c) d) after a written request for systems development is prepared after the development team completes the survey of the existing AIS after the initial investigation of the project is approved before the initial investigation 42. During which phase of systems analysis does modeling of the existing system occur? a) b) c) d) information needs and system requirements the feasibility study the initial investigation the systems survey 43. Which data-gathering approach is most helpful when the information to be gathered deals with question: "Why?" a) b) c) d) interviews observation by the analyst questionnaires system documentation 44. Which method of data gathering is most likely to result in information that represents the personal biases and opinions of the person giving the information? a) b) c) d) a questionnaire an interview observation by the analyst system documentation 45. When the information is brief and well defined, which is the best data-gathering approach to use? a) b) c) d) a questionnaire an interview observation by the analyst system documentation 46. Which is the best data-gathering approach to use when information must be obtained from many different people? a) b) c) d) a questionnaire an interview observation by the analyst system documentation 47. The __________ method of gathering information helps to determine how a system actually works. a) b) c) d) interview observation questionnaire system documentation 48. The __________ method of gathering information helps to determine how a system should work. a) b) c) d) interview observation questionnaire system documentation 49. What are the best strategies for determining system requirements? a) analyze existing systems, ask users what they need, prototyping, and monitoring b) ask users what they need, analyze existing systems, develop concept of new system, and prototyping c) ask users what they need, analyze existing systems, examine existing system utilization, and prototyping d) ask users what they need, analyze existing systems, examine existing system utilization, and develop concept of new system 50. How frequently should an AIS be monitored and any minor modifications be made to it? a) b) c) d) annually continuously when technology changes when the competition changes its systems 51. When would a company go through a systems development life cycle? a) only when major changes are needed b) only when minor changes are needed c) Usually a company only goes through one complete systems development life cycle, after which the only phase that is repeated is the operations and maintenance phase. d) whenever minor or major changes are needed 52. What report serves as a repository of data from which systems designers can draw information? a) b) c) d) the executive steering committee report the initial investigation report the systems analysis report the systems survey report 53. Which group is responsible for preparing a systems analysis report? a) b) c) d) computer analysts management the project development team the steering committee 54. Proper systems analysis is a five-step process. What is the step in which analysts conduct an extensive study of the present system to gain a thorough understanding of how it works? a) feasibility study b) information needs and requirements c) systems analysis report d) systems survey 55. The question of what the project should and should not accomplish is determined in what step of systems analysis? a) b) c) d) feasibility study initial investigation systems analysis report systems survey 56. A method used to gather information about an existing system is to make a model of it. There are several approaches to modeling in systems analysis. Logical modeling a) b) c) d) comes only after a physical model of the existing system is created. describes how a system should work, rather than how it actually works. illustrates how a system functions by describing the flow of documents and computer processes. illustrates what is being done, regardless of how that flow is actually accomplished. 57. It is important for the systems analyst to determine AIS system objectives so that everyone involved can focus on the elements most vital to the system's success. The __________ objective states that crucial information should be produced first and then less important items as time permits. a) b) c) d) flexibility reliability timeliness usefulness 58. One strategy used by systems analysts is prototyping. What is this? a) making an internal and external review of the system to be analyzed b) making an internal and external review of the system to be analyzed, noting that users may not use the existing AIS as intended c) simply asking users what they need d) when it is difficult to identify a usable set of requirements, a developer can quickly "rough" out a system for users to critique SHORT ANSWER 59. Identify the main reasons why companies change existing systems? 60. Name the five phases of the systems development life cycle. 61. What are the three other main activities performed during the SDLC? 62. Who makes up the project development team and what is the team's purpose? 63. What are the five phases of systems analysis? 64. What are the objectives of a system survey? 65. What four strategies can be used for determining user requirements? 66. Identify and briefly discuss the points at which a "go/no go" decision is made in the systems analysis process. 67. What is the physical design stage of the systems development life cycle? 68. What is the importance of the master plan in systems development? ESSAY 69. Discuss the role of the groups that influence the development and implementation of an AIS. 70. What is economic feasibility analysis? What techniques are used in economic feasibility analysis? 71. Discuss the relative advantages and disadvantages of the four different methods for gathering data during a systems survey. 72. Discuss the aspects that must be considered during a feasibility study. 73. What are some of the reasons why behavioral problems occur when a new AIS is introduced? ANSWER KEY 1. A 2. C 3. C 4. C 5. B 6. D 7. C 8. D 9. C 10. D 11. A 12. B 13. C 14. C 15. C 16. D 17. B 18. B 19. A 20. C 21. B 22. A 23. D 24. B 25. A 26. B 27. A 28. D 29. A 30. A 31. B 32. C 33. C 34. B 35. C 36. A 37. D 38. C 39. B 40. C 41. C 42. D 43. A 44. B 45. A 46. A 47. B 48. D 49. C 50. B 51. D 52. C 53. C 54. D 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. B D C D Changes in user needs or business needs due to growth, consolidation, a merger, new regulations, or changes in regional and global relationships. Technological changes due to advances, improvements, and lower costs. Improvement of business processes to eliminate inefficiency. Competitive advantage from increased quality, quantity, and speed of information will result in an improved product to be sold at a lower price. Productivity gains that automate clerical and repetitive tasks and decrease performance time. Outgrowing old systems requires upgrades or the installation of completely new systems. Downsizing - moving from mainframes to networked PCs to get a better price/performance ratio. Systems age and need to be replaced. Five phases - systems analysis, conceptual design, physical design, implementation and conversion, and operations and maintenance. Other main activities - planning the change, managing the behavioral reactions to change, and assessing the ongoing feasibility of the project The project development team includes systems specialists, managers, accountants, internal auditors, and users. The project development team's duties include planning each project, monitoring it to ensure timely and cost-effective implementation, properly introducing changes after considering the human element, and communication with the top management and the steering committee at all steps in the process. Initial investigation of each development activity to define the problem to be solved. Systems survey to study the present system and gain a thorough understanding of how it works. Feasibility study with special focus on the economic feasibility of the project. Information needs and system requirements which will identify the needs of users and determine the objectives of the new system. Systems analysis report which provides management with the findings of the analysis phase. Analyze existing operations, policies and procedures, and data and information flow to gain a thorough understanding of the current system including its strengths and weaknesses. Make a preliminary assessment of current and future processing needs, and determine both the extent and nature of the changes that are needed. Develop relationships with users and build coalitions to gain support for the AIS. Collect data that identify user needs, conduct a feasibility analysis, and make recommendations to the management . Ask users what they need. Analyze existing systems. Examine existing system utilization. Create a prototype. There are three points at which a "go/no go" decision can be made during systems analysis. The first point is during the initial investigation, in which a decision will be made whether to conduct a systems survey. The second point is at the end of the feasibility study, at which point a decision will be made whether to proceed to the information