Chapter 1 (new version)
MULTIPLE CHOICE
1. A set of two or more interrelated components that interact to achieve a goal is:
a) A system
b) An accounting information system
c) Data
d) Mandatory information
2. This results when a subsystem achieves its goals while contributing to the
organization's overall goal.
a) Goal conflict
b) Goal congruence
c) Value of information
d) Systems congruence
3. Goal conflict may result when
a) A decision or action of a subsystem is inconsistent with the system as a whole.
b) A subsystem achieves its goals while contributing to the organization's overall
goal.
c) Duplicate recording, storage and processes are eliminated.
d) The data exceeds the amount the human mind can absorb and process.
4. Facts that are collected, recorded, stored and processed by an information system
a) Information
b) Data
c) Systems
d) Mandatory information
5. Information is
a) What happens when the data exceeds the amount the human mind can absorb.
b) The benefit produced by the information minus the cost of producing it.
c) Facts that are collected, recorded, stored, and processed by an information system.
d) Data that have been organized and processed to provide meaning to a user.
6. Data are
a) facts entered, stored, and processed by an information system.
b) processed output that is useful to decision makers.
c) another word for information.
d) quantitative facts that are not qualitative by nature.
7. Which of the following statements below shows the contrast between data and
information?
a) Data is the output of an AIS.
b) Information is the primary output of an AIS.
c) Data is more useful in decision-making than information.
d) Data and information are the same.
8. Information is
a) basically the same as data.
b) raw facts about transactions.
c) potentially useful facts when processed in a timely manner.
d) data that has been organized and processed so that it's meaningful.
9. Humans can absorb and process only so much information. Information __________
occurs when those limits are passed.
a) overload
b) excess
c) anxiety
d) discretion
10. The value of information can best be defined as
a) how useful it is to decision makers.
b) the benefits produced by possessing and using the information minus the cost of
producing it.
c) how relevant it is.
d) the extent to which it maximizes the value chain.
11. The benefit produced by the information minus the cost of producing it.
a) Goal congruence
b) Information
c) Information overload
d) Value of information
12. An accounting information system (AIS) processes __________ to provide users with
__________.
a) data; information
b) data; transactions
c) information; data
d) data; benefits
13. How many components are found in an AIS?
a) three
b) four
c) five
d) six
14. An accounting information system in part consists of
a)
b)
c)
d)
People, hardware and programs.
Information, programs and computers.
People, procedures, data, software and information technology infrastructure.
Internal controls and accounting records.
15. Information that reduces uncertainty, improves decision makers' ability to make
predictions, or confirms or corrects their prior expectations, is said to be
a) Complete
b) Relevant
c) Reliable
d) Timely
16. Information that is free from error or bias and accurately represents the events or
activities of the organization is
a) Relevant
b) Reliable
c) Verifiable
d) Timely
17. Information that does not omit important aspects of the underlying events or activities
that it measures is
a) Complete
b) Accessible
c) Relevant
d) Timely
18. When two knowledgeable people acting independently each produce the same
information, this information is said to be
a) Complete
b) Relevant
c) Reliable
d) Verifiable
19. Data must be converted into information to be considered useful and meaningful for
decision-making. There are six characteristics that make information both useful and
meaningful. If information is free from error or bias and accurately represents the
events or activities of the organization, it is representative of the characteristic of
a) Relevancy
b) Timeliness.
c) Understandability
d) Reliability
20. The primary consideration when producing this type of information is that its benefits
exceeds its costs.
a) Discretionary information
b) Essential information
c) Mandatory information
d) Value of information
21. An AIS is a system of six interrelated components that interact to achieve a goal.
One of these components, which includes both manual and automated activities that
involve collecting, processing, and storing data, is known as
a) Information or data
b) Procedures and instructions
c) Software
d) Information technology infrastructure
22. An accounting information system must be able to perform which of the following
tasks?
a) collect transaction data
b) process transaction data
c) provide adequate controls
d) all of the above
23. Which of the following is not an example of a common activity in an AIS?
a) buy and pay for goods and services
b) sell goods and services and collect cash
c) summarize and report results to interested parties
d) recording of sales calls for marketing purposes
24. Which of the following is not one of the components of an AIS?
a) Internal controls and security measures
b) People
c) Procedures and instructions
d) Software and hardware
25. An AIS must be able to fulfill three important functions in any organization. One
such function is the collecting and storing of data about activities performed by the
organization. One group that relies on both the adequate collection and
transformation of data for decision-making purposes for an organization is
a) management.
b) interested outsiders.
c) competitors.
d) the government.
26. The primary objective of accounting is to
a) implement strong internal controls.
b) provide useful information to decision makers.
c) prepare financial statements.
d) ensure the profitability of an organization.
27. The Financial Accounting Standards Board (FASB), in its Statement of Financial
Accounting Concepts No. 2, has defined accounting as
a) an information identification, development, measurement, and communication
process.
b) a way to provide adequate controls to safeguard an organization's assets.
c) being an information system.
d) a way to collect and transform data into useful information.
28. Which activity below would not be considered to be a "top" accountant work
activity?
a) process improvement
b) input into future product marketing initiatives
c) long-term strategic planning
d) computer systems and operations
29. The American Institute of Certified Public Accountants (AICPA) has recognized the
importance of AIS and the major impact information technology has on the area of
accounting. To recognize individual CPAs who have met educational and
experiential requirements in this area, the group formally created the designation
known as
a) the Certified Management Accountant.
b) the Certified Information Technology Professional.
c) the Certified Internal Auditor.
d) the Certified Data Processing Professional.
30. An analysis conducted by the Institute of Management Accountants shows that the
most important activities performed by corporate accountants relate to
a) customer and product profitability.
b) internal consulting.
c) process improvement.
d) accounting systems and financial reporting.
31. The primary focus of an AIS course, as opposed to other IS courses, is on
a) application of information technology.
b) use of accounting software.
c) understanding how information technology can be used to improve AIS
processes.
d) preparation of financial statements.
32. The AIS must include controls to ensure
a) safety and availability of data.
b) marketing initiatives match corporate goals.
c) information produced from data is accurate.
d) both A and C
33. A change in the AIS that makes information more easily accessible and widely
available within an organization is most likely to first influence the
a) organizational culture.
b) customer base.
c) external financial statement users.
d) production activity.
34. The process of creating value for customers is the result of nine activities (five
primary and four support) that taken together form a
a) value chain.
b) profitable operation.
c) successful business.
d) support system.
35. The value chain concept is composed of two types of activities known as
a) primary and support.
b) primary and secondary.
c) support and value.
d) technology and support.
36. Which of the following is a primary activity in the value chain?
a) infrastructure
b) technology
c) purchasing
d) marketing and sales
37. In value chain analysis, what is the activity of arranging the delivery of products to
customers called?
a) outbound logistics
b) inbound logistics
c) shipping
d) delivery
38. An AIS provides value by
a) improving products or services through information that increases quality and
reduces costs.
b) providing timely and reliable information to decision makers.
c) creating new products.
d) both A and B
39. In Chapter 1, Figure 1-2 shows the factors that influence the design of AIS. The
diagram shows a bi-directional arrow between the organizational culture and the AIS.
The reason for this two-way interchange between organizational culture and AIS is
a) that the AIS should not influence the values of the organizational culture.
b) because the organization's culture influences the AIS, and likewise the AIS
influences the organization's culture by controlling the flow of information within
the organization.
c) due to the transfer of managers between the two corporate elements.
d) the AIS impacts the organization's key strategies.
40. The objective of the majority of organizations is to provide value to their customers.
The activities that support such an objective can be conceptualized as forming a value
chain. Within this value chain, logistics plays an important role. Logistics is both
inbound and outbound in nature. An example of inbound logistics would consist of
a) the activities that transform inputs into final products or services.
b) the activities that help customers to buy the organization's products or services.
c) the activities that provide post-sale support to customers.
d) the activities that consist of receiving, storing, and distributing the materials used
as inputs by the organization to create goods and/or services it sells.
41. A good example of how an AIS is used to share knowledge within an organization is
a) the use of an expert system to help staff identify the relevant experts who can help
with a particular client.
b) the use of laptop computers to access a network for messaging worldwide.
c) the monitoring of production equipment to watch for defects.
d) the use of point-of-sale data to determine hot-selling items.
42. Within the value chain conceptual framework, organizations also perform a number
of other support activities that enable the five primary value chain activities to be
performed efficiently and effectively. One such support activity is research and
development. This activity can be identified as a
a) firm infrastructure activity.
b) human resources activity.
c) technology activity.
d) purchasing activity.
43. Within the value chain conceptual framework, AIS is shown as a support activity.
The AIS is of value to an organization when it provides accurate and timely
information to help support the five primary value chain activities. When the AIS
provides information in a timely and accurate manner, it stands as an example of
a) improved decision making.
b) improving the quality and reducing the costs of products or services.
c) improving efficiency.
d) All of the above
44. A decision situation that is non-routine and for which no established framework exists
for making the decision is called a(n) __________ decision.
a) structured
b) semistructured
c) unstructured
d) strategic
45. A decision that is repetitive, routine and well understood is
a) structured
b) semistructured
c) unstructured
d) strategic
46. Which of the following is an example of a strategic planning decision?
a) setting financial and accounting policies
b) conducting a performance evaluation
c) budgeting
d) developing human resource practices
47. Decisions about the effective and efficient execution of specific tasks are concerned
with
a) operational control.
b) management control.
c) strategic planning.
d) tactical planning.
48. Budgeting and human resource practices are examples of
a) operational control
b) management control
c) strategic planning
d) tactical planning
49. Accounting information plays major roles in managerial decision making by
a) identifying situations requiring management action.
b) reducing uncertainty.
c) providing a basis for choosing among alternative actions.
d) all of the above
50. Business activities that pertain to product pricing, discount and credit terms, and
identifying the most and least profitable items are part of the __________ activity in
the organization's value chain.
a) service
b) marketing and sales
c) operations
d) inbound logistics
51. A principal focus of AIS is to assist with the decision-making function of an
organization. The degree of support AIS can provide depends on the type of decision
being made. Decisions are categorized in terms of the degree of existing structure or
the effect of their scope. From the items below, select the description that is an
example of a semi-structured decision.
a) selecting basic research projects to undertake
b) setting a marketing budget for a new product
c) extending credit to an established customer
d) hiring a senior manager
52. Regarding decision scope, which statement below is true?
a) Operational control is concerned with the effective and efficient use of resources
for accomplishing organizational objectives.
b) Management control is concerned with the effective and efficient performance of
specific tasks.
c) Strategic planning is concerned with establishing organizational objectives and
policies for accomplishing those objectives.
d) There is no real correlation between a manager's level in an organization and his
or her decision-making responsibilities.
53. A well-designed AIS can improve the decision-making function within the
organization. Which statement below would describe a limitation, rather than a
benefit, of an efficient AIS?
a) An AIS reduces uncertainty, and therefore accounting information can provide a
basis for choosing among alternative courses of action.
b) An AIS identifies situations requiring management action.
c) An AIS provides to its users an abundance of information without any filtering or
condensing of such information.
d) An AIS provides information about the results of previous decisions which
provides decision makers with feedback that can be used in future decision
making.
54. A strategic position is important to the success and growth of any organization.
Harvard professor Michael Porter has identified three basic strategic positions.
Which statement below is false regarding these basic strategic positions?
a) The three basic strategic positions are mutually exclusive of each other.
b) Part of a needs-based strategic position is to identify a target market.
c) An access-based strategic position involves serving a subset of customers who
differ from other customers in terms of geographic location or size.
d) A variety-based strategic position involves producing or providing a subset of the
industry's products or services.
55. A strategic position is important to the success and growth of any organization.
Harvard professor Michael Porter has identified two basic business strategies. Which
statement below is false regarding these basic strategies?
a) A product differentiation strategy entails adding features or services not provided
by competitors to a product so customers can be charged a premium price.
b) A low-cost strategy entails striving to be the most efficient producer of a product
or service.
c) Sometimes a company can succeed in both producing a better product and
achieving low costs.
d) The two basic strategic positions are mutually exclusive.
56. According to Michael Porter, to be successful in the long run, a company must
a) deliver greater value to customers and/or create comparable value at a lower cost.
b) maximize profits.
c) maximize shareholder value.
d) both B and C
57. A variety-based strategic position involves
a) trying to serve most or all of the needs of a particular group of customers.
b) serving a subset of customers who differ from other customers.
c) providing a subset of the industry's products or services.
d) serving all needs of all customers.
58. A needs-based strategic position involves
a) trying to serve most or all of the needs of a particular group of customers.
b) serving a subset of customers who differ from other customers.
c) providing a subset of the industry's products or services.
d) serving all needs of all customers.
59. An access-based strategic position involves
a) trying to serve most or all of the needs of a particular group of customers.
b) serving a subset of customers who differ from other customers.
c) providing a subset of the industry's products or services.
d) serving all needs of all customers.
60. The Internet has changed the way many processes are performed in business today.
The Internet has had a material effect on the five primary characteristics in the value
chain and on the strategy adopted by businesses that incorporate use of the Web into
their business systems. Which statement below is true regarding the Internet relative
to a strategic position that a business may adopt?
a) Use of the Internet has reduced the power of buyers.
b) The Internet has increased the barriers to entry in many industries.
c) Use of the Internet reduces pressure to compete on price.
d) The most important effect of the development of the Internet in business is the
increased importance of adopting a viable business strategy.