requirement stage. The third (and last) point is at the completion of the analysis phase, which is the point at which a decision is rendered about whether to proceed to the design phase. The physical design stage of the systems development life cycle (SDLC) is the third of five stages in the lifecycle, coming after the systems analysis and conceptual design stages. In this stage of the SDLC, input, output, and database attributes are designed, as well as various controls. Programs and procedures are developed during this stage as well. A final part of this stage is the delivery of the developed system, which will be further enhanced during the implementation and conversion stage of the SDLC. A master plan is a long-range planning document specifying the components of the system, how the system will be developed, who will do the developing, how resources will be acquired for development, and the direction the AIS will take into the future. The document should give a status of projects already in process, prioritize them, describe criteria for prioritization and provide a timetable for their development. A master plan should span a time period of three years, and it should be updated at least two to three times each year. Management - support from management is crucial in successful development and implementation of an AIS. Any actual or perceived lack of support from management may cause skepticism and a lack of "buy in" from employees. Accountants - determine the user requirements and communicate to system developers; members of the project development team; design system controls and monitor and test the system. Accountants can also help in assessing and tracking costs of projects. Information systems steering committee - a cross-functional, executive-level team that champions the project and is responsible for high-level support of the project. Sets policies that govern AIS systems analysts - study existing systems, design new ones, and prepare system specifications for computer programmers. Systems programmers - write computer programs based on specifications and requirements created by the system analysts. External players - customers, vendors, auditors, and regulations from governmental entities influence design of an AIS. 70. The capital budgeting model is used as the foundation for economic feasibility analysis. In this model, cost savings and other (even intangible) benefits, as well as initial outlay costs, operating costs, and other cash outflows are quantified in terms of dollars and cents. The tangible and intangible benefits include cost savings; improved customer service, overall increased productivity; improved decision making and data processing; better management control; and increased job satisfaction and employee morale. The costs include: software acquisition; design; programming; testing; documentation and maintenance costs; site preparation; and human resource costs such as hiring, testing, and relocation. The capital budgeting model is used as a framework for economic feasibility analysis. The three techniques that are used are: -- Payback period: The number of years for the net savings to recover the initial costs of the investment is calculated. A project with the shortest payback period is preferable under this method. -- Net Present Value (NPV): A discount rate representing the time value of money is used to discount all future cash flows to the present. The initial outlay costs are deducted from discounted cash flows to obtain net present value. A positive NPV indicates favorable economic feasibility. -- Internal Rate of Return (IRR): IRR is the effective interest rate that results in an NPV of zero. This effective interest rate is compared with a company's desired rate of return (sometimes it can be the cost of capital). A project with the highest IRR will be selected when this method is used for evaluation purposes. 71. Interviews: Advantages of this method include: answers to "why" questions; a way to build relationships; analysts can easily probe and ask follow-up questions; and analysts can build acceptance for the project. Disadvantages to interview include: time consumed, expense to conduct, and the information given is subject to personal biases and opinions of those interviewed. Questionnaires: The advantages to using questionnaires are: anonymity from respondents can yield candid answers; much information can be obtained in a short time period; they are generally inexpensive; and a questionnaire gives the respondent time to think about answers, which may produce answers of a high quality. Disadvantages include: lack of any follow up or probing on a personal level; since the questionnaire is anonymous, the analyst cannot clarify questions; sometimes questionnaires are viewed as impersonal, and they may often be ignored or not completed carefully. Observation: Advantages of observation include verification of how systems actually work and better understanding of the system. Disadvantages include: time consumed; they are expensive and difficult to interpret, the observed people may alter their behavior. Systems Documentation. The advantages of system documentation are that such documentation may provide a good description of how the system should work, and generally documentation is easy to read. The disadvantages to system documentation are: that it can be time consuming to obtain and analyze; it may not be available or it may be incomplete; and it may not show how system really works if it has not been maintained on a regular basis. 72. There are five major aspects that must be considered during a systems analysis feasibility study. These five aspects of feasibility are technical, operational, legal, scheduling, and economic. Technical feasibility is asking the question of whether the planned system can be developed and implemented using the technology that exists today. Operational feasibility focuses on the question of whether the organization possesses the human resources capable of designing, implementing, and operating the proposed system, and whether people can actually use the system and will use the system. Legal feasibility deals with issues of federal and state law compliance, administrative agency regulations, and any contractual obligations the company may have. The focus of scheduling feasibility is the question of whether the system can be developed and implemented within the time allotted. Economic feasibility tackles questions of whether the system benefits will outweigh the time, money, and resources used to develop it. These questions are by far the most complex to analyze and answer. Capital budgeting models are used to evaluate the costs versus benefits of a system. The capital budgeting techniques of a payback period, the net present value (NPV) of cash flows, and the internal rate of return (IRR) can be incorporated as part of the economic feasibility component of the feasibility study. 73. Personal characteristics and background of the users involved or impacted by the change. The manner in which change is introduced may have greater impact than the actual change itself. Experience with prior changes that went poorly may make employees wary of new anticipated changes. Any lack of top management support may raise an issue of endorsement for such changes. Communication can be a problem when no explanation is given to employees about a change. Biases and natural resistance to change may occur due to emotional attachments to duties or coworkers. Disruptive nature of the change process can place additional burdens on workers. People may have a fear of the unknown and uncertainty about accompanying changes. CH 19 MULTIPLE CHOICE 1. Which statement below regarding the development of an AIS is false? a) A newly designed AIS always meets user needs for a time period. b) Changes to the AIS are often difficult to make after requirements have been frozen into specifications. c) The development process can take so long that the system no longer meets company needs. d) Users are unable to specify their needs adequately. 2. In which approach to systems acquisition is "inexpensive updates" considered an advantage? a) b) c) d) canned software custom software modified software turnkey software and systems 3. When canned software is used for systems acquisition, the conceptual design phase of the SDLC a) b) c) d) involves a make-or-buy decision. is combined with the physical design phase. is eliminated. is the same. 4. When canned software is used for systems acquisition, the physical design phase of the SDLC a) b) c) d) does not involve designing and coding although modifications may be made. is combined with the conceptual design phase. is eliminated. is the same. 5. When canned software is used for systems acquisition, the implementation and conversion phase of the SDLC a) b) c) d) does not involve the documentation step. does not require the company to have trained IS personnel. does not require the develop and test software step. both A and C above 6. When canned software is used for systems acquisition, the maintenance aspect of the operations and maintenance phase of the SDLC a) b) c) d) is more costly. is not necessary and is eliminated. is usually the responsibility of the vendor. requires trained personnel. 7. Software development companies write commercial software that can be used by a variety of organizations. Sometimes these companies combine both software and hardware together to sell as one package. Such a package is commonly referred to as a) a turnkey system. b) a value-added system. c) an application service package. d) canned software. 8. What is a major problem with "canned software"? a) b) c) d) A commercial software development company has developed it. Canned software is sold on the open market to a broad range of users with similar requirements. Canned software may not meet all of a company's information or data processing needs. Canned software may offer easy availability and lower costs. 9. Which statement is true regarding canned software and the SDLC? a) b) c) d) Canned software cannot be modified to meet unique user needs. Companies that buy rather than develop AIS software can still follow the SDLC process. Most canned software meets all of a company's information or data processing needs. The SDLC process does not apply to canned software. 10. The reasons for __________ are to simplify the decision-making process, reduce errors, provide timesavings, and avoid potential disagreements. a) b) c) d) leasing outsourcing prototyping sending out a request for a proposal 11. Total costs are usually lower and less time is required for vendor preparation and company evaluation when requests for proposal are solicited based on a) b) c) d) exact equipment needs. generalized software needs. specific hardware and software specifications. None of the above are correct. 12. Information given to vendors should include a) b) c) d) a budget for software and hardware. detailed specifications for the AIS. timeframe required for completion of the project. None of the above are correct. 13. The approach that evaluates vendors' systems based on the weighted score of criteria and points totaled is called a) b) c) d) benchmark problem. point scoring. prototyping. requirements costing. 14. The approaches to evaluating proposals that do not incorporate dollar estimates of costs and benefits is known as a) b) c) d) benchmark problem and point scoring. point scoring and requirement costing. requirement costing and point scoring. All methods mentioned above include dollar estimates. 15. It is important for a company to be selective in choosing a software vendor. When a company buys a large or complex system, it may request that a software vendor submit a specific proposal for a system by a specified date. What acronym is used to identify such a request? a) b) c) d) ASP EIS ISP RFP 16. A request for proposal sent to software vendors is an important tool since it can reduce errors. Which statement below supports this reason? a) b) c) d) All responses are in the same format and based on the same information. Both parties possess the same expectations and pertinent information is captured in writing. The chances of overlooking important factors are reduced. The same information is provided to all vendors. 17. A company should carefully evaluate proposals submitted by software vendors. What is the first step a company should take in the proposal evaluation process? a) b) c) d) Carefully compare proposals against the proposed AIS requirements. Determine how much of a given proposal meets the desired AIS requirements. Eliminate proposals that are missing important information or fail to meet minimum requirements. Invite vendors to demonstrate their systems. 18. Among the methods a company can use to help it evaluate software and hardware systems from vendors, one way is to calculate and compare the processing times of different AIS to compare system performance. This is the __________ method. a) b) c) d) benchmark problem mandatory requirements point scoring requirements costing 19. What is a drawback to using the requirements costing method of software and hardware evaluation? a) b) c) d) Dollar estimates of costs and benefits are not included. Intangible factors such as reliability and vendor support are overlooked. The weights and points used are assigned subjectively. There is no drawback to using the requirements costing method. 20. The costly and labor-intensive approach to systems acquisition is a) b) c) d) canned software. custom software. modified software. turnkey software. 21. The least costly approach to systems acquisition is a) b) c) d) canned software. custom software. modified software. prototyping. 22. Which of the following is not appropriate for end user development? a) b) c) d) performing statistical analyses preparing schedules and lists retrieving information from databases updating database records 23. What is the basic function of a help desk? a) b) c) d) develop and implement standards and control data provide hot line assistance and serve as a clearinghouse of information train end users and assist with application development All of the above are basic functions of a help desk. 24. Despite the fact that many good canned software packages are available to organizations today, many organizations develop their own software. What is a reason for such in-house development? a) b) c) d) an organization may have unique requirements canned software packages are often less expensive than software developed in house the organization's size and complexity necessitates the in-house development of software A and C above are correct. 25. Another alternative to buying a canned system or in-house development is to have a third-party vendor develop a custom system. Which guideline below should not be used by the organization to select an outside developer for a custom system? a) The outside developer should have an in-depth understanding of how the company conducts its business. b) The outside developer should have experience in the company's industry. c) The outside developer should possess a good understanding of business in general. d) The outside developer that charges the least for the system should be chosen over others. 26. A company must carefully evaluate each alternative of developing in-house software, buying canned software, or using an outside third party when planning an AIS. Which statement below is true regarding such a decision? a) Generally the best overall decision is to buy a canned software and hardware system. b) The most efficient and effective systems are the ones developed in house. c) Using an outside third party to develop a system always gives the organization a significant competitive advantage. d) There is no single right answer to the build-or-buy decision. 27. Since the introduction of the computer, there has been an astronomical demand for information systems. Such demand has resulted in many users becoming involved in the hands-on development, control, and employment of information systems. What term is used to refer to this phenomenon? a) b) c) d) amateur user computing (AUC) competitive intra-organization systems development approach (CIOSDA) end-user computing (EUC) novice information systems development (NISD) 28. End-user development is inappropriate for some types of systems. What is an example of a system that end users should not be allowed to develop? a) b) c) d) a payroll processing program a program that performs "what-if" statistical modeling developing an application using prewritten software such as a spreadsheet or database system preparing a schedule or list such as a depreciation schedule 29. What is an important risk to be considered when allowing end users to develop a system? a) b) c) d) IS resources are freed up for other tasks systems are implemented that have not been adequately tested systems are usually easy to use and modify users control development process and decide what systems are created and implemented 30. What is an important benefit to be considered when allowing end users to develop a system? a) b) c) d) systems are developed when they are needed systems are more likely to be incompatible with other systems within the organization systems are more likely to be inefficient systems are often poorly controlled and documented 31. A help desk can encourage, support, coordinate, and control end-user activities. A help desk department may be organized with front-line and second-line analysts and technicians. What would be one duty of second-line help desk personnel? a) b) c) d) handling complicated queries requiring research provide callers with scripted answers using expert systems to quickly find answers None of the duties listed above pertain to second-line help desk personnel. 32. The practice of hiring an outside company to handle all or part of the organization's data processing activities is called a) b) c) d) outsourcing. prototyping. reengineering. turnkey system. 33. How does outsourcing improve an organization's utilization of assets? a) by allowing a company to completely eliminate its IS department, which will reduce its payroll costs b) by allowing the company to sell assets to outsourcers and improve their cash position c) by eliminating the expense of keeping up with the latest technology and, thus, eliminate the drain on cash reserves d) Both B and C above are correct. 