SHORT ANSWER
61. Define the concept of a system.
62. Define data, information, and how the value of information is determined.
63. Define an accounting information system.
64. Identify the components of an accounting information system.
65. What is the CITP designation and why is it important to AIS?
66. Differentiate between an AIS course and other accounting courses.
67. Harvard professor Michael Porter contends that for a company to be successful in the
long run it "must deliver greater value to customers or create comparable value at a
lower cost, or do both" and suggests three strategic positions. Describe these strategic
positions. How do these strategic positions relate to financial and managerial
accounting information given?
68. What is the purpose behind the five primary activities in the value chain?
69. Name the primary activities of a firm's value chain.
70. How can an AIS add value to the organization?
71. How can a well-designed AIS improve the efficiency and effectiveness of a
company's value chain?
ESSAY
72. Discuss the concept of a system and the issues of goal conflict and goal congruence.
73. Discuss the seven characteristics of useful information.
74. Explain what an AIS is, describe the basic tasks it performs in an organization, and
give some examples of the types of accounting transactions it processes.
75. Discuss the steps in the supply chain.
76. How can an AIS become part of the firm's value chain and add value to the business?
77. How can the value of the information produced by an accounting information system
be determined? What would a measurement and verification expert think about
quantification and verification of such information?
ANSWER KEY
1. A
2. B
3. A
4. B
5. D
6. A
7. B
8. D
9. A
10. B
11. D
12. A
13. D
14. C
15. B
16. B
17. A
18. D
19. D
20. A
21. B
22. D
23. D
24. D
25. A
26. B
27. C
28. B
29. B
30. D
31. C
32. D
33. A
34. A
35. A
36. D
37. A
38. D
39. B
40. D
41. A
42. C
43. D
44. C
45. A
46. A
47. A
48. B
49. D
50. B
51. B
52. C
53. C
54. A
55. D
56. A
57. C
58. A
59. B
60. D
61. A system is a set of two or more components that are somehow interrelated and
interact together to achieve a specific goal.
62. Data: facts that are collected, entered, recorded, stored, and processed by an AIS.
Information: data that has been organized and processed and is meaningful to its
users. Such information is relevant, timely, reliable, verifiable, complete, and
understandable. Information is of value when the benefits received from using or
acting upon it outweighs the cost to produce the information.
63. An AIS is a system that collects, records, stores, and processes data to produce
information for decision makers. An AIS is a valuable tool when integrated with the
strategic planning initiatives of an organization.
64. A well-designed AIS consists of people, procedures and instructions, data, software,
information technology infrastructure, and internal controls and security measures.
65. The CITP designation stands for "Certified Information Technology Professional." It
is awarded to CPAs who have demonstrated a broad range of knowledge and skill sets
in the areas of accounting and information systems and technology. The AICPA
(American Institute of CPAs) has acknowledged the importance and close
relationship that accounting and information systems share in creating this specialty
designation for accounting information system professionals.
66. Other accounting courses assume the preparation or reporting of accounting
information is for external or internal users. However, the AIS course focuses on the
flow of accounting information in the organization from a systems perspective. The
AIS course traces the origin, processing, storing, and ultimate disposal of
information. An AIS course also focuses on business processes, organization
structure, information systems, and corporate planning and goals.
67. The three strategic positions described are: a) a variety-based strategic position that
involves producing or providing a subset of the industry's products or services; b) a
needs-based strategic position that involves trying to serve most or all of the needs of
a particular group of customers; and c) an access-based strategic position that
involves serving a subset of customers who differ from other customers in terms of
factors such as geographic location or size which create different requirements for
serving those customers. AIS that has been properly designed can support an
organization in attaining and maintaining a strategic position. Such an information
system can be a valuable asset in helping the organization to maintain a competitive
position in the marketplace.
68. The goal of the five primary activities in the value chain is to facilitate the business in
providing value to its customers. The five primary activities allow the business to
create, market, and deliver its products and services to its customers, as well as
providing postsale support.
69. Inbound logistics, operations, outbound logistics, marketing and sales, and service.
70. An AIS can increase the efficiency and effectiveness of the value chain by improving
the quality and lowering costs of products or services, improving efficiency of
operations, improving decision making, enhancing the sharing of knowledge,
improving the efficiency and effectiveness of its supply chain and improving the
internal control structure.
71. The AIS can be designed to allow customers direct access to a company's inventory
and sales order entry systems. This allows the customer to do more of the work that
traditionally has been done by sales, marketing, and administration personnel. This
allows for faster ordering, and cuts the company’s labor costs. It may also have the
effect of allowing the customer more control in a purchase transaction that may bring
more satisfaction and value to the customer.
72. A system is a set of two or more components that are somehow interrelated and
interact together to achieve a specific goal. A system usually consists of smaller
components called subsystems. These subsystems have specific and defined
functions, which interact with and support the larger system. The concept of systems
is key to information technology and AIS. All systems, including the AIS, must work
to achieve one or more organizational goals. Goal conflict results when a decision or
action of a subsystem is inconsistent with another subsystem or the system
(organization) as a whole. Goal congruence results when a subsystem achieves its
goals while contributing to the organization's overall goal. Subsystems should
maximize organizational goals.
73. The seven characteristics of useful information are: relevant, reliable, complete,
timely, understandable, verifiable and accessible. These characteristics are qualities
that information should possess to be useful in a business environment. Briefly
stated, in order for information to be useful it must be: 1) relevant, meaning that it
reduces uncertainty and adds to the decision-making process; 2) reliable information
is information that is free from error, and is accurate in its nature; 3) complete
information is information that does not omit any important data, facts, or aspects
about events or activities; 4) information is timely when it is fully available to enable
the decision-making process to proceed; 5) understandable information must be both
in an intelligible and useful format; 6) information is considered verifiable if two
people, acting independently of each other, produce the same information or the same
results. Information is accessible if it is available to users when they need it and in a
format they can use.
74. An AIS consists of six components: people, procedures, instructions, data, software,
and information technology infrastructure and internal controls and security
measures. The AIS performs three major functions: 1) it collects and stores data
about activities and transactions so that the organization's management, employees,
and interested outsiders can review what has happened; 2) the AIS processes data
(that is, facts that have been collected and stored) into information that is useful for
making decisions, and is of value to the organization; and 3) the AIS provides
adequate controls designed to safeguard the organization's assets, including its data
and information. Common examples of accounting transactions that an AIS helps to
process and track are the sales of products to customers, cash collections, cash
payments, and the recording and payment of the employees' payroll.
75. The supply chain shows how an organization interacts with suppliers, distributors,
and customers to provide value in the products it sells. The supply chain depicts the
creation and sale of a product-the chain is somewhat different when a service is
involved. The supply chain has five components: raw materials; manufacturer;
distributor; retailer; and the consumer. Raw materials come from any number of
suppliers, which in turn become part of a manufacturing process, which produces a
product. The business then provides the product to distributors, who in turn sell the
product to retail businesses. The product is ultimately purchased and used by
consumers (who may be individuals or businesses). It is important to realize that AIS
can greatly impact the traditional supply chain by creating a more efficient and timely
environment in which a business can operate. More efficient operations are more
effective, which in turn lowers costs, and add greater value and create improved
customer satisfaction.
76. The AIS can add value by: helping to improve products and services an organization
offers for sale; increasing the quality of products and services; creating greater
efficiency by reducing costs and saving time; and improving the overall efficiency of
the organization. Decision making is enhanced by the better availability of timely,
complete, reliable, verifiable, and relevant information. A firm can enjoy a
competitive advantage with better customer ordering, billing, and customer service
made possible by an improved AIS. The AIS can also enhance overall
communication and use of knowledge in a business by making the knowledge readily
available to interested parties.
77. A well-designed AIS improves the efficiency and effectiveness of the value chain by
improving the quality and lowering the overall cost of products or services,
improving efficiency of operations, improving decision making, and enhancing the
sharing of knowledge. These are the benefits of possessing and using information.
Drawbacks to possessing and using such information are the costs of obtaining and
maintaining such information. These costs include investments in people, processes,
and computing and networking hardware and software on an ongoing basis. Costs of
the information are quantifiable to some extent. However, some of the benefits of
using the information involve numerous estimates and assumptions. As such, the
quantification of the benefits of utilizing such information depends on the accuracy of
the assumptions.
Chapter 2 (new version)
MULTIPLE CHOICE
1. An agreement between two entities to exchange goods or services or any other event
that can be measured in economic terms by an organization is
a) give-get exchange
b) transaction
c) revenue
d) processing cycle
2. Groups of related business activities such as the acquisition of merchandise and
payment of vendors are called
a) transaction cycles.
b) economic cycles.
c) business events.
d) transactions.
3. The transaction cycles approach leads to efficient processing of large number of
transactions because
a) transaction cycles are easier to computerize.
b) a large number of transactions within a given cycle can be categorized into a
relatively small number of distinct types.
c) the transaction cycle approach represents the natural order of business.
d) transaction cycles are easy to understand.
4. The basic "give and take" functions of a business have been grouped into transaction
cycles. The cycle that includes the events of hiring employees and paying them is
known as the
a) revenue cycle.
b) expenditure cycle.
c) human resources cycle.
d) financing cycle.
5. What is the major difference between the revenue and the expenditure cycle?
a) The revenue cycle includes marketing activities; the expenditure cycle does not.
b) In the revenue cycle, cash is received; in the expenditure cycle cash is paid out.
c) The expenditure cycle includes paying employees.
d) The revenue cycle includes the activity of obtaining funds from investors.
6. The business owners obtain financing from outside investors, which results in an
inflow of cash into the company. This transaction is considered to be part of which
cycle?
a) the revenue cycle
b) the payroll cycle
c) the production cycle
d) the financing cycle
7. Which of the following is not a transaction cycle?
a) revenue
b) expenditure
c) human resources
d) general ledger and reporting
8. All transaction cycles feed information directly into the
a) financial statements.
b) governmental reports.
c) general ledger and reporting system.
d) financing operations.
9. Transaction cycles can be summarized on a high level as "give-get" transactions. An
example of "give-get" in the expenditure cycle would be
a) give cash, get cash.
b) give cash, get goods.
c) give cash, get labor.
d) give goods, get cash.
10. Transaction cycles can be summarized on a high level as "give-get" transactions. An
example of "give-get" in the revenue cycle would be
a) give cash, get goods.
b) give goods, get cash.
c) give cash, get labor.
d) give cash, get cash.
11. The transaction cycles relate to one another and interface with this to generate
information for both management and external parties.
a) general ledger and reporting system
b) accounting information systems
c) computer processor
d) human resources cycle
12. Many modern accounting software packages offer separate transaction cycle modules.
What is the reason for this?
a) Every organization does not need to implement all of the available transaction
cycle modules.
b) Most businesses do not need the revenue cycle module as part of their AIS.
c) The nature of a given transaction cycle is the same irrespective of the type of
organization.
d) A properly designed AIS does not use the concept of separate business transaction
cycles to process transactions.
13. Which of the following statements is false?
a) Retail stores do not have a production cycle.
b) Financial institutions have installment-loan cycles.
c) A service company does not have an inventory system.
d) Every organization should implement every transaction cycle module.
14. The operations performed on data to generate meaningful and relevant information
are referred to as
a) general ledger and reporting system
b) accounting information system
c) financial reporting
d) data processing cycle
15. One of the steps in the data processing cycle is data input. What is the catalyst for
data input into a system?
a) The production transaction system automatically checks each hour to see if any
new data is available for input and processing.
b) The performance of some business activity generally serves as the trigger for data
input.
c) A general ledger program is queried to produce a trial balance at the end of an
accounting period.
d) Data is only input when an authorized party permits the input to occur.
16. A typical source document could be
a) in some paper form.
b) a computer data entry screen.
c) a notepad entry.
d) both A and B
17. Which step below is not considered to be part of the data processing cycle?
a) data input
b) feedback from external sources
c) data storage
d) data processing
18. Data must be collected about three facets of each business activity. What are they?
a) the business activity, the resources it affects, the people who participate
b) the business activity, the transactions it creates, the impact on the financial
statements
c) the inputs, outputs and processes used
d) who is involved, what was sold, how much was paid
19. Certain documents or forms are generated and/or processed with each transaction
cycle. The issuing of a purchase order is part of which transaction cycle?
a) the revenue cycle
b) the production cycle
c) the human resources cycle
d) the expenditure cycle
20. Certain documents or forms are generated and/or processed with each transaction
cycle. The collection of job time tickets or time sheets is part of which transaction
cycle?
a) the revenue cycle
b) the production cycle
c) the human resources cycle
d) the expenditure cycle
21. Common source documents for the revenue cycle include all of the following except
a) sales order.
b) receiving report.
c) delivery ticket.
d) credit memo.
22. Which of the following documents would be found in the expenditure cycle?
a) delivery ticket
b) time card
c) journal voucher
d) purchase order
23. Businesses usually use some type of documents in the data input step of the data
processing cycle. Documents that are sent to customers or suppliers and then sent
back to the organization in the course of a business transaction are known as
a) turnaround documents.
b) source documents.
c) source data automation.
d) rubber or bounce-back documents.
24. What is a primary example of source data automation?
a) a utility bill
b) POS (point-of-sale) scanners in retail stores
c) a bill of lading
d) a subsidiary ledger
25. Pre-numbering of source documents helps to verify that
a) all transactions have been recorded since the numerical sequence serves as a
control.
b) no inventory has been misplaced.
c) documents have been used in order.
d) all cash has been collected.
26. Source documents generally help to improve accuracy in transaction processing
because
a) they specify which information to collect due to their structure.
b) standard information is preprinted on the document.
c) they provide directions and steps for completing the form.
d) All of the above are correct.