34. Which of the following is not a benefit of outsourcing? a) b) c) d) access to greater expertise and more advanced technology greater control improved development time lower costs 35. A company that has outsourced its AIS function can lose a fundamental understanding of its AIS needs and the strategic uses of AIS with the passing of time. What is this risk called? a) b) c) d) locked-in system loss of control reduced competitive advantage unfulfilled goals 36. The success of large corporations that use outsourcing for their information system requirements has motivated other organizations to consider outsourcing. Which advantage of outsourcing, given below, may tend to cause resistance on the part of inhouse IS staff and other organization employees? a) b) c) d) Outsourcing allows a company to better use its assets and scarce resources. Outsourcing can lower a company's overall IS costs. Outsourcing facilitates downsizing. Outsourcing helps eliminate the peaks and valleys of system usage. 37. What is a disadvantage of an organization's outsourcing of information systems? a) b) c) d) Many outsourcing goals and benefits are never realized. Outsourcing may result in faster and more efficient systems development. Outsourcing provides access to greater expertise. Outsourcing provides access to more advanced technology. 38. There are certain risks associated with outsourcing. One possible risk is the exposure of the sharing of confidential data with unauthorized parties. This risk can be placed into the category of a) b) c) d) a locked-in system. a loss of control. a reduced competitive advantage. inflexibility. 39. Which of the following statements about reengineering is inaccurate? a) b) c) d) The data should be centralized and then dispersed throughout the company. The information should be processed by those who use it. The organization should be based on the different tasks that make up the processes. The processes should be performed by output users. 40. Which business process reengineering principle is applied when the traditional approvals for routine purchases are removed and replaced by users placing the orders themselves? a) b) c) d) have output users perform the process have those who produce the information process it integration of parallel activities organize around outcomes, not tasks 41. Developing and putting teams in charge of products is an application of which business process reengineering principle? a) have output users perform the process b) have those who produce the information process it c) integration of parallel activities d) organize around outcomes, not tasks 42. What factor underlies the seven principles of reengineering? a) b) c) d) advances in management practices efficient and effective use of information technology global competition the work flow software 43. Which of the following would not be considered a challenge when implementing business process reengineering efforts? a) b) c) d) availability of mainframe computer hardware and software cost risk skepticism 44. A sobering fact is that even though a trillion-plus-dollars has been spent on information technology in the last decade, productivity has not increased significantly. One change suggested to improve performance dramatically is to analyze thoroughly and completely redesign business processes and information systems. What is such a change called? a) b) c) d) a CSC Index business process reengineering end-user development information system outsourcing 45. There are seven major principles of business process reengineering (BPR). One principle states that whenever possible, one person should be given responsibility for the entire process. What is the name given to this principle? a) b) c) d) capture data once, at its source centralize and disperse data integrate parallel activities organize around outcomes, not tasks 46. One of the principles of business process reengineering is to centralize and disperse data. How is this principle defined? a) b) c) d) certain processes can be performed in parallel and integrated at the end data is entered once in an on line database and made available to all who need it existing job descriptions and departmental boundaries are eliminated information technology can maintain a centralized database, while telecommunications technology can disburse data to necessary locations 47. Business process reengineering (BPR) can be a challenging venture for all involved. Many reengineering efforts fail or fall short of the goals to be achieved in the process. Which statement below applies to the BPR obstacle of controls? a) Nonbelievers and cynics who say a BPR cannot be done should be controlled during all phases of the effort. b) Reengineering efforts should not eliminate the separation of duties without implementing compensating controls. c) Throughout the process managers must continually reassure, persuade, and control those affected by the BPR so that the necessary changes will work. d) None of the statements apply to the BPR principle of controls. 48. The basic premise of __________ is that it is easier for people to express what they like or dislike about an existing system than to imagine what they would like in a system. a) b) c) d) modified software outsourcing agreements prototyping turnkey systems 49. What is an advantage of prototyping? a) b) c) d) It is a less efficient use of system resources. It may be inadequately tested and documented systems. The developer need not maintain or update the system. There are negative behavioral reactions. 50. Which statement below regarding prototyping is false? a) A prototype is considered a "first draft," which is quickly and expensively built for testing purposes. b) Developers who use prototyping still go through the SDLC. c) It is easier for people to express what they like or dislike about a prototype than to imagine what they want in a system. d) Prototyping allows developers to condense and speed up parts of the analysis and design phases. 51. There are four steps involved in developing a prototype. Which step emphasizes speed and low cost rather than efficiency of operation? a) b) c) d) first second third fourth 52. What is the emphasis of the first step involved in developing a prototype? a) b) c) d) develop a good prototype into a fully functional system speed and low cost rather than efficiency of operation users identify changes to be made in an iterative process what output should be produced rather than how it should be produced 53. A prototype that is turned into a fully functional system is referred to as a(n) a) b) c) d) disappearing prototype. nonoperational prototype. operational prototype. throwaway prototype. 54. The development of which type of system listed below would not benefit from the creation of a prototype? a) b) c) d) decision support systems executive information systems expert systems systems that cross a number of organizational boundaries 55. What is a disadvantage to prototyping? a) b) c) d) developers may shortchange the testing and documentation process errors are likely to be detected and eliminated early in the development process prototyping may be less costly than other approaches prototyping usually produces a better definition of user needs than other approaches 56. CASE stands for a) b) c) d) computer-aided software engineering. computer-aided systems engineering. both A and B none of the above 57. Which is not a problem with CASE technology? a) b) c) d) cost incompatibility lack of system documentation unmet expectations 58. Computer-aided software (or systems) engineering is another tool used for improving the development process. What is one thing that CASE tools were not designed to do in assisting in the software and systems development process? a) b) c) d) automate important aspects of the software development process enhance the efforts of managers in understanding information needs plan, analyze, design, program, and maintain an information system replace skilled designers 59. What is a disadvantage of using CASE? a) b) c) d) cost savings improved control procedures improved program quality incompatibility 60. What is an advantage of using CASE? a) b) c) d) incompatibility replacement of skilled designers simplified documentation unmet expectations SHORT ANSWER 61. Briefly identify the difficulties encountered when developing an AIS. 62. What are the three methods of obtaining software? What is a turnkey system? 63. What are the guidelines for successfully purchasing custom software when using an outside vendor? 64. What is a help desk? What are the uses of a help disk? 65. What is outsourcing? What are the different types of outsourcing agreements? 66. What is business process reengineering? What are the principles of reengineering? 67. What is computer-aided software (or systems) engineering (CASE)? What are the advantages and disadvantage of CASE technology? 68. Explain the concept of an application service provider. 69. What are the key things an organization can do to enhance an RFP to be sent to vendors? 70. Briefly discuss how an organization can develop custom software. ESSAY 71. What are the relative advantages and disadvantages of custom software and canned software for meeting application software needs? 72. What is end-user computing? Why has end-user computing seen explosive growth? What are the advantages and risks of end-user computing? 73. What is prototyping? When is prototyping appropriate? What are the steps involved in prototyping? Discuss the advantages and disadvantages in prototyping. 74. Discuss how information system outsourcing can provide the organization with both a business solution and asset management. 75. Explain the business processing reengineering principle: "Require those who produce information to process it." ANSWER KEY 1. A 2. A 3. A 4. A 5. D 6. C 7. A 8. C 9. B 10. D 11. D 12. B 13. B 14. B 15. D 16. C 17. C 18. A 19. B 20. B 21. A 22. D 23. D 24. D 25. D 26. D 27. C 28. A 29. B 30. A 31. A 32. A 33. D 34. B 35. C 36. C 37. A 38. B 39. C 40. A 41. C 42. B 43. A 44. B 45. D 46. D 47. C 48. C 49. C 50. A 51. B 52. D 53. C 54. D 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. A C C D D C Demand for development resources is very high and can backlog AIS projects for several years. The development process can be lengthy. System developers may not understand the company's business, and consequently the new system may not always meet user's needs. The time taken to develop an AIS may make it obsolete when the new system is ready to launch. Users may not be able to articulate their demands adequately, and therefore they may be dissatisfied with the finished product. Changes to the AIS are difficult to make beyond a certain point, so the AIS remains in a state of "perpetual development" and flux . The three methods of obtaining software are purchasing new software, developing software inhouse (either by development staff or by the system end-users themselves), or hiring an outside company to create a system. A turnkey system is a software and hardware package, which is complete and ready to be used "at the turn of a key." Vendors for turnkey systems primarily specialize in a particular industry. Guidelines when contracting with a third-party company: Carefully select a developer by checking into references and inquiring about reputation and past experiences from other organizations. Sign a contract with clearly defined areas of responsibility for the vendor. Plan and monitor each step by designing each step of the project in detail, and making frequent checkpoints for monitoring the project. Maintain effective communication between the company and the developer. Control all costs and minimize cash outflow until the project has been completed and is accepted A help desk consists of analysts and technicians that encourage, support, coordinate, and control end-user activities. Some of the duties and activities of the help desk includes the following: Hotline assistance to solve problems. Clearinghouse for information, coordination, and assistance. Training, maintenance, and support center for the software and hardware. Application development assistance center. Approval point for development and implementation standards for hardware and software purchases, documentation and application testing, and security issues. Controlling access to corporate data by using access matrix controls, etc. Evaluating new end-user hardware and software products. Outsourcing is the hiring of an outside company to handle all or part of a company's data processing activities. There are two main types of outsourcing agreements: Mainframe outsourcing is when the outsourcer buys the client's equipment, hires the client's employees, and operates on the client's site or connects the system to outsourcer's computer. Client/server or desktop outsourcing is when a particular service, segment of business, function, or PC support is outsourced. Business process reengineering is a thorough analysis and complete redesign of business processes and information systems to achieve dramatic performance improvements. Business process reengineering focuses on why the business processes are performed and not on how they are performed. The seven basic principles of reengineering are: Organize around outcomes, not tasks. Have output users perform the process. Have those who produce information process it. Centralize and disperse data. Integrate parallel activities. Empower workers, use built-in controls, and flatten the organizational chart. Capture data once, at its source. CASE refers to an integrated package of computer-based tools that automate important aspects of the software development process. CASE tools can be used to plan, analyze, design, program, and maintain an information system. CASE tools do not replace skilled designers, but they provide effective support for all phases of the SDLC. Advantages-- Improved productivity, improved program quality, cost savings, improved control procedures, and simplified documentation. Disadvantages -- Incompatibility, cost, and unmet expectations An application service provider (or ASP) is a third-party provider of software to organizations. An ASP is Web-based, providing delivery of software to its clients over the Internet. An organization that uses an ASP "rents" the software, thus eliminating the tasks of buying, installing, and maintaining the software. Among the advantages to using this approach as opposed to the outright purchase of software is a reduction of software costs and administrative overhead, 69. 70. 71. 72. 73. 74. automated software upgrades, scalability as the organization itself grows, global access to information, access to skilled IT personnel, and ability to focus on core competencies rather than IT requirements. The more information an organization provides in its RFP, the better its chances are of receiving a system that meets its requirements. It is important to include detailed specifications for the new AIS, including required applications, inputs, outputs, files, databases, frequency and ways of updating files and creating queries, and any unique characteristics or requirements. It is also essential that the RFP distinguishes between what are mandatory requirements and what are "desirable but not essential" requirements. Custom software is usually developed and written in house. Albeit a difficult, error prone, and time- consuming process, many organizations develop their own software because their requirements are unique or their size and complexity necessitate the creation of a custom package. As an alternative, third-party developers can be enlisted to develop custom software for an organization. Custom software should only be developed when it results in a distinct, competitive advantage to the organization. Custom software: tailored to needs; potential competitive advantage; and better control over the process: expensive; difficult to write; error prone; and time consuming. Canned software: easy to acquire; fast to acquire; inexpensive; good documentation; updates are inexpensive; and can be tested: not tailored to needs; not as efficient as custom software; does not develop in-house expertise in creation; and developer may go out of business. End-user computing is the hands-on development, use, and control of computer-based information systems by users. The suitable applications are: Producing simple reports and answers to one-time queries by accessing the company database. Sensitivity, statistical, or "what-if" analysis. Using spreadsheets or data base software to analyze data. Preparing schedules and lists such as depreciation schedule, accounts receivable aging, and loan amortizations. User computing has seen an explosive growth because: Users realized that computers can be used to meet more and more information needs. Increased access to data created many new uses and needs for information. One prediction is that end-user computing may account for 75% to 95% of all information processed in the near future. Advantages of end-user computing: The user is involved in the creation, control, and implementation of the software; systems tend to meet user needs; programs can be created timely; end-users creating programming can free up IS resources; and programs tend to be versatile and easy to use. Disadvatages of end-user computing: Logic and development errors; inadequately tested applications; inefficient systems; poorly controlled and documented systems; systems incompatibilities; duplication of systems and data; and wasted resources and increased costs. Prototyping is the development of a simplified working model (prototype) of an information system. It is a "first draft," that is quickly and inexpensively built and provided to users for testing. Prototyping is appropriate if: There is uncertainty about the existing AIS. The questions to ask are unclear. The final AIS is not clearly visualized. Speed is an issue. There is a high likelihood of failure. The system is a decision support system, executive information system, expert system, or information retrieval system. Suitable when the system involves experimentation and trial-and-error development. Suitable when the system requirements evolve as the system is used. Prototyping is not appropriate if: The system is large or complex and serves major organizational components or crosses a number of organizational boundaries. Steps in developing a prototype: Identify basic system requirements based on users' needs for what output should be produced. Develop initial prototype emphasizing speed and low cost instead of efficiency of operation and demonstrate it for users. Make changes needed as identified by users, may take several