27. When the sum of all entries in the subsidiary ledger equals the amount in the
corresponding general ledger account, it is assumed that (select all that apply)
a) the recording and posting processes are accurate.
b) all of the transaction cycles have been completed.
c) since the ledgers are in balance, adjusting entries are not required.
d) no errors exist in the subsidiary ledger and corresponding general ledger account.
28. The general ledger account that corresponds to a subsidiary ledger account is known
as a
a) dependent account.
b) attribute account.
c) entity account.
d) control account.
29. The systematic assignment of numbers or letters to items to classify and organize
them is known as
a) coding
b) chart of accounts
c) data input
d) pre-numbered documents
30. Pre-numbered checks, invoices and purchase orders are examples of
a) sequence codes
b) block codes
c) group codes
d) hierarchical codes
31. A chart of accounts is an example of (select all that apply)
a) sequence codes
b) block codes
c) group codes
d) hierarchical codes
32. Inventory items are often codes with these
a) sequence codes
b) block codes
c) group codes
d) hierarchical codes
33. A listing of general ledger accounts by account number is called the
a) chart of accounts.
b) listing of accounts.
c) trial balance.
d) subsidiary accounts.
34. Regarding codes, which of the following is false?
a) The code should be consistent with its intended use.
b) Codes should allow for growth in the number of items to be coded.
c) Coding systems should be as simple as possible.
d) Coding systems need not be consistent across divisions of an organization.
35. To be effective, the chart of accounts must
a) be as concise as possible.
b) contain only five account categories.
c) limit account codes to 10 digits or less.
d) contain sufficient detail to meet the information needs of the specific
organization's AIS.
36. The chart of accounts for a manufacturing corporation would include
a) retained earnings.
b) common stock.
c) raw materials inventory.
d) all of the above
37. The chart of accounts of a corporate retail bookstore would probably include
a) work-in-process inventory.
b) a drawing account.
c) retained earnings.
d) both A and C
38. In a chart of accounts using three digits for each account, each numeric digit has
meaning to users of the AIS. For example, a numeric digit may represent either a
major category of accounts, a primary financial subaccount within each category, or a
specific account into which transaction data will be posted. Using this example,
which digit position would best represent a primary financial subaccount within an
account category?
a) first
b) second
c) third
d) fourth
39. In transaction processing, generally which activity comes first?
a) recording data in a journal
b) posting items to special journals
c) capturing data on source documents
d) posting data to a ledger
40. The efficiency of recording numerous business transactions can be best improved by
the use of
a) prenumbered source documents.
b) specialized journals.
c) posting references.
d) segregation of duties.
41. A general journal
a) is used to record infrequent or non-routine transactions.
b) simplifies the process of recording large numbers of repetitive transactions.
c) records all detailed data for any general ledger account that has individual subaccounts.
d) contains summary-level data for every account of the organization.
42. The general ledger
a) is used to record infrequent or non-routine transactions.
b) simplifies the process of recoding large numbers of repetitive transactions.
c) records all detailed data for any general ledger account that has individual subaccounts.
d) contains summary-level data for every account of the organization.
43. A subsidiary ledger
a) is used to record infrequent or non-routine transactions.
b) simplifies the process of recoding large numbers of repetitive transactions.
c) records all detailed data for any general ledger account that has individual subaccounts.
d) contains summary-level data for every account of the organization.
44. A specialized journal
a) is used to record infrequent or non-routine transactions.
b) simplifies the process of recording large numbers of repetitive transactions.
c) records all detailed data for any general ledger account that has individual subaccounts.
d) contains summary-level data for every account of the organization.
45. An audit trail
a) provides the means to check the accuracy and validity of ledger postings.
b) is provided by the ledger and the general journal.
c) is automatically created in every computer-based information system.
d) is a characteristic of interest.
46. Something about which information is stored is
a) attribute
b) database
c) entity
d) record
47. Characteristics of interest that need to be stored are
a) attribute
b) database
c) entity
d) record
48. Computers store data by organizing smaller units of data into larger units, which have
meaning to users. Data values that are stored in a physical space are called a
a) field.
b) record.
c) file.
d) database.
49. Related records grouped together form a(n)
a) field.
b) entity.
c) file.
d) database.
50. The set of fields that contain data about various attributes of the same entity forms a
a) entity
b) record.
c) file.
d) database.
51. Concerning a master file, which of the following statements is false?
a) It is conceptually similar to a ledger in a manual AIS.
b) It stores cumulative information about an organization's resources.
c) It exists across fiscal periods.
d) Its individual records are not changed.
52. Basic data storage concepts define both entities and attributes. An entity is something
about which information is stored. Which item below would not be considered an
entity?
a) a customer address
b) a customer
c) an employee
d) an inventory item
53. Which of the following is conceptually similar to a journal in a manual AIS?
a) database
b) master file
c) record
d) transaction file
54. Which of the following is not one of the four types of file processing?
a) changing
b) updating
c) deleting
d) altering
55. Periodic updating of the data stored about resources and agents is
a) On-line processing
b) real-time processing
c) batch processing
d) data processing
56. Concerning processing, which of the following statements is true?
a) Batch processing ensures that stored information is always current.
b) Batch input is more accurate than on-line data entry.
c) On-line batch processing is a combination of real-time and batch processing.
d) Batch processing is almost never used.
57. Federal Express stated in one of its mission statements that "positive control of each
package will be maintained by utilizing . . . electronic tracking and tracing systems."
This is an example of which type of data processing?
a) real-time processing which features immediate updating as to the location of
packages
b) batch processing which features updating at fixed time periods
c) real-time processing which features updating at fixed time periods such as at the
end of an accounting period
d) batch processing which features immediate updating as to the location of
packages
58. Documents generated at the end of transaction processing activities are called
a) financial statements
b) operational documents
c) reports
d) source documents
59. Which of the following is not a type of report provided to decision makers by the
typical AIS?
a) financial statements
b) customer satisfaction surveys conducted by third parties
c) managerial reports
d) All of the above reports are important to decision makers.
60. Which statement below regarding the AIS and managerial reports is false
a) The AIS must be able to provide managers with detailed and operational
information about the organization's performance.
b) Both traditional financial measures and operational data are required for proper
and complete evaluation of performance.
c) Most source documents capture both financial and operational data about business
transactions.
d) Traditionally, most AIS systems have been designed so that both financial and
operational data are stored in a manner that facilitates their integration in reports.
61. A formal expression of goals and objectives in financial terms is called a(n)
a) mission statement.
b) strategic plan.
c) budget.
d) operational plan.
62. A projection of an organization's cash inflows and outflows is known as a(n)
a) performance budget.
b) operating budget.
c) management budget.
d) cash budget.
63. Identify an example of external source data that is important to an organization.
a) customer satisfaction as gauged by surveys
b) staff salaries as a percentage of sales
c) satisfaction of employees with their work environment
d) sales revenue divided by the number of hours worked by the sales staff
64. Some information will have to be collected from __________ sources to determine,
for example, customer satisfaction.
a) external
b) internal
c) regulatory
d) competitive
65. Performance reports are primarily used for
a) financial control.
b) cash planning.
c) forecasting.
d) financial planning.
66. A report which shows actual results, budgets, and variances is called a
a) financial plan.
b) cash budget.
c) performance report.
d) managerial report.
67. Variances to the budget should be interpreted by using the principle of
a) management by exception.
b) management by objectives.
c) management by exemption.
d) exceptions to variances.
68. One of the most important assumptions about how managers will act in a budgetcontrolled environment is that:
a) managers will largely ignore budgets.
b) budgets must be too tight to encourage high aspirations.
c) budget slack will exist in almost every budget and is negotiated by all managers.
d) measurement affects behavior.
69. Which managerial tool below is used to provide the organization with financial
control?
a) a cash budget
b) a performance report
c) a sales budget
d) a customer satisfaction survey
SHORT ANSWER
70. How are "Give and Take" transactions classified in business today and what impact
does this have on AIS?
71. Name the major transaction cycles.
72. What is the purpose of source documents? What controls are embedded in source
documents? Give two examples of source documents.
73. Why have accounting software packages been designed with separate transaction
modules?
74. Describe the purpose of subsidiary and control accounts.
75. What is an audit trail?
76. A well-designed data processing cycle should collect data connected with three facets
of business activity. Name the three facets.
77. Source documents are usually generated in the process of conducting common
business activities. Name a source document connected with the revenue cycle.
78. Source documents are usually generated in the process of conducting common
business activities. Name a source document connected with the human resources
cycle.
79. What operational information should an AIS be capable of providing to management?
80. An AIS stores data by organizing smaller units of data into larger, more meaningful
units. Briefly explain how data is stored in AIS.
ESSAY
81. Describe the basic business activities and transactions for a typical merchandising
company.
82. Coding systems are used throughout accounting information systems. Describe some
useful guidelines that will result in a better coding system.
83. In accounting and AIS, what is the relationship between the general and subsidiary
ledgers?
84. A company you have been asked to examine as part of an AIS consulting engagement
employs a cashier who handles all cash receipts from customers. The cashier counts
the cash daily, prepares the bank deposit, and carries the deposit to the bank every
day after work. In addition, the cashier authorizes all discounts and allowances and
decides when uncollectible accounts will be written off. Finally, because the
accounting department is overworked at times, the cashier is allowed to post cash
payments to customer accounts and reconcile the bank account. Outline how a
dishonest cashier could misuse all these responsibilities to steal cash from the
company.
85. It has been said "measurement affects behavior." What does this mean as it applies to
business?
ANSWER KEY
1. b
2. a
3. b
4. c
5. b
6. d
7. d
8. c
9. b
10. b
11. a
12. a
13. d
14. d
15. b
16. d
17. b
18. a
19. d
20. c
21. b
22. d
23. a
24. b
25. a
26. d
27. a and d
28. d
29. a
30. a
31. b and c
32. c
33. a
34. d
35. d
36. d
37. c
38. b
39. c
40. b
41. a
42. d
43. c
44. b
45. a
46. c
47. a
48. a
49. c
50. b
51. d
52. a
53. d
54. d
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
c
c
a
b
b
d
c
d
a
a
a
c
a
d
b
SHORT ANSWER
70. The concept of "Give and Take" transactions has been used to classify business transactions into
"cycles" that have starting points, processes, and end points (or closure). The majority of business
transactions can be classified as revenue, expenditure, human resources (payroll), production, and
financing cycles. AIS has been modeled after these transaction cycles to achieve its basic functions of
collecting and processing data, providing information useful for decision making, and establishing
adequate controls.
71. The major transaction cycles are revenue, expenditure, human resources (or payroll), production, and
financing.
72. The primary purpose of source documents is to record data about business activities. Source
documents standardize data collection procedures for an organization and provide better control and
accuracy. Source documents are generally pre-numbered, which helps to verify that all transactions
have been recorded and there is no missing document; if a document is missing, then which one(s) can
be determined. Proper design of source documents ensures which information to collect, preprints
standard information such as addresses, and provides directions for completing the form. Examples
include: invoices, timecards, sales orders, and purchase orders.
73. Since every organization does not necessarily use all of the transaction cycles in its operations, it is to
the advantage of the organization to be able to "pick and choose" from among various software
modules that track and record different transaction cycles. For example, a law firm would have no
need to implement a production cycle module. Also, the nature of a transaction cycle varies across the
broad spectrum of business organizations. Again, a law firm would have a revenue cycle, but it would
not involve the purchase, receipt, and payment for products or merchandise; likewise a retail store
chain may not sell any consulting services to its customers.
74. A subsidiary ledger is used when many sub-accounts (such as customers or vendors) must be tracked
in detail. These types of accounts are used frequently for accounts receivable and accounts payable
applications. The control account gives the overall or total picture for the subsidiary accounts. The
control account will show total balances only and must balance to the sum of the individual detail
amounts in the subsidiary accounts.
75. An audit trail provides a means to check the accuracy and validity of postings to the ledger. The
posting references and document numbers help provide the audit trail. An audit trail exists when
company transactions can be traced through the AIS from where originate to where they end up on the
financial statements
76. The three facets of business activity are: 1) the event of interest; 2) the resource(s) affected by the
event; and 3) the agents who participate in the event.
77. Revenue cycle source documents include sales orders, delivery tickets or bills of lading, remittance
advice or remittance list, deposit slip, and credit memo.
78. Human resources (or payroll) cycle documents include employee's W-4 form, time cards, or job time
tickets or time sheets.
79. Some examples are - reports about inventory status, relative profitability of products, percentage of
revenue generated by new products, relative performance of each salesperson, cash collections and
pending obligations, and an organization's performance in meeting its delivery and service
commitments. The AIS should also be able to provide non-financial information connected with
various transactions such as addresses, purchasing histories, telephone and fax numbers, e-mail
addresses, Web sites, etc.
80. The smallest unit of data is known as a data value. A data value is physically stored in a space called a
field. Any number of fields can be grouped together to form a record. Related records are grouped
together to form a file. Files are then combined to form a database.
ESSAY
81. Revenue - sell goods and services to customers and collect cash. Expenditure - obtain goods and
services from vendors and pay cash. Human resources - hire qualified employees, train them, pay
them, evaluate them, withhold and pay taxes, file tax forms, and comply with government regulations
on employment. Financing - investments in company, procuring and repayment of loans, and payment
of dividends and interest.
82. The following guidelines will result in a better coding system. First, the code should be consistent
with its intended use. Second, the code should allow for growth in the number of items to be coded.
The coding system should be as simple as possible. The coding system should be consistent with the
company's organizational structure and it should be consistent across the different divisions of an
organization.
83. The general ledger contains summary-level information about every asset, liability, equity, revenue,
and expense account in an organization. The balances in general ledger accounts form the starting
point for preparation of financial statements and various other financial reports. A subsidiary ledger
account provides support for any general ledger account that has need of maintaining individual
subaccounts (for example, accounts receivable, accounts payable, inventory, and fixed assets). The
subsidiary ledger records and maintains the detail-level information for a general ledger account by
having a separate record for each customer, vendor, inventory item, or fixed asset. The individual
subaccount balances in a subsidiary ledger should equal the balance found in the general ledger
account. A general ledger account that corresponds to a subsidiary ledger account is known as a
control account.
84. This procedure represents a gross violation of the "segregation of duties" principle. The cashier could
steal cash in any number of ways. For example, the cashier could misapply payments from other
customers to cover the theft (this is better known as lapping). The cashier could steal cash by writing
off the balances as bad debts or cover over the balances with illegitimate discounts. Also, the cashier
could steal cash and then cover it up with entries to expense accounts or by preparing a "bogus" bank
reconciliation. This is why it is critically important that there is a clear, unequivocal separation of
duties when dealing with any aspect of cash in a business.
85. Generally speaking, when employees become aware of the tasks that are under evaluation and
measurement, the employees will focus their efforts primarily on those tasks. This could be good or
bad depending on the task being measured and the goals of the business. A business should not be
merely focused on obtaining expectations from measuring certain tasks to the detriment of the
operation of the business as a whole. Consider for example the measurement of the number of units of
a product produced each hour. If the business is only concerned with maximizing output, employees
may indeed produce more, but the quality of each unit produced may be unacceptable. If the units are
shipped without knowledge of the lower quality, a higher failure rate per unit may occur. This will
impact the users of the units, and so a customer service problem may arise due to the "push for higher
output." It is important for the organization to balance measurement goals and objectives with the
overall mission and values of the organization and its strategic objectives.
CH 3
MULTIPLE CHOICE
1. The narratives, diagrams, charts, and other written materials that explain how a
system works are collectively called
a)
b)
c)
d)
documentation.
data flows.
flowcharts.
schema.
2. One popular means of documenting a system is to develop diagrams, flowcharts,
tables, and other graphical representations of information. These are often
supplemented by
a)
b)
c)
d)
product specifications.
narrative descriptions.
logic charts.
oral descriptions from management.
3. The graphic description of the flow of data within an organization is called a
a)
b)
c)
d)
systems flowchart.
data flow diagram.
context diagram.
document flowchart.
4. A graphical representation of the flow of documents and information between
departments or areas of responsibility within an organization is called
a)
b)
c)
d)
a data flow diagram.
a document flowchart.
a system flowchart.
a program flowchart.
5. A graphical representation of the relationship among the input, processing and output
in an information system is called
a)
b)
c)
d)
a data flow diagram.
a document flowchart.
a system flowchart.
a program flowchart.
6. A graphical description of the sequence of logical operations that a computer
performs is called
a)
b)
c)
d)
a data flow diagram.
a document flowchart.
a system flowchart.
a program flowchart.
7. SAS No. 94 requires that independent auditors be able to
a)
b)
c)
d)
draw computerized flowcharts.
prepare flowcharts and decision tables before conducting an audit.
understand a client's system of internal controls before conducting an audit.
prepare and understand any type of system documentation.
8. The passage of the Sarbanes Oxley Act
a) Made documentation skills even more important.
b) Requires public companies to prepare an annual internal control report.
c) Means that auditors must be able to prepare, evaluate and read documentation tools such as
flowcharts.
d) All of the above.
9. Which of the following is not a true statement?
a) Documentation tools save an organization both time and money.
b) Documentation tools are used extensively in the systems development process.
c) Data flow diagrams and flowcharts are the two most frequently used systems development
documentation tools.
d) Data flow diagrams and flowcharts are difficult to prepare and revise using software packages.
10. A data flow diagram
a)
is a graphical description of the source and destination of data that shows how data flow within an
organization.
b) is a graphical description of the flow of documents and information between departments or areas
of responsibility.
c) is a graphical description of the relationship among the input, processing, and output in an
information system.
d) is a graphical description of the sequence of logical operations that a computer performs as it
executes a program.
11. In a DFD, a square box represents
a)
b)
c)
d)
data sources and destinations.
data flows.
transformation processes.
data stores.
12. In a DFD, a "data sink" is also known as
a)
b)
c)
d)
data stores.
transformation processes.
data flows.
data destinations.
13. In a DFD, an arrow represents
a)
b)
c)
d)
data sources and destinations.
the direction of data flows.
transformation processes.
data stores.
14. In a DFD, a circle represents
a)
b)
c)
d)
data sources and destinations.
the direction of data flows.
transformation processes.
data stores.
15. In preparing a DFD, when data are transformed through a process, the symbol used
should be
a)
b)
c)
d)
a circle.
an arrow.
a square.
two horizontal lines.
16. In a DFD, lines that are horizontal and parallel to each other represent
a)
b)
c)
d)
data sources and destinations.
data flows.
transformation processes.
data stores.
17. In a DFD, a "bubble" is also known as
a)
b)
c)
d)
data stores.
transformation processes.
data flows.
data destinations.
18. An entity that sends or receives data used or produced by the system is called a
a)
b)
c)
d)
data source or destination.
data store.
data flow.
data transformation.
19. A data flow diagram (or DFD) has four basic elements. The flow of data between
processes, data stores, and data sources and destinations is known as
a)
b)
c)
d)
data sources and destinations.
data flows.
transformation processes.
data stores.
20. A data flow diagram (or DFD) has four basic elements. The altering of data from
inputs to outputs is known as
a)
b)
c)
d)
data sources and destinations.
data flows.
transformation processes.
data stores.
21. A data flow diagram (or DFD) has four basic elements. The people and organizations
that send data to and receive data from the system are known as
a)
b)
c)
d)
data sources and destinations.
data flows.
transformation processes.
data stores.
22. In general, a data destination will be shown by
a) an arrow pointing away.
b) an arrow pointing in.
c) arrows pointing both ways.
d) no arrows, only two horizontal lines.
23. In the data flow diagram of the customer payment process, "update receivables" will
appear in
a)
b)
c)
d)
a square.
a circle.
two horizontal lines.
none of the above
24. In the data flow diagram of the customer payment process, "Customer" will appear in
a)
b)
c)
d)
a square.
a circle.
two horizontal lines.
none of the above
25. In the data flow diagram of the customer payment process, "Customer payment" will
appear above or in
a)
b)
c)
d)
a square.
a circle.
two horizontal lines.
an arrow.
26. Most processes on a DFD can be identified by
a)
b)
c)
d)
data in-flows only.
data out-flows only.
data flows both into or out of a process.
always being followed by a data store.
27. Data flows between two symbols on a DFD have more than one data item. More than
one arrow is needed if
a)
b)
c)
d)
data elements always flow together.
data elements flow at different times.
data elements flow to different locations.
there is no guideline on use of single or multiple arrows.
28. The transformation of data in a DFD is represented as a
a)
b)
c)
d)
process.
data dictionary.
data stores.
data source and destination.
29. The storage of data on a DFD is shown by
a)
b)
c)
d)
circles.
arrows.
squares.
two horizontal lines.
30. Creating a DFD is an iterative process. Each DFD iteration helps the designer to
refine the diagram and identify the fine points. A DFD created at a high-level or
summary view is referred to as a
a)
b)
c)
d)
data process diagram.
data dictionary diagram.
content diagram.
context diagram.
31. In creating DFDs, a context diagram
a)
b)
c)
d)
Includes major transformation processes.
Depicts systems boundaries.
Is not necessary.
Is very detailed.
32. In a payroll processing DFD, the "prepare reports" activity will be represented by
__________, the "employee payroll file" will be represented by __________, and the
"bank" will be represented by __________.
a)
b)
c)
d)
a circle; two horizontal lines; a square
a circle; two horizontal lines; two horizontal lines
a rectangle; a square; a circle
a square; two horizontal lines; a circle
33. How should control processes and control actions be represented in a data flow
diagram?
a)
b)
c)
d)
using a square to represent a data source and destination
using a circle to represent a transformation process
using two horizontal lines to represent a data store
control processes and actions should be ignored in a DFD
34. The term used to refine a high-level or summary view data flow diagram into
successively lower levels to provide greater amounts of detail is
a)
b)
c)
d)
expand.
explode.
implode.
enlarge.
35. An analytical technique that uses standard symbols to graphically represent an
information system in a clear, concise, and logical manner is called a
a)
b)
c)
d)
data flow diagram.
flowchart.
schema.
narrative.
36. Flowcharts are created using a standard set of symbols. These symbols can be
divided into four basic categories. A square denotes an auxiliary operation and is
found in which flowchart symbol category?
a) input/output
b) processing
c) storage
d) flow and maintenance
37. What should be the first thing the creator of a flowchart does before beginning a
flowchart?
a)
b)
c)
d)
understand the system to be flowcharted
identify the entries to be flowcharted
design the flowchart so that it proceeds from left to right and top to bottom
use standard flowcharting symbols
38. When designing either a DFD or a flowchart, a good rule to follow is
a)
b)
c)
d)
to proceed from left to right.
to proceed from top to bottom.
to proceed from left to right and top to bottom.
to identify exception procedures by using a rectangle.
39. Which is a true statement regarding the use of the manual processing symbol in a
flowchart?
a)
b)
c)
d)
If a document is moved from one column to another, show the document only in the last column.
Each manual processing symbol should have an input and an output.
Do not connect two documents when moving from one column to another.
Each manual processing symbol should have an off-page connector.
40. Which is a true statement regarding the document flowchart?
a)
b)
c)
d)
It illustrates the sequence of logical operations performed by a computer.
It is particularly useful in analyzing the adequacy of internal control procedures.
It should ignore control processes and actions.
It is not normally used in the systems design process.
Use the chart below to answer the following questions regarding flow chart symbols.
41. Which symbol would be used in a flowchart to represent a computer process?
a) #1
b) #2
c) #5
d) #15
42. Which symbol would be used in a flowchart to represent a decision?
a)
b)
c)
d)
#10
#16
#9
#6
43. Which symbol would be used in a flowchart to represent an invoice sent to a
customer?
a)
b)
c)
d)
#2
#6
#1
#15
44. Which symbol would be used in a flowchart to represent a general ledger?
a)
b)
c)
d)
#2
#1
#3
#5
45. Which symbol would be used in a flowchart to represent a manual process?
a)
b)
c)
d)
#5
#6
#10
#11
46. Which symbol would be used in a flowchart to represent a connection to another part
of the flowchart on the same page?
a)
b)
c)
d)
#4
#13
#14
#15
47. Which symbol would be used in a flowchart to represent a connection to another part
of the flowchart on a different page?
a)
b)
c)
d)
#4
#13
#14
#15
48. Which symbol would be used in a flowchart to represent a file of paper documents?
a)
b)
c)
d)
#7
#8
#9
#15
49. Which symbol would be used in a flowchart to represent a general ledger master file
kept on magnetic disk?
a)
b)
c)
d)
#2
#5
#7
#8
50. Which symbol would be used in a flowchart to represent employee time cards sent by
department managers to the payroll department?
a)
b)
c)
d)
#1
#4
#11
#16
51. Which symbol would be used in a flowchart to represent the display of a report on a
computer screen?
a)
b)
c)
d)
#1
#2
#3
#11
52. Which symbol would be used in a flowchart to represent the addition of information
about a step represented in another symbol on the flowchart?
a)
b)
c)
d)
#1
#5
#11
#15
53. Which symbol would be used in a flowchart to represent a payroll master file kept on
magnetic tape?
a)
b)
c)
d)
#4
#7
#8
#9
54. Which symbol would be used in a flowchart to represent a beginning, an ending, or a
connection to another procedure?
a)
b)
c)
d)
#9
#14
#15
#16
55. Which symbol would be used in a flowchart to represent a flow of data or
documents?
a)
b)
c)
d)
#12
#13
#14
#15
56. Which symbol would be used in a flowchart to represent a connection by a data
communication link?
a)
b)
c)
d)
#12
#13
#14
#15
57. In a document flowchart of a manual payroll processing system, "update employee
file" will be shown by a(n) __________ symbol, and "prepare payroll check" will be
shown by a(n) __________ symbol.
a)
b)
c)
d)
input; output
input; manual operation
manual operation; output
manual operation; manual operation
58. A flowchart is an analytical tool used to describe some aspect of an information
system. A flowchart that depicts the relationships among the input, processing, and
output of an AIS is
a)
b)
c)
d)
an internal control flowchart.
a document flowchart.
a system flowchart.
a program flowchart.
59. Which type of flowchart is an excellent vehicle for describing information flows and
procedures within an AIS?
a)
b)
c)
d)
a program flowchart
a document flowchart
an internal control flowchart
a system flowchart
60. In a program flowchart comparison of one or more variables, the transfer of flow to
alternative logic paths is represented by
a)
b)
c)
d)
a terminal.
data/information flow.
computer operation.
decision diamond.
SHORT ANSWER
61. P62 50) What are the various ways to document a system?
62. P62 51) List the various types of flowcharts.
63. P 62-63 52) Briefly discuss the various levels of understanding necessary to deal
with and comprehend AIS documentation.
64. P63 59) Name two reasons why it is important to have a working knowledge of
DFDs and flowcharting.