iterations. Develop and use the user-approved system. Advantages of prototyping: Better definition of user needs. Higher user involvement and satisfaction; faster development time; fewer errors; more opportunity for changes; and less costly to the organization. Disadvantages of prototyping: significant user time; less efficient use of system resources; incomplete system development; inadequately tested and documented systems; negative behavioral reactions; neverending development. Many companies have come to view information system outsourcing as not merely an IS solution but a true business solution. Outsourcing has become a plausible business solution because it allows the organization to focus and put its concentration into its core competencies. This transfer of IS responsibilities can be liberating to the organization, as it frees up more resources to devote to the mainstay of its business efforts. The viewpoint is that a company should be allowed to do what it does best; so the outsourcer is better at IS operations and management, while the organization is better in its areas or core competencies. Many organizations treat outsourcers as business partners, working closely to meet the strategic business objectives of the organization. An additional benefit of IS outsourcing is asset management. Many organizations tie up millions of dollars in their IS efforts, and the attempt to keep up with technological improvements can create a steady drain on cash reserves and other organizational resources. One way to significantly improve an organization's cash position and reduce annual expenses is to sell off IS assets, or lease them to the outsourcing organization. This can have positive benefits for both the organization and outsourcing vendor as well, as it helps the organization with cash and expense management, and can provide an outsource vendor with the equipment (and even people) it needs to properly service its client. 75. The idea behind this BPR principle is to save time, money, and other resources. By having the people who produce the information also be responsible for its processing, a more efficient and effective business process is created. As an example, with the reduced cost of PC technology, LANs, and WANs, it is feasible for purchasing agents to create and process their own purchase orders on-line by entering them into a database. A vendor using EDI can ship goods to a customer but does not have to send a physical invoice. When the goods arrive at the customer's warehouse, a receiving clerk can check in the goods by scanning bar codes found on each item. The system will automatically check the goods received against the electronic information sent from the vendor, and if goods received match the order, the system can automatically prepare a check and forward the appropriate information to the accounts payable department for approval. The net result is that fewer people perform more automated tasks due to their immediate input of information into the system. There is also less paper in the process. Ultimately, the organization can process orders more quickly, at lower cost, and provide better customer service all at the same time. Hence, there is a significant saving of money and time by having the people who produce the information also be responsible for its processing. Chapter 20 MULTIPLE CHOICE 1. What is one activity that is not one of the responsibilities of accountants to help keep a project on track? a) b) c) d) ensuring that the project is on schedule evaluating and measuring benefits helping programmers write code monitoring costs 2. Developing a general framework for implementing user requirements and solving problems identified in the analysis phase occurs in which phase of the SDLC? a) b) c) d) conceptual systems design implementation and conversion operations and maintenance . physical design 3. Who is responsible for identifying and evaluating a variety of design alternatives? a) b) c) d) design team implementation committee steering committee systems analysts 4. Who is responsible for evaluating the design alternatives and selecting the one that best meets the organization's needs? a) b) c) d) design team implementation committee steering committee systems analysts 5. Which of the following lists represent the sequence of elements in developing the conceptual design specifications? a) b) c) d) input, data storage, processing procedures and operations, and output input, output, data storage, and processing procedures and operations output, data storage, input, and processing procedures and operations processing procedures and operations, input, data storage, and output 6. The project team wants to find the most efficient way to collect data in order to prepare a report on sales per store. Which element in design specifications will deal with the decision? a) b) c) d) data collection input output processing procedures 7. One of the purposes of the __________ is to guide physical systems design activities. a) b) c) d) conceptual systems design report physical systems design report program design systems analysis report 8. The conceptual design phase is the second phase in the systems design life cycle. There are several steps in this phase. Which step listed below is not a valid step made in the second phase of the SDLC? a) b) c) d) evaluate design alternatives physical systems design prepare a conceptual systems design report prepare design specifications 9. A part of the conceptual design phase is the evaluation of design alternatives. The design team should identify a variety of design alternatives and evaluate them based on several standards. Who is responsible for approving the final design that best meets the organization's needs? a) b) c) d) IS management the end-users of the system the steering committee the system analyst design team 10. Once a design alternative has been chosen, the project team is responsible for the development of several conceptual design elements. A decision about how often to produce a certain report falls under the category of which design element? a) b) c) d) data storage input output processing procedures and operations 11. At the end of the conceptual design phase the development team prepares a conceptual systems design report. What item below is not considered a rationale for issuing the report? a) b) c) d) it can be used to guide physical systems design activities it communicates how management and user information needs will be met it discusses the design alternatives that were not selected for the project it helps the steering committee assess system feasibility 12. The objective of __________ is to determine the nature, format, content, and timing of printed reports, documents, and screen displays. a) b) c) d) input design output design report design None of the above are correct. 13. Which consideration below is not considered important to output design? a) b) c) d) format location medium source 14. All of the four categories of output have pre-specified content and format except for a) b) c) d) demand reports. scheduled reports. special-purpose reports. triggered exception reports. 15. In the file and database design step of the physical systems design phase, it is advantageous to have a) b) c) d) a compatible format. easy access. timely queries. various capabilities. 16. In evaluating input design, the design team must identify a) b) c) d) a single view so data can be shared. organization and access. types of data input and optimal input methods. what is relevant, complete, and useful. 17. Program development can be improved by a) b) c) d) having special codes for input, output, and file maintenance. having users code the programs. using standards to find incorrect logic errors, omissions, or other problems. using structured programming. 18. Structured programming divides the program into small, well-defined modules. Which of the following statements below is correct? a) b) c) d) Modules interact with each other directly and also through the control module. Modules interact with each other directly. Modules interact with only the control module. Modules primarily, but not always, interact with the control module. 19. Rules for writing programs are called a) b) c) d) applications. basic code. common routines. programming standards. 20. Everyone who interacts with the newly designed AIS should follow __________ that answer the who, what, where, why, and how questions related to all AIS activities. a) b) c) d) procedures programs standards none of the above 21. Which consideration is not of concern in controls design? a) b) c) d) security alphabetical control audit trail validity 22. The accountant wants to make sure that all cash disbursements are made only to legitimate vendors. Which of the following control considerations will deal with this concern? a) b) c) d) security accuracy authorization validity 23. The sales department wants to make sure that all customer inquiries are answered in real-time. Which of the following controls design considerations will deal with this concern? a) b) c) d) security authorization accuracy audit trail 24. At what point in the systems development life cycle does the company determine how the conceptual AIS design is to be implemented? a) b) c) d) the conceptual design phase the implementation and conversion phase the physical design phase the systems analysis phase 25. The physical design stage of the SDLC is the point at which the broad, user-oriented AIS requirements of conceptual design are translated into detailed specifications that are used to code and test the various computer programs. What is the most timeconsuming activity found in this phase, or even in the entire SDLC process? a) b) c) d) controls design input design output design program design 26. Which consideration listed below applies to file and database design? a) b) c) d) form size format medium organization and access 27. Control design considerations are important to the physical systems design phase of the SDLC. One concern of control design relates to the pre-numbering of documents to prevent errors or intentional abuse. What is the control design consideration related to this concern? a) accuracy b) audit trail c) numerical control d) validity 28. __________ is the process of installing hardware and software and getting the AIS up and running. a) b) c) d) Conceptual design Physical design Systems analysis Systems implementation 29. The first step in developing software is to a) b) c) d) determine user needs. develop a plan. hire program users. write program instructions. 30. The initial visual and mental review to discover keying or programming errors is called a) b) c) d) desk checking. desk correction. desk debugging. desk imaging. 31. Flowcharts, record layouts, decision tables, and related items are part of a) b) c) d) determining user needs. documenting the program. testing the program. training program users. 32. Effective AIS training involves a) b) c) d) instruction on new hardware and software. orientation to new policies and operations. planning and scheduling so it occurs before system testing and conversion. All of the above are correct. 33. Step-by-step reviews of procedures or program logic early in the system design that focus on inputs, files, outputs, and data flows are called a) b) c) d) acceptance tests. operating tests. processing of test transactions. walk-throughs. 34. The implementation planning and conversion phase of the SDLC incorporates many systems implementation elements. One such element is the development and testing of software programs. One process used to uncover and eliminate program errors is known as a) black box testing. b) debugging. c) desk checking. d) white box testing. 35. What is used as the basis for management to make a "go/no go" decision regarding whether to proceed from the physical design phase to the implementation planning and conversion phase of the SDLC? a) b) c) d) a conceptual system design report a physical systems design report a systems design report an implementation planning design report 36. An implementation plan consists of the various implementation tasks to be accomplished along with a variety of other data and information, such as expected completion dates, cost estimates, and identification of the individuals responsible for each task. The plan should also address the area of risks to successful implementation. Who is responsible for identifying such risk factors? a) b) c) d) the implementation team the steering committee the systems analysis team the systems development team 37. Within the implementation planning and conversion phase of the SDLC, analysts must __________ before they can __________. a) b) c) d) complete documentation; test software programs install and test software; test software programs test software programs; test the system test the system; select and train personnel 38. A software program must be changed to accommodate new tax rate values. What is the name of the process used to make such a change? a) b) c) d) debugging desk checking program maintenance programming 39. Several types of documentation must be prepared for a new system. The type of documentation that includes operating schedules and file retention requirements is called a) b) c) d) development documentation. operations documentation. reference documentation. user documentation. 40. Inadequate testing can lead to serious systems failures. Part of the SDLC process is to adequately test the system being implemented. What is the type of test that determines whether a program is operating as desired? a) b) c) d) acceptance testing debugging processing of test transactions program walk-through 41. What is the name for the type of testing where copies of real transaction and file records are used rather than hypothetical ones? a) b) c) d) acceptance testing debugging desk checking program walk-through 42. In __________, old and new systems are operated simultaneously at different parts of the organization. a) b) c) d) direct conversion parallel conversion phase-in conversion pilot conversion 43. A company wishes to introduce and test a new AIS at a branch location before company-wide adoption. This approach is called a) b) c) d) direct conversion. parallel conversion. phase-in conversion. pilot conversion. 44. Which of the following activities does not pertain to the area of data conversion? a) b) c) d) changing the data content changing the database changing the file format moving files to a new medium 45. "Conversion" in the implementation planning and conversion phase of the SDLC is the task of changing from an old system to a new system. What is the name for the type of conversion where the old AIS is immediately terminated as the new AIS is introduced? a) b) c) d) direct conversion parallel conversion phase-in conversion pilot conversion 46. What is a phase-in conversion? a) b) c) d) both the old and new AIS are operated simultaneously elements of the old AIS are replaced gradually with elements of the new AIS the new AIS is introduced into one part of the organization, such as a branch the old AIS is terminated as the new AIS is introduced 47. The data conversion process of the implementation planning and conversion phase of the SDLC can be a tedious and time-consuming task. Data files may need to be modified in any of several ways. What is an example of modifying the medium of data files? a) adding or deleting fields or records b) changing from tapes to disks c) changing the file format d) changing the storage capacity of the file format 48. There are several steps in the data conversion process that must take place in a certain sequence. What is the last step in this process? a) b) c) d) actual data conversion checking the files for completeness and removing any data inaccuracies or inconsistencies documentation of conversion activities monitoring of the system after the actual data conversion 49. Which factor is not investigated during the post-implementation review? a) b) c) d) accuracy benefits completion costs 50. The final step in the SDLC is that of the operation and maintenance of the new system. What is the final activity in the systems development process? a) b) c) d) monitoring of the system ongoing maintenance activities preparation of the post-implementation review report user acceptance of the post-implementation review report 51. Some investigation must occur during the postimplementation review process to prepare the report and wrap-up systems development activities. An analyst who asks the question, "Does the system produce actual and complete data?" is investigating what postimplementation factor? a) b) c) d) accuracy compatibility goals and objectives reliability SHORT ANSWER 52. How can accountants help in the SDLC process? 53. What factors does a steering committee consider when evaluating different system designs? 54. What is the purpose of a conceptual systems design report? 55. What are the controls design considerations in a new AIS? 56. What is systems implementation? How do you plan for it? 57. What are the different types of documentation that should be prepared for a new system? 58. What are the different methods of testing a system? 59. What is a post-implementation review? What are the activities involved in a postimplementation review? 60. What output design considerations should be analyzed as part of the physical system design phase? 61. Briefly discuss structured programming. ESSAY 62. What is the conceptual systems design phase? What are the elements of conceptual design specifications? 63. What is the objective of output design? What are the output design considerations? What are the various categories of outputs? 64. What are the different approaches to system conversion? 65. Discuss controls design considerations in the physical systems design phase of the SDLC. 66. What are the eight basic steps used to develop and test software programs? ANSWER KEY 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. C A A C C B A B C C C C D C A C D C D A B D D C D B&C C D A A B D D B B A C C B C A B D B A B B C C D A Accountants must first understand the development process, and then realize that they can make a valuable contribution to the development process in several ways. As users, accountants can 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. specify their needs and help explain such needs to the development team. As members of the development team, they can provide valuable input throughout the design and development process. As auditors, they can perform attest functions with a greater working knowledge and enhanced skill sets. Accountants should keep the project on track by evaluating and measuring benefits, monitoring costs, and helping to maintain the timetable. How well does the design meet organizational and systems objectives? How well does the design meet users' needs? How economically feasible is the design in terms of costs versus benefit? What are the advantages and disadvantages of the design? Do the advantages outweigh the disadvantages? The purpose of this report is to a) guide physical systems design activities, b) communicate how management and user information needs will be met, and c) help the steering committee assess system feasibility. Controls design ensures the effectiveness, efficiency, and accuracy of the AIS. Accountants have a vital role in this area. The important concerns to be addressed are: validity of transactionsauthorization of input, storage, and output activities- accuracy of input and processing activitiessecurity access to system numerical control pre-numbering and accounting of all documents. Audit trail - tracing of transactions from source documents to final output and vice versa Systems implementation is the process of installing hardware and software and getting the AIS in place and in use. Systems planning consists of: Implementation tasks and person(s) responsible for tasks. Setting expected completion dates. Cost estimates and variances. Identify risk factors that decrease likelihood of successful implementation. Strategies for coping with risk factors. Complete documentation - three types of documentation must be prepared: Development documentation which includes: System description. Copies of output, input, and file and database layouts. Program Flowcharts. Test results. User acceptance forms. Operations documentation includes: Operating schedules. Files and databases accessed. Equipment security and file retention requirements. User documentation includes: Procedures manual(s). Training materials. There are three methods: walkthroughs, which involve systematic reviews of procedures or program logic at different phases during the SDLC. In the early stages of the design process, the focus is inputs, outputs, and files. In the later stages, the focus is on program logic and structure. Processing test transactions to determine whether a program operates as designed. Different types of hypothetical transactions are processed to see if the controls catch various types of errors. Acceptance tests, which use real transactions and file records. Users develop the acceptance criteria and make the final acceptance or rejection decision. A post-implementation review ensures that the new AIS meets planned objectives. Any problems uncovered during the review are brought to the attention of the management and the necessary adjustments are made. When review is complete, prepare a report. The acceptance of the postimplementation review report by users concludes the systems development process. Control of the AIS now passes on to the data processing department. Two things must be considered regarding system output. First, who will use the output? Why do users need this type of output, and what decisions will be made based on such output? Second, the medium of the output must be addressed. What medium should be used? Should the output be on paper, computer screen, stored as a voice response file, placed on diskette, microfilm, or some possible combinations of these mediums? These are two important considerations that can either "make or break" a system in terms of its successful use. Other considerations are: What format (tale, graph, etc)? Should preprinted forms be used? Where should the output be sent? Who should have access to the output? How often should the output be produced? Lengthy output should be preceded by an executive summary and a table of contents. Structured programming refers to programs that are subdivided into small, well-defined modules with the goal of reducing complexity and enhancing reliability and modifiability. Each module should interact with a control module rather then with each other. Proper structured programming dictates that each module should have only one entry and exit point to facilitate testing and modification. The conceptual systems design phase involves the development of the general framework for implementing user requirements and solving problems identified in the analysis phase. Conceptual design elements include the following elements: Output specifications to meet users' information needs. Data storage specifications based on reports that need to be produced, the manner in which 63. 64. 65. 66. data are stored (sequential, random, etc.), the type of database to use, and appropriate field sizes. Input specification after output is identified so that the "when, where, and how" of data input are appropriate for the types of output needed. Processing procedures and operations specifications are determined after the sequencing and processes for input and data storage are known. Output design: The objective is to determine the nature, format, content, and timing of printed reports, documents, and screen displays. Design considerations: Use - who will use, why is it needed, what is needed for use. Medium - paper, screen, diskette. Format - tables, graphs, narratives. Preprinted - e.g., purchase orders, checks. Location - where sent. Access - by whom and to what. Detail - summary, table of contents, headings. Timeliness - how often. Categories of output are: Scheduled reports are prespecified and formatted and prepared regularly. Specialpurpose analyses are not prespecified or formatted, but are prepared when management requests data to evaluate an issue. Triggered exception reports are prespecified and formatted and prepared in event of abnormal conditions. Demand reports are prespecified and formatted and prepared when requested. Direct conversion is used when the old system is of no value or is not comparable to the new system. This type of conversion carries a high risk of failure. Parallel conversion protects the company from error, but it is costly and stressful to process transactions twice. Phase-in conversion results in gradual changes over time that also allows resources to be acquired over time. However, creating temporary interfaces is costly and gradual changes take time and come at greater expense. Pilot conversion implements the system in just one part of the organization that allows problems to be corrected before the system is completely adopted. However, the costs of interfaces and running both systems are a disadvantage. There are several controls design considerations to be addressed in this phase of the SDLC. Validity, authorization, accuracy, access, numerical control, and providing an audit trail are the major items, which must be taken into account in physical design. Validity would address a question such as, "Are all system interactions valid?" Authorization could be examined by asking, "Are input, processing, storage, and output activities authorized by the appropriate managers?" Accuracy can be analyzed by asking, "Is input verified to ensure accuracy and what controls are in place to ensure that data passed between processing activities is not lost?" When dealing with access issues, the analyst should ask if there is adequate control over accessing data, and ask the important question, "How is a hacker denied access to a data file?" Asking the question, "Are documents pre-numbered to prevent errors or intentional abuse?" can provide insight about numerical controls. Finally, to provide appropriate audit trails, the analyst should ask the question, "Can transaction data be traced from source documents to final output, and vice versa?" It is imperative that controls design be properly implemented in this phase of the SDLC to ensure the success of launching the system and its ongoing use. Also , availability and integrity. Generally speaking, developers use an eight-step method to develop and test software programs. As part of the systems implementation phase of the SDLC, it is important that these steps faithfully are followed by the development team. 1) The team should consult with users and write an agreement about software requirements as a way to determine user needs. 2) Next, a development plan should be created and documented. 3) The overall approach and major processing tasks should be identified on a high level before proceeding to levels of greater detail. At that point the activity of writing program instructions can begin. 4) After program code has been written, the next step is to test the program. This can be achieved in part through debugging and desk checking, along with other types of testing. 5) The next thing to be done is to document the program, since this will explain how the program works and assist analysts in correcting and resolving errors. 6) Training program users is the beginning of the end of the test phase. Program documentation developed in step five will be used at this time. 7) The seventh step is to install and use the system. At this point the program can be used and program maintenance can take place as needed. 8) Use and modify the system. Revise existing programs (called program maintenance).