65. What does SAS no. 94 require that is relevant to documentation tools?
66. P64 53) What are the basic elements of a data flow diagram?
67. P64 54) What are the basic symbols used in data flow diagrams?
68. P65 55) When does an analyst need to show two data flow lines in a DFD?
69. P71 56) What are the four categories of flowcharting symbols?
70. P66 58) What are the different levels of DFDs?
71. P77 60) What is a system flowchart? What is a program flowchart? How are these
two interrelated?
72. Ppp 57) How is a DFD different from a flowchart?
ESSAY
73. Explain the relevance of the Sarbanes Oxley Act to the documentation tools you have
studied in this chapter.
74. P 64-65 62) Discuss the idea of a data flow.
75. P66 or 69 61) What is the value of using a context diagram when working with
DFDs?
76. P 69 63) Identify five important guidelines for drawing a DFD. Select one from your
list and describe why it could be the most important one to consider when preparing a
DFD. (Hint: You may want to support your argument with an example.)
77. P 71 64) Identify five important guidelines for drawing a flowchart. Select one from
your list and describe why it could be the most important one to consider when
preparing a flowchart. (Hint: You may want to support your argument with an
example.)
78. Following is a context diagram for a current Payroll Processing System. ) Identify
the data sources and destinations, data flows, and transformation process marked by
question marks. ) What would you need to do to explode this diagram?
79. Four flowcharts have been provided for the following descriptions. Identify the
mistake(s) in each flowchart. Item a, below, corresponds to Figure a, then b, below,
corresponds to figure b, and so on.
ANSWER KEY
1) A
2) B
3) B
4) B
5) C
6) D
7) C
8) D
9) D
10) A
11) A
12) D
13) B
14) C
15) A
16) D
17) B
18) A
19) B
20) C
21) A
22) B
23) B
24) A
25) D
26) C
27) B
28) A
29) D
30) D
31) B
32) A
33) D
34) B
35) B
36) B
37) A
38) C
39) B
40) B
41) C
42) A
43) C
44) A
45) B
46) C
47) D
48) C
49) C
50) A
51) C
52) C
53) C
54) D
55)
56)
57)
58)
59)
60)
61)
62)
63)
64)
65)
66)
67)
68)
69)
70)
71)
72)
73)
74)
A
B
D
C
D
D
Data flow diagrams, document flowcharts, system flowcharts, program flowcharts, and narrative
documentation are the various ways to document a system.
Document flowcharts, System flowcharts, Program flowcharts, Internal control flowcharts
Depending on the job function of the professional, at a minimum a person should be able to read
AIS and system documentation. A person may also be called upon to evaluate internal control
system documentation in order to identify control strengths and weaknesses as well as recommend
improvements. The AIS professional may be engaged to prepare documentation, which requires
the greatest amount of skill and understanding of a particular system.
First, data flow diagrams and flowcharts are the two most frequently used development and
documentation tools used today. Second, since systems development is extremely complex, DFDs
and flowcharts are tools that are used to create order from chaos and complexity.
Statement on Auditing Standards (SAS) 94 requires that independent auditors understand the
automated and manual procedures an entity uses. One of the best ways to gain this understanding
is to use the flowcharts to document the internal control system, as weaknesses and strengths are
more easily spotted from such graphic portrayals.
Data sources and destinations, data flows, transformation processes, and data stores are the basic
elements of a data flow diagram.
The basic symbols used in data flow diagrams are: data source and destination - square box; data
flows - arrow; processes - circle; and data stores - horizontal, parallel lines.
A data flow may consist of one or more pieces of datum. The determining factor is whether the
data elements always flow together at the same time. For example, "customer payment" have both
payment and remittance data. Since these elements always flow together, only one data flow line
is required. However, data flows between the customer and the payment processes have customer
inquiries and cash receipts; these data items do not always flow together at the same time. In such
a case, two data flow lines will be shown.
The four categories of flowcharting symbols are: input/output, processing, storage, flow and
miscellaneous.
The highest-level or summary view DFD, which shows major inputs/outputs and a single process
is called a context diagram. The DFD itself shows inputs, major processes, and outputs; each
process in the DFD can be "exploded" or shown in greater level of detail with the sub-processes
and related data flows.
Computer systems flowcharts depict the relationships among the input, processing, and output of
an AIS. The program flowchart illustrates the sequence of logical operations performed by a
computer in executing a program. System flowcharts identify processing areas but do not show
how the processing is done. The detailed logic used by the computer to perform the processing is
shown on a separate program flowchart.
The purpose of a DFD is to diagram the origins, flow, transformation, storage, and destination of
data. The purpose a flowchart is to present a graphical description of the flow of documents,
relationships among input, processing, and output, or the sequence of logical operations in an
information system or program. A DFD is limited to basic symbols and lines, and focuses on the
flow and use of data. A flowchart will generally be more complex, and more focused on the
managerial, AIS, or IS aspects of the organization.
The passage of the Sarbanes Oxley Act of 2002 made documentation skills even more important
because it requires of public companies' management an annual internal control report. The
auditor must evaluate this management assessment of internal control and attest to its accuracy.
Therefore, the company and the auditors must document and test the internal controls -documentation tools, such as flowcharts, are used to do this.
A data flow is a graphic representation of the flow of data between processes, data stores, and data
sources and destinations. A data flow is really a form of communication. When the analyst draws
a curved or straight line with an arrow at one end, what is represented is a form of communication
75)
76)
77)
78)
79)
among the other elements of the data flow process. Consider for example a data source being
depicted by a box. The box represents a data source. Data then is sent from the source to a circle,
which represents a transformation process. The source of data sends the flow to the
transformation process, which will process the data and somehow use the data or turn it into useful
information. Note that data flows can represent one or more pieces of datum. Because data flows
may have more than one data element, the analyst must determine whether to show one or more
lines. Good DFDs and data flow lines in such diagrams eliminate the need for users and analysts
to "infer" what type of information is flowing.
In order to create a useful DFD, the analyst must determine system boundaries-what is to be
included or excluded from the system. A context diagram will help to achieve this goal, since it is
a good way to depict the boundaries of the system. The analyst first creates a context diagram by
placing a circle in the middle of the diagram. The circle represents the system under
consideration. On either side of the circle, boxes are created which represent outside entities the
system interacts with directly. Data flow lines are drawn to show the direction of the flow of data.
After this pictorial representation has been completed, the analyst can then better assess the
boundaries of the system and amount of interaction between the system and outside entities.
Understand the system. Ignore certain aspects of the system (such as control processes and control
actions). Determine system boundaries. Develop a context diagram. Identify data flows. Group
data flows. Identify transformation processes. Group transformation processes. Identify all files or
data stores. Identify all data sources and destinations. All DFD elements are named. Subdivide the
DFD. Give each process a sequential number. Repeat the process. Prepare a final copy. (Student
answers will vary depending on the items chosen and the quality of their argument. The text
provides various items that could be used to answer this question.)
Use interviews, questionnaires, or narrative descriptions to understand the system before
flowcharting it. Identify the different entities to be flowcharted such as departments, job functions,
or external parties. Also identify documents and information flows along with the activities or
processes performed on the data. Organize the flowchart using columns when several entities are
involved in the process. Focus on the normal operations and include all relevant procedures and
processes. Flowcharts should flow from top to bottom and from left to right. The origin and
disposition of documents should be clearly identified by a clear beginning and end in the
flowcharts. Use standard flowchart symbols. Multiple documents should be identified by numbers
shown in the top right-hand corner of the document symbol. Documents do not directly connect
with each other, except when moving from one column to another. Use on-page and off-page
connectors to organize flowcharts. Use arrowheads to direct the flow of documents. Clearly label
the pages, such as 1 of 3, 2 of 3, and 3 of 3. Documents or reports should be first shown in the
column in which they originate and then moved to other columns. Use computer processing
symbols to show movement of data in and out of the computer system. Filing operations can be
directly shown with one line, no manual processing symbol required. Flowcharting is an iterative
process. The first attempt should be a rough draft that is refined with each successive pass. Do not
clutter flowcharts; redesign the flowchart as necessary. Review the flowchart for accuracy. On the
final copy of the flowchart, the name of the flowchart, date, and the preparer's name should be
shown. (Student answers will vary depending on the items chosen and the quality of their
argument. The text provides various items that could be used to answer this question.)
1 - Human resources, 2 - Time cards, 3 - Payroll processing system, 4 - Employee paychecks or
pay-stubs, 5- Payroll report, 6 - Government agencies, 7- Banks. To explode this diagram,
additional information is needed to identify detailed procedures within the payroll processing
activity as well as additional inputs and outputs. It would be useful to obtain a comprehensive
narrative of the payroll processing procedures for review and identification of these items. If there
is no narrative available, interviews are another source of information.
a. Figure a - the sort symbol should be manual operation symbol. Figure b - the file update
symbol should be computer processing and the arrow from transaction file should flow into file
update. Figure c - the arrows should point from left to right and the computer processing symbol
is missing before the master file.. Figure d - the sort symbol is manual and should be computer
processing, checks are endorsed manually but the symbol is for computer processing and endorsed
checks are sent to the bank, hence the file symbol is wrong.
Chapter 4
MULTIPLE CHOICE
1. What is the most popular type of database?
a)
b)
c)
d)
hierarchical
relational
object-oriented
network
2. Using a file-oriented approach to data and information, data is maintained in
a)
b)
c)
d)
a central database.
many interconnected files.
many separate files.
a decentralized database.
3. File-oriented approaches create problems for organizations because of
a)
b)
c)
d)
multiple transaction files.
a lack of sophisticated file maintenance software.
multiple users.
multiple master files which may contain redundant data.
4. Which statement is true regarding file systems?
a) Transaction files are similar to ledgers in a manual AIS.
b) The proliferation of master files creates problems in the consistency of specific data stored in
different files.
c) Transaction files are permanent.
d) Individual records are never deleted in a master file.
5. A set of interrelated, centrally coordinated files is called
a)
b)
c)
d)
a database.
a master file.
a transaction file.
a multiple-records grouping (MRG).
6. The software program that creates, manipulates, and accesses the database goes by
the acronym
a)
b)
c)
d)
DBMS.
DBP.
OS.
DBA.
7. The ___________ acts as an interface between the database and the various
application programs
a)
b)
c)
d)
Data warehouse
Database administrator
Database management system
Database system
8. The combination of the database, the DBMS, and the application programs that
access the database through the DBMS is referred to as the
a)
b)
c)
d)
Data warehouse
Database administrator
Database system
Database manager
9. The person responsible for the database is the
a)
b)
c)
d)
Data coordinator
Database administrator
Database manager
Database master
10. All of the following are benefits of database technology except:
a)
b)
c)
d)
Data integration and sharing
Decentralized management of data
Minimal data redundancy
Reporting flexibility
11. Separating the logical and physical views in a database allows the programmers to
concentrate on coding the application logic
a)
b)
c)
d)
by identifying physical location and layouts of various data items.
since they do not have to focus on the physical location and layouts of various data items.
by consolidating all data in one database.
by providing pointers to data items regardless of physical location.
12. A database system separates the logical and physical view of data. Such separation
facilitates the development of new applications since programmers can concentrate
their efforts on coding application logic. The term physical view refers to
a)
b)
c)
d)
how a user or programmer conceptually organizes and understands the data.
how the DBMS accesses data for an certain application program.
how and where the data are physically arranged and stored.
how master files maintain facts used by certain application programs.
13. The ____________ handles the link between the way data are physically stored and
each user's logical view of that data.
a)
b)
c)
d)
Data warehouse
Database administrator
Database management system software
Schema
14. The logical structure of a database is described by the
a)
b)
c)
d)
dictionary.
schema.
subschema.
internal level.
15. Schemas are used in designing database systems. The schema that provides an
organization-wide view of the entire database is known as
a)
the external-level schema.
b) the internal-level schema.
c) the conceptual-level schema.
d) the logical view of the database.
16. A set of individual user views of the database is called the
a)
b)
c)
d)
schema.
internal-level schema.
external-level schema.
meta-schema.
17. A low-level view of the database that describes how the data are actually stored and
accessed is the
a)
b)
c)
d)
schema.
subschema.
internal-level schema.
external-level schema.
18. Record layouts, definitions, addresses, and indexes will be stored at the __________
level schema.
a)
b)
c)
d)
external
conceptual
internal
inner
19. Accountants may be involved in several aspects of database development. In which
area below would an accountant least likely have involvement when developing a
database system?
a)
b)
c)
d)
the conceptual-level schema
the external-level schema
the internal-level schema
the logical view of data
20. The ____________ contains information about the structure of the database.
a)
b)
c)
d)
Data definition language
Data dictionary
Data warehouse
Database management system
21. Which of the following would not be found in a data dictionary entry for a data item?
a)
b)
c)
d)
records containing a data item
the physical location of the data
the source of the data item
the field (data) type
22. The data dictionary usually is maintained
a)
b)
c)
d)
automatically by the DBMS.
by the database administrator.
by the database programmers.
by top management.
23. Reports produced using the data dictionary could include all of the following except
a)
b)
c)
d)
a list of all programs where a data item is used.
a list of all synonyms for the data items in a particular file.
a list of all outputs where a data element is used.
a list of all the schemas included in a database.
24. One of the key components of a DBMS is the data dictionary, which contains
information about the structure of the database. Which would not generally be
considered a data dictionary output report?
a)
b)
c)
d)
a list of cash balances in the organization's bank accounts
a list of all programs in which a data element is used
a list of all synonyms for the data elements in a particular file
a list of all data elements used by a particular user
25. The DBMS language that is used to build, initialize, and describe logical views for
users is called the
a)
b)
c)
d)
DDL.
DML.
DQL.
DBA.
26. The DBMS language that is used for data maintenance and updating of the database is
referred to by the letters
a)
b)
c)
d)
DDL.
DML.
DQL.
SQL.
27. A DBMS must provide a way to define, manipulate, and query data in a database.
This is accomplished by the use of three different languages. The language that is
used to provide the function of data maintenance in a DBMS is
a)
b)
c)
d)
DDL.
DML.
DQL.
report writer.
28. The part of the DBMS that is used to interrogate the database and present subsets of
the database to users is called the
a)
b)
c)
d)
DDL.
DML.
DQL.
DBA.
29. DBMS uses a language to retrieve, sort, order, and present subsets in a database. This
language is known as
a)
b)
c)
d)
data definition language (DDL).
data manipulation language (DML).
data query language (DQL).
report writer.
30. Creating an empty table in a relational database requires use of the __________, and
filling that table requires the use of __________.
a)
b)
c)
d)
DDL; DML
DQL; SQL
DDL; DQL
DML; DDA
31. Many database systems include a feature that simplifies the creation of reports by
allowing users to specify the data elements desired and the format of the output. This
feature is named the __________.
a)
b)
c)
d)
report writer
report generator
report creator
report printer
32. The abstract representation of the contents of a database is called the logical
a)
b)
c)
d)
data model.
data dictionary.
data relationship.
subschemas.
33. A database model that represents all data as stored in two-dimensional tables is the
__________ model.
a)
b)
c)
d)
tuple
relational
hierarchy
object
34. Each row in a relational database's table is known as a
a)
b)
c)
d)
data model
relation
schema
tuple
35. The attribute that can uniquely identify a specific row in a table is the
a)
b)
c)
d)
primary key
secondary key
foreign key
logical key
36. An attribute in a table that is a primary key in another table.
a)
b)
c)
d)
primary key
secondary key
foreign key
anomaly
37. Redundancy can be a major problem in the design and operation of relational
databases. If a database uses only one relation to store data, several problems may
subsequently occur. The problem of changes (or updates) to data values being
incorrectly recorded is known as
a)
b)
c)
d)
an update anomaly.
an insert anomaly.
a delete anomaly.
a memory anomaly.
38. The potential inconsistency problem could arise when there are multiple occurrences
of a data item in a database. This is called the
a)
b)
c)
d)
update anomaly.
insert anomaly.
inconsistency anomaly.
integrity anomaly.
39. The problem of inability to add new data without violating the basic integrity of the
database is referred to as the
a)
b)
c)
d)
update anomaly.
insert anomaly.
integrity anomaly.
add anomaly.
40. A relational database has been designed where the customer data is not maintained
independently of sales invoice data. This design weakness will most likely result in
a)
b)
c)
d)
an update anomaly.
an insert anomaly.
a delete anomaly.
no anomaly.
41. The problem of losing desired information from a database when an unwanted record
is purged from the database is referred to as the __________ anomaly.
a)
b)
c)
d)
purge
erase
delete
integrity
42. One important constraint in a relational database environment is that a primary key
uniquely identifies each row in a data table. This principle is called the
a)
b)
c)
d)
entity integrity rule.
referential integrity rule.
unique primary key rule.
foreign key rule.
43. The database constraint that says that foreign keys must be null or have a value
corresponding to the value of a primary key in another table is formally called the
a)
b)
c)
d)
entity integrity rule.
referential integrity rule.
rule of keys.
referential entity rule.
44. A well-structured or "normalized" database imposes several requirements on the
structure of tables. The constraint that ensures the consistency of the database is
known as
a)
b)
c)
d)
the entity integrity rule.
the referential integrity rule.
the logical view.
the physical view.
45. Which statement below is false regarding the basic requirements of the relational data
model?
a) "Every column in a row must be single-valued."
b) "All nonkey attributes in a table should describe a characteristic about the object identified by the
primary key."
c) "Foreign keys, if not null, must have values that correspond to the value of a primary key in
another table."
d) "Primary keys can be null."
46. Identify the aspect of a normalized database that is incorrect:
a)
b)
c)
d)
Data is consistent.
Redundancy is minimized and controlled.
All data is stored in one table or relation.
The primary key of any row in a relation cannot be null.
47. In the database design approach known as normalization, the first assumption made
about data is
a)
b)
c)
d)
there is no redundancy in the data.
the delete anomaly will not apply since all customer records will be maintained indefinitely.
everything is initially stored in one large table.
the data will not be maintained in 3NF tables.
48. The process of designing a database that is well-structured and free from anomalies is
called
a)
b)
c)
d)
normalization.
anormalization.
data modeling.
manipulation.
49. Normalization means tables are in the __________ normal form.
a)
b)
c)
d)
first
second
third
fourth
50. There are two basic ways to design a well-structured relational database. The method
in which a database designer uses knowledge about how business processes work to
draw a graphical picture of the elements to be included in the database is called
a) normalization.
b) decentralization.
c) geometric data modeling.
d) semantic data modeling.
51. Which of the statements below is incorrect regarding semantic data modeling?
a) It facilitates the efficient design of transaction processing databases.
b) It facilitates communicating with the intended users of the system.
c) It allows a database designer to use knowledge about how the business processes work to design
the database.
d) Semantic data modeling simply follows the rules of normalization in the design of a database.
52. What is one potential drawback in the design and implementation of database systems
for accounting?
a)
Double-entry accounting relies on redundancy as part of the accounting process; well-designed
database systems reduce and attempt to eliminate redundancy.
b) Relational DBMS query languages will allow financial reports to be prepared to cover whatever
time periods managers want to examine.
c) Relational DBMS provide the capability of integrating financial and operational data.
d) Relational DBMS can accommodate multiple views of the same underlying phenomenon;
therefore, tables storing information about assets can include data about both historical and
replacement costs.
53. Which is probably the most significant effect of database technology on accounting?
a)
b)
c)
d)
replacement of the double entry-system
change in the nature of financial reporting
elimination of traditional records such as journals and ledgers
quicker access to and greater use of accounting information in decision-making
SHORT ANSWER
54. Define and distinguish between these terms: database, database management system,
database system and database administrator.
55. What is a major advantage of database systems over file-oriented transaction
processing systems?
56. What is the difference in logical view and physical view?
57. Describe the different schemas involved in a database structure. What is the role of
accountants in development of schemas?
58. What is a data dictionary?
59. List the four languages used within a DBMS.
60. Name the three "anomalies" that may occur in an improperly designed relational
database?
61. Name the types of attributes that tables possess in a relational database.
62. Briefly explain the two advantages semantic data modeling has over normalization
when designing a relational database.
ESSAY
63. What is the difference between file-oriented transaction processing systems and
relational database systems? Discuss the advantages and disadvantages of these
systems.
64. Discuss redundancy as it applies to database design.
65. Discuss the ways in which a well-designed DBMS will facilitate the three basic
functions of creating, changing, and querying data.
66. List the four DBMS "languages." Provide a brief description which identifies who
uses them and for what purpose.
67. Describe the information that is contained in the data dictionary.
68. Discuss the relational database data model.
69. What are the main constraints when a relational database model is being logically
designed?
70. What do you think will be the main impact of database technology in your career?
ANSWER KEY
1) B
2) C
3) D
4) B
5) A
6) A
7) C
8) C
9) B
10) B
11) B
12) C
13) C
14) B
15) C
16) C
17) C
18) C
19) C
20) B
21) B
22) A
23) D
24) A
25) A
26) B
27) B
28) C
29) C
30) A
31) A
32) A
33) B
34) D
35) A
36) C
37) A
38) A
39) B
40) B
41) C
42) A
43) B
44) B
45) D
46) C
47) C
48) A
49) C
50) D
51) D
52) A
53) D
54) A database is a set of interrelated, centrally coordinated files. A database management system acts
as an interface between the database and the various application programs. A database system
refers to the combination of the database, the DBMS and the application programs. A database
administrator is the person responsible for the database.
55) Database systems separate logical and physical views. This separation is referred to as programdata independence. Such separation facilitates developing new applications because programmers
can concentrate on coding the application logic (what the program will do) and do not need to
focus on how and where the various data items are stored or accessed. In the file-oriented
transaction systems, programmers need to know physical location and layout of records which
adds another layer of complexity to programming.
56) The logical view is how the user or programmer conceptually organizes and understands the data,
such as data organized in a table. The physical view, on the other hand, refers to how and where
the data are physically arranged and stored on a disk, tape, or CD-ROM media.
57) A schema describes the logical structure of a database. There are three levels of schemas. First,
the conceptual-level schema is an organization-wide view of the entire database listing all data
elements and relationships between them. Second, an external-level schema is a set of individual
user views of portions of the database, each of which is referred to as a subschema. Finally, an
internal-level schema provides a low-level view of the database includes descriptions about
pointers, indexes, record lengths, etc. Accountants are primarily involved in the development of
conceptual- and external-level schemas; however, database knowledgeable accountants may
participate in developing an internal level schema.
58) A data dictionary is a means by which information about the structure of a database is maintained.
For each data element stored in the database, there is a corresponding record in the data dictionary
that describes it. The DBMS usually maintains the data dictionary. Inputs to the dictionary
include various new data, changed data, and deleted data. Output from the data dictionary may
include a variety of reports useful to programmers, database designers, and other users of the
information system. Accountants have a very good understanding of the data elements that exist
in a business organization, so when an organization is developing a database, accountants should
be allowed to participate in the development of the data dictionary.
59) The four languages used within a DBMS are data definition language, data manipulation language,
data query language, and a report writer.
60) Update, insert, and delete
61) Primary key - the attribute, or combination of attributes, that uniquely identify a specific row in a
table. Foreign key - an attribute appearing in one table that is a primary key in another table.
Nonkey attributes found in tables - For example, an inventory table may contain information about
the description, quantity on hand, and list price of each item a company sells.
62) Semantic data modeling takes advantage of a system designer's knowledge about the business
policies and practices of an organization. This is of great benefit in the design of transaction
processing databases. Also, since the database model is created around the policies and practices
of an organization, communications with the future database users is facilitated. The result is that
the system will more closely meet the needs of the intended users.
63) In file-oriented approaches, different users (or departments, units, etc.) maintain their own data
and use different application programs. This results in a significant increase in number of master
files stored by an organization. The various disadvantages of file-oriented organization include
data redundancy, data inconsistencies, lack of data integration, a large number of data files,
substantial program-data dependence, lack of compatibility, and lack of data sharing. The
database approach views data as an organizational resource that should be used and managed for
the entire organization. The program that manages and controls the data and the interfaces
between data and application programs is called the database management system (DBMS). The
various advantages of database approach include the following: minimal data redundancy, fewer
data inconsistencies, data integration, data sharing, reporting flexibility, central management of
data, cross-functional analysis, and data independence.
64) Redundancy has been called an enemy of relational databases. There are several problems that
may occur when redundant data is stored in a database. First, the database becomes larger than it
needs to be, since duplicate facts are being stored within it. Second, a situation may occur where
only one instance of redundant data is updated or purged. The result is that the accuracy and
65)
66)
67)
68)
69)
70)
integrity of the database suffers, since users may be relying on such inaccurate or incorrect
redundant data. Redundancy can also make file maintenance unnecessarily time consuming and
error-prone when human intervention is required. The problems discussed above have been
identified as anomalies of a relational database. There are three specific anomalies connected with
redundancy: the update anomaly, the insert anomaly, and the delete anomaly. A well-designed
relational database will attempt to reduce or eliminate the number of instances of redundant data.
The best way to achieve such a goal is proper design of the database for the needs of a specific
organization.
A DBMS will use data definition, data manipulation, and data query languages in order to perform
the three basic, essential data functions. Data definition is achieved using DDL (data definition
language); data manipulation is achieved using DML (data manipulation language) which includes
operations such as updating, inserting, and deleting portions of the database. DQL (data query
language) is used to retrieve, sort, order, and present subsets of data in response to user queries. A
DBMS will probably also include a report writer, which is a language that simplifies report
creation.
DDL is the data definition language used by the DBA (database administrator) to create,
initialize, describe logical views, and specify security limits. The DML is the data manipulation
used by application programmers who embed these action commands into applications to access
data in the database. The DQL is the data query language used by IT professionals and users to
interrogate the database by retrieving and presenting data in novel ways often on an ad hoc basis.
The report writer is a language used by IT professionals and users that simplifies report creation so
reports can be created according to user-specified format.
The data dictionary contains information about the structure of the data base. For each data
element stored in the database, the data dictionary contains all the descriptive information about it,
such as its name, description, where it is recorded, its source, field length, type of field, programs
it is used in, outputs that contain it, and authorized users.
A data model is an abstract representation of the contents of a database. The majority of new
DMBS use what is called the relational data model, developed by Dr. E. F. Codd in 1970. Using
this model, everything in the database is stored in the form of tables, known as relations. Keep in
mind that this is the conceptual- and external-level schemas (which describes the logical structure
of a database), not the actual physical structure of the database itself. In the concept of relations,
both rows and columns comprise the database tables. Each row in a relation (table) is called a
tuple. Tuples contain data about a specific occurrence of the type of entity represented by that
table. For example, in a sales table, each tuple may contain all of the information about a specific
customer. Each column in a relation contains information about one specific attribute of that
entity. Using the sales example again, the columns in such a table may represent specific
characteristics about each sales transaction.
Every row in every table must have a unique key known as a primary key. Tables may also have a
key known as a foreign key; such a key will have a value corresponding to the primary key in
another table. Each column in a table must be single-valued (the same data type) and describe an
attribute of the entity identified by the primary key; neither column nor row order is significant in
the relational model. Keep in mind that the relational model is a logical model, and the physical
model may have a different structure to it to facilitate the storage and access to data.
Answers to this question could cover a wide range. Most likely the following items will be
discussed or mentioned: -- the probable demise of the double-entry system as the need for such
redundancy is much less in a database system. -- financial reporting may become more of
accessing a database of corporate data in the format desired by the user than relying on financial
reports prepared by accountants. -- accountants will no longer need to be the filter for accounting
data as users will be able to do this themselves, thus the accountants may become more decision
makers and managers. -- the whole notion of internal controls will become more important in the
future if the accountants' role changes in relation to financial reporting
Chapter 5
MULTIPLE CHOICE
1. Perhaps the most striking fact about natural disasters in relation to AIS controls is that
a)
b)
c)
d)
many companies in one locale can be seriously affected at one time by a disaster.
losses are absolutely unpreventable.
there are a large number of major disasters every year.
disaster planning has largely been ignored in the literature.
2. There are four distinct types of threats to an AIS: 1) software errors and equipment
malfunctions; 2) unintentional acts; 3) intentional acts; and 4) __________.
a)
b)
c)
d)
computer fraud
data transmission errors
human carelessness
natural and political disasters
3. Which AIS threat below would be classified an unintentional act?
a)
b)
c)
d)
a power outage
sabotage
high winds
a logic error
4. Which AIS threat below would be classified as a natural or political disaster?
a)
b)
c)
d)
Accident
Corruption
Power outage
Terrorist attack
5. Which AIS threat below would be classified a computer crime?
a)
b)
c)
d)
Innocent error
Operating system crash
Sabotage
Terrorist attack
6. Which AIS threat below would be classified as a software error or equipment
malfunction?
a)
b)
c)
d)
Earthquake
Logic error
Operating system crash
Sabotage
7. An expert from the Information Systems Security Association estimates that the
largest single source of security problems for systems is due to
a)
b)
c)
d)
human errors and omissions.
physical threats such as natural disasters.
dishonest employees.
fraud and embezzlement.
8. Fraud is any and all means a person uses to gain an unfair advantage over another
person. Current and former employees of an organization are much more likely to
perpetrate fraud than external parties. The act by a person or group of persons
resulting in materially misleading financial statements is called a(n)
a)
b)
c)
d)
misappropriation of assets.
employee fraud.
fraudulent financial reporting.
theft of assets.
9. Most fraud perpetrators are insiders because
a)
b)
c)
d)
insiders are more dishonest than outsiders.
insiders know more about the system and its weaknesses than outsiders.
outsiders are more likely to get caught than insiders.
insiders have more need for money than outsiders.
10. A majority of fraud perpetrators are
a)
b)
c)
d)
outsiders.
employees.
computer hackers.
vendors.
11. Misappropriation of assets can also be called
a)
b)
c)
d)
Computer fraud
Employee fraud
Fraudulent financial reporting
Management fraud
12. Intentional or reckless conduct that results in materially misleading financial
statements is called
a)
b)
c)
d)
financial fraud.
misstatement fraud.
fraudulent financial reporting.
audit failure fraud.
13. The Treadway Commission studied 450 lawsuits against auditors and found that
a)
b)
c)
d)
misappropriation of assets was the reason for over one-half of the suits.
fraudulent financial reporting was the reason for over one-half of the suits.
white-collar criminals were responsible for only a fraction of the lawsuits.
only in a very few cases were financial statements falsified.
14. Researchers have compared the psychological and demographic characteristics of
white-collar criminals, violent criminals, and the general public. They found that
a)
b)
c)
d)
few differences exist between white-collar criminals and the general public.
white-collar criminals eventually become violent criminals.
most white-collar criminals invest their illegal income rather than spend it.
most white-collar criminals are older and not technologically proficient.
15. Which of the factors listed below is not a common factor for fraud?
a) pressure to commit fraud
b) opportunity to commit fraud
c) desire to get even with the employer
d) rationalization for the crime
16. Reasons for committing a fraud include living beyond one's means, having heavy
debts, or unusually high bills. Such a motivator for committing a fraud is commonly
known as a
a)
b)
c)
d)
spark.
pressure.
flash-point.
catalyst.
17. Which of the following motivators would be a good indication of financial pressure
that would contribute to employee fraud?
a)
b)
c)
d)
a big change for the better in an employee's lifestyle
an employee suddenly acquires lots of credit cards
inadequate internal controls
too close association with suppliers or customers
18. Which of the following emotions could cause an employee to feel pressured to
defraud his employer?
a)
b)
c)
d)
a feeling of not being appreciated
failing to receive a deserved promotion
believing that their pay is too low relative to others around them
All of the above emotions could be sources of pressure.
19. There are three characteristics associated with most fraud. The characteristic that
often takes more time and effort and leaves behind more evidence than other types of
fraud is called
a)
b)
c)
d)
theft.
conversion.
concealment.
embezzlement.
20. In many cases of fraud, the __________ takes more time and effort than the
__________ is worth.
a)
b)
c)
d)
concealment; theft
theft; concealment
conversion; theft
conversion; concealment
21. What is one common way to hide a theft?
a) by creating cash through the transfer of money between banks
b) by the conversion of stolen assets into cash
c) by stealing cash from customer A and then using customer B's balance to pay customer A's
accounts receivable
d) by charging the stolen item to an expense account
22. In a __________ scheme, customer receipts are stolen and then subsequent payments
by other customers are misapplied to cover the theft of the original receipts.
a)
kiting
b) laundering
c) bogus expense
d) lapping
23. One fraudulent scheme covers up a theft by creating cash through the transfer of
money between banks. This is known as
a)
b)
c)
d)
lapping.
misappropriation of assets.
kiting.
concealment.
24. Characteristics connected with fraud include pressures, opportunities, and
rationalizations. Of these characteristics, which one often stems from a lack of
internal controls within an organization?
a)
b)
c)
d)
pressures
opportunities
rationalizations
none of the above
25. Which situation below makes it easy for someone to commit a fraud?
a)
b)
c)
d)
the organization placing excessive trust in key employees
inadequate staffing within the organization
company policies within the organization are unclear
All of the above situations make it easy for someone to commit a fraud.
26. What is the most prevalent opportunity within most companies to commit fraud?
a)
b)
c)
d)
the failure to have any internal controls
the failure to enforce the system of internal controls
the failure to have the correct controls
the failure to realize that fraud could occur
27. Characteristics connected with fraud include pressures, opportunities, and
rationalizations. Of these characteristics, which one relates to excuses that
perpetrators have allowing them to justify their illegal behavior?
a)
b)
c)
d)
pressures
opportunities
rationalizations
none of the above
28. The US Justice Department defines computer fraud as
a)
b)
c)
d)
any crime in which a computer is used.
an illegal act in which knowledge of computer technology is essential.
any act in which cash is stolen using a computer.
an illegal act in which a computer is an integral part of the crime.
29. Computer fraud is often much more difficult to detect than other types of fraud
because
a)
perpetrators usually only steal very small amounts of money at a time, thus requiring a long period
of time to have elapsed before they're discovered.
b) perpetrators can commit a fraud and leave little or no evidence.
c) most perpetrators invest their illegal income rather than spend it, thus concealing key evidence.
d) most computer criminals are older and are considered to be more cunning when committing such a
fraud.
30. Why is computer fraud often more difficult to detect than other types of fraud?
a)
b)
c)
d)
Rarely is cash stolen in computer fraud.
The fraud may leave little or no evidence it ever happened.
Computers provide more opportunities for fraud.
Computer fraud perpetrators are just cleverer than other types of criminals.
31. Many fraud cases go unreported and unprosecuted for several reasons. Why is this
the case?
a)
Companies are reluctant to report computer crimes because a highly visible computer fraud is a
public relations nightmare.
b) Such crimes are difficult, costly, and time-consuming to investigate and prosecute.
c) Law enforcement and the courts are often too busy with violent crimes that little time is left for
fraud cases.
d) all of the above
32. Computer fraud can be analyzed using the traditional data processing model.
According to this model, the simplest and most common fraud is __________ fraud.
a)
b)
c)
d)
input
processor
computer instructions
output
33. The simplest and most common way to commit a computer fraud is to
a)
b)
c)
d)
alter computer input.
alter computer output.
modify the processing.
corrupt the data base.
34. Computer fraud has been categorized into several different classifications. The
classification of computer fraud where the perpetrator causes a company to pay for
ordered goods, or to pay for goods never ordered is called
a)
b)
c)
d)
disbursement fraud.
inventory fraud.
payroll fraud.
cash receipts fraud.
35. In a disbursement fraud the company
a)
b)
c)
d)
pays too much for ordered goods.
pays for goods never received.
laps cash payments at the bank.
Both A and B are correct.
36. How can funds be stolen in payroll fraud?
a) by paying a fictitious or ghost employee
b) by increasing pay rates without permission
c) by keeping a real but terminated employee on the payroll
d) All of the above situations are possible.
37. Stealing a master list of customers and selling it to a competitor is an example of
a)
b)
c)
d)
data theft.
output theft.
disbursement fraud.
a trap door technique.
38. One computer fraud technique is known as data diddling. What is it?
a)
gaining unauthorized access to and use of computer systems, usually by means of a personal
computer and a telecommunications network
b) unauthorized copying of company data such as computer files
c) unauthorized access to a system by the perpetrator pretending to be an authorized user
d) changing data before, during, or after it is entered into the system in order to delete, alter, or add
key system data
39. What is a denial of service attack?
a)
A denial of service attack occurs when the perpetrator sends hundreds of messages from randomly
generated false addresses, overloading an Internet service provider's e-mail server.
b) A denial of service attack occurs when an e-mail message is sent through a re-mailer, who
removes the message headers making the message anonymous, then resends the message to
selected addresses.
c) A denial of service attack occurs when a cracker enters a system through an idle modem, captures
the PC attached to the modem, and then gains access to the network to which it is connected.
d) A denial of service attack occurs when the perpetrator e-mails the same message to everyone on
one or more Usenet newsgroups LISTSERV lists.
40. The unauthorized copying of company data is known as
a)
b)
c)
d)
Data leakage
Eavesdropping
Masquerading
Phishing
41. The unauthorized access to and use of computer systems
a)
b)
c)
d)
Hacking
Hijacking
Phreaking
Sniffing
42. Which of the following is the easiest method for a computer criminal to steal output
without ever being on the premises?
a)
b)
c)
d)
dumpster diving
by use of a Trojan horse
using a telescope to peer at paper reports
electronic eavesdropping on computer monitors
43. Computer fraud perpetrators who use telephone lines to commit fraud and other
illegal acts are typically called
a) hackers.
b) crackers.
c) phreakers.
d) jerks.
44. Gaining control of someone else's computer to carry out illicit activities without the
user's knowledge
a)
b)
c)
d)
Hacking
Hijacking
Phreaking
Sniffing
45. Illegally obtaining and using confidential information about a person for economic
gain
a)
b)
c)
d)
Eavesdropping
Identity theft
Packet sniffing
Piggybacking
46. Which of the following is not a method of identify theft
a)
b)
c)
d)
Scavenging
Phishing
Shoulder surfing
Phreaking
47. Which method of fraud is physical in its nature rather than electronic?
a)
b)
c)
d)
cracking
hacking
eavesdropping
scavenging
48. When a computer criminal gains access to a system by searching records or the trash
of the target company, this is referred to as
a)
b)
c)
d)
data diddling.
dumpster diving.
eavesdropping.
piggybacking.
49. A part of a program that remains idle until some date or event occurs and then is
activated to cause havoc in the system is a
a)
b)
c)
d)
trap door.
data diddle.
logic bomb.
virus.
50. The deceptive method by which a perpetrator gains access to the system by
pretending to be an authorized user is called __________.
a)
b)
c)
d)
cracking.
masquerading.
hacking.
superzapping.
51. Tapping into a communications line and then entering the system by accompanying a
legitimate user without their knowledge is called
a)
b)
c)
d)
superzapping.
data leakage.
hacking.
piggybacking.
52. A fraud technique that slices off tiny amounts from many projects is called the
__________ technique.
a)
b)
c)
d)
Trojan horse
round down
salami
trap door
53. Spyware is
a)
b)
c)
d)
Software that tells the user if anyone is spying on his computer
Software that monitors whether spies are looking at the computer
Software that monitors computing habits and sends the data it gathers to someone else
None of the above
54. The unauthorized use of special system programs to bypass regular system controls
and perform illegal act is called
a)
b)
c)
d)
a Trojan horse.
a trap door.
the salami technique.
superzapping.
55. Computer fraud perpetrators have developed many methods to commit their acts.
One way is to modify programs during systems development allowing access into the
system that bypasses normal system controls. This is known as
a)
b)
c)
d)
a Trojan horse.
a trap door.
the salami technique.
superzapping.
56. A fraud technique that allows the hacker to bypass normal system controls and enter a
secured system is called
a)
b)
c)
d)
superzapping.
data diddling.
using a trap door.
piggybacking.
57. A set of unauthorized computer instructions in an otherwise properly functioning
program
a)
b)
c)
d)
Logic bomb
Spyware
Trap door
Trojan horse
58. A __________ is similar to a __________, except that it is a program rather than a
code segment hidden in a host program.
a)
b)
c)
d)
worm; virus
Trojan horse; worm
worm; Trojan horse
virus; worm
59. Which type of antivirus program is most effective in spotting an infection soon after it
starts?
a)
b)
c)
d)
a virus protection program
a virus identification program
a virus detection program
none of the above
60. How can an organization reduce fraud losses?
a)
b)
c)
d)
encrypt data and programs
use forensic accountants
maintain adequate insurance
require vacations and rotate duties
SHORT ANSWER
61. Define fraud.
62. What are the two kinds of fraud in business?
63. What are the actions recommended by the Treadway Commission to reduce the
possibility of fraudulent financial reporting?
64. What are the three common things that happen in a fraud?
65. What techniques are used to conceal theft by fraud?
66. What is a computer fraud?
67. Why is computer fraud on the rise?
68. How can a system be protected from viruses?
69. Discuss antivirus software programs.
70. How does a company make fraud less likely to occur?
71. How can companies reduce losses from fraud?
ESSAY
72. What are some of the distinguishing characteristics of fraud perpetrators?
73. What is the difference between a worm and a virus?
74. What are some of the computer fraud techniques used by perpetrators?
75. Why do fraudulent acts often go unreported and are therefore not prosecuted?
ANSWER KEY
1)
2)
3)
4)
5)
6)
7)
8)
9)
10)
11)
12)
13)
14)
15)
16)
17)
18)
19)
20)
21)
22)
23)
24)
25)
26)
27)
28)
29)
30)
31)
32)
33)
34)
35)
36)
37)
38)
A
D
D
D
C
C
A
C
B
B
B
C
B
A
C
B
A
D
C
A
D
D
C
B
D
B
C
B
B
B
D
A
A
A
D
D
A
D
39)
40)
41)
42)
43)
44)
45)
46)
47)
48)
49)
50)
51)
52)
53)
54)
55)
56)
57)
58)
59)
60)
61)
62)
63)
64)
65)
66)
67)
68)
A
A
A
D
C
B
B
D
D
B
C
B
D
C
C
D
B
C
D
A
D
C
Fraud is any means a person uses to gain an unfair advantage over another. Fraud usually
involves the misrepresentation of facts about a situation and the reliance on that misrepresentation
by the victim. Frauds are often called "cons" because they involve a violation of trust or
confidence.
Employee Fraud is a misappropriation of assets, or theft, by a person or group for personal
financial gain. Fraudulent financial reporting is intentional or reckless conduct that results in
materially misleading financial statements.
Establish an organizational environment that contributes to the integrity of the financial reporting
process. Identify and understand the factors that lead to fraudulent financial reporting. Assess the
risk of fraudulent financial reporting within the company. Design and implement controls to
provide reasonable assurance that the fraudulent financial reporting is prevented
Theft of an asset. Conversion to cash (if not already cash). Concealment of the crime
Some techniques used to conceal theft by fraud are charging stolen assets to an expense account,
lapping or misapplying cash payments from customers and stealing part of the receipts, kiting or
creating fictitious bank balances by shuttling monies between bank accounts, and playing the bank
float, then stealing some of the cash.
Computer fraud is any illegal act for which knowledge of computer technology is essential for its
perpetration, investigation, or prosecution.
Not everyone agrees on what constitutes computer fraud and some people may commit computer
fraud unwittingly and not be aware of it. Many computer frauds go undetected. The belief that "it
just can't happen to us". Most networks have a low level of security. Many Internet sites provide
guidance on how to commit computer crimes. Law enforcement is unable to keep up with the
number of computer frauds. Most frauds are not reported. The total dollar value of losses is
difficult to calculate.
Install reliable antivirus software that scans for, identifies, and isolates or destroys viruses. Use
caution when copying files on to your diskettes from unknown machines. Ensure the latest
versions of the antivirus program available is used. Scan all incoming emails for viruses at the
server level. All software should be certified as virus-free before loading it into the system. If you
use jump drives, diskettes, or CDs, do not put them in unfamiliar machines as they may become
infected. Obtain software and diskettes only from known and trusted sources. Use caution when
using or purchasing software or diskettes from unknown sources. Deal with trusted software
retailers. Ask whether the software you are purchasing comes with electronic techniques that
makes tampering evident. Check new software on an isolated machine with virus detection
software before installing on the system. Cold boot to clear and reset the system. When necessary,
69)
70)
71)
72)
73)
74)
75)
"cold boot" the machine from a write-protected diskette. Have two backups of all files. Restrict the
use of public bulletin boards.
There are three types of antivirus software programs. Virus protection programs are designed to
remain in computer memory and search for viruses trying to infiltrate the system. When an
infection attempt is detected, the software freezes the system and flashes a message to the user.
Virus detection programs spot an infection soon after it starts. Virus identification programs scan
all executable programs to find and remove all known viruses from the system.
A company can decrease fraud by: good hiring and firing practices; good management of unhappy
employees; training in fraud awareness; manage and track computer licenses; implement signed
confidentiality agreements; maintain visible security; educate the workforce in ethics and the
penalties for illegal acts.
Maintain adequate insurance. Keep a current backup copy of all program and data files in a secure
off-site location. Develop a contingency plan for fraud occurrences and other disasters that might
occur. Use special software designed to monitor system activity and help companies recover from
frauds and malicious actions.
Some distinguishing characteristics of fraud perpetrators are: they tend to spend their illegal
income to support their lifestyle; once they begin it becomes harder to stop and they become
bolder as each incident happens; once they start to rely on the ill-gotten gains, they become more
greedy and sometimes careless and overconfident. In the case of computer criminals, they are
often young and have substantial computer knowledge. About two-thirds are men and likely to be
an employee of the firm from which they steal. Many are unhappy or disgruntled with their
employer because they feel unappreciated and underpaid. Most have no previous criminal record.
A computer virus is a segment of executable code that attaches itself to computer software. A
virus has two phases: it replicates itself and spreads to other systems or files, and in the attack
phase, the virus carries out its mission to destroy files or the system itself. A worm is similar to a
virus, except that it is a program rather than a code segment hidden in a host program. A worm
can reside in e-mail attachments, which when opened or activated can damage a user's system.
Worms can also reproduce themselves by mailing themselves to the addresses found in the
recipient's mailing list. Worms do not have long lives, but their lives can be very destructive
nonetheless.
Various computer fraud techniques include: Trojan horse - unauthorized code hidden in a
legitimate program. Round-down technique - rounded off amounts from calculations and the
fraction deposited in perpetrator's account. Salami technique - small amounts sliced off and stolen
from many projects over a period of time. Trap door - bypass of normal system controls.
Superzapping - use of a special program to bypass regular controls. Software piracy - unauthorized
copying of software, probably the most committed computer crime. Data diddling - changing data
in an unauthorized way. Data leakage - unauthorized copying of data files. Piggybacking - latching
onto a legitimate user in data communications. Masquerading or Impersonation - the perpetrator
gains access to the system by pretending to be an authorized user. Social engineering - a
perpetrator tricks an employee into giving him the information he needs to get into the system.
Logic bomb - idle until some event or time triggers it. Hacking - unauthorized access and use of a
computer system. Scavenging - gaining access to confidential data by searching corporate records
in dumpsters or computer storage. Eavesdropping - observation of private communications by
wiretapping or other surveillance techniques. E-mail threats - threatening legal action and asking
for money via e-mail. E-mail forgery - removing message headers, using such anonymous e-mail
for criminal activity. Denial of service attack - sending hundreds of e-mail messages from false
addresses until the attacked server shuts down. Internet terrorism - crackers using the Internet to
disrupt electronic commerce and communication lines. Internet misinformation - using the Internet
to spread false or misleading information. War dialing - searching for idle modem by dialing
thousands of telephones and intruding systems through idle modems. Spamming - e-mailing the
same message to everyone on one or more Usenet groups.
Most fraud cases go unreported and are not prosecuted for several reasons. Many cases of
computer fraud are as yet still undetected. As new technology and methods become available to
organizations, prior undetected fraud may be revealed in the future. A second reason is that
companies are reluctant to report computer fraud and illegal acts simply because of bad publicity-a highly visible case can undermine consumer confidence in an organization such as a financial
institution. Also, the fact that a fraud has occurred may indeed encourage others to attempt to
commit further acts against the organization. It would seem that unreported fraud creates a false
sense of security, as people think systems are more secure than they are in reality. Another reason
for not reporting fraudulent acts is the fact that the court system and law enforcement is busy with
violent crimes and criminals in its system. There is little time left to go after a crime where no
physical harm is present. Also, the court system tends to treat teen hacking and cracking as "acts
of childhood" rather than as serious crimes--this leads to many plea bargains when a computer
fraud is brought to trial. Another reason is that a computer fraud case is difficult, costly, and timeconsuming to investigate and prosecute. Before 1986 no federal law existed governing computer
fraud. Law enforcement officials, lawyers, and judges generally lack the computer skills
necessary to properly evaluate, investigate, and prosecute computer crimes. Sadly, when all is
said and done a successful prosecution and conviction of computer fraud results in a very light
sentence. All of these factors contribute to the underreporting and lack of prosecution of computer
fraud crimes. Not everyone agrees on what constitutes computer fraud:
Many networks have a low level of security
Many Internet pages give instruction on how to carry out computer crimes
Law enforcement has difficulty keep up with the growing number of computer frauds
The total dollar value of losses from computer fraud is difficult to estimate.
Chapter 6
MULTIPLE CHOICE
1. What is one reason why AIS threats are increasing?
a)
b)
c)
d)
LANs and client/server systems are easier to control than centralized, mainframe systems.
Many companies do not realize that data security is crucial to their survival.
Computer control problems are often overestimated and overly emphasized by management.
Many companies believe that protecting information is a strategic requirement.
2. Which of the following is not a reason for the increase in security problems for AIS?
a)
b)
c)
d)
Confidentiality issues caused by interlinked inter-company networks
Difficult to control distributed computing networks
Increasing efficiency resulting from more automation
Increasing numbers of information systems and users
3. One reason why many organizations do not adequately protect their systems is
because
a) control problems may be overestimated by many companies.
b) productivity and cost cutting cause management to forgo implementing and maintaining internal
controls.
c) control technology has not yet been developed.
d) all of the above
4. Any potential adverse occurrence or unwanted event that could be injurious to either
the AIS or the organization is referred to as a(n)
a)
b)
c)
d)
threat.
exposure.
risk.
phenomenon.
5. The potential dollar loss that could result if an unwanted event occurs is called a(n)
a)
b)
c)
d)
threat.
exposure.
risk.
extraordinary loss.
6. The likelihood that an adverse or unwanted event could occur is referred to as a(n)
a)
b)
c)
d)
threat.
exposure.
risk.
loss.
7. Accountants must try to protect the AIS from threats. Which of the following would
be a measure that should be taken?
a)
b)
c)
d)
take a proactive approach to eliminate threats
detect threats that do occur
correct and recover from threats that do occur
All of the above are proper measures for the accountant to take.
8. The plan of organization that a business uses to safeguard assets, provide accurate and
reliable information, and promote and improve operational efficiency is known as
a)
b)
c)
d)
a phenomenon.
internal control.
an AIS threat.
a preventive control.
9. Safeguarding assets is one of the primary purposes of internal control. Which of the
following is not one of the other primary purposes?
a)
b)
c)
d)
providing accurate and reliable accounting records
promoting operational efficiency
ensuring that no fraud has occurred
encouraging adherence to management policies
10. Internal control is often referred to as a(n) __________, because it permeates an
organization's operating activities and is an integral part of basic management
activities.
a)
b)
c)
d)
event
activity
process
system
11. Which of the following control classifications does not fit with the others listed
below?
a)
b)
c)
d)
preventative
detective
administrative
corrective
12. Which of the following is accomplished by corrective controls?
a)
b)
c)
d)
identify the cause of the problem
correct the resulting errors
modify the system to prevent future occurrences of the problem
All of the above are accomplished by corrective controls.
13. Duplicate checking of calculations is an example of a __________ control, and
adherence to appropriate procedures to resubmit rejected transactions is an example
of a __________ control.
a)
b)
c)
d)
corrective; detective
detective; corrective
preventive; corrective
detective; preventive
14. There are different types of internal controls available to an organization. The type of
controls that deters problems before they arise are called
a)
b)
c)
d)
detective controls.
corrective controls.
exposure controls.
preventive controls.
15. Corrective controls remedy problems discovered with detective controls. What is not
a corrective control procedure?
a)
b)
c)
d)
identify the cause of a problem
deter problems before they arise
correct resulting errors or difficulties
modify the system so that future problems are minimized or eliminated
16. __________ controls are designed to make sure an organization's control
environment is stable and well managed.
a)
b)
c)
d)
Application
Detective
General
Preventive
17. __________ controls prevent, detect and correct transaction errors and fraud.
a)
b)
c)
d)
Application
Detective
General
Preventive
18. Which of the following federal laws incorporated the language of the AICPA about
controls into a law applying to all registered companies?
a)
b)
c)
d)
Foreign Corrupt Practices Act of 1977
The Securities Exchange Act of 1934
Federal Corruption Prevention Act of 1987
The Securities Act of 1933
19. The primary purpose of the Foreign Corrupt Practices Act of 1977 was
a)
b)
c)
d)
to require corporations to maintain a good system of internal control.
to prevent the bribery of foreign officials by American companies.
to require the reporting of any material fraud by a business.
All of the above are required by the act.
20. Congress passed this federal law for the purpose of preventing financial statement
fraud, to make financial reports more transparent and to strengthen the internal
control of public companies.
a)
b)
c)
d)
Foreign Corrupt Practices Act of 1977
The Securities Exchange Act of 1934
The Sarbanes-Oxley Act of 2002
The Control Provision of 1998
21. Which of the following is not one of the important aspects of the Sarbanes-Oxley
Act?
a)
b)
c)
d)
The creation of the Public Company Accounting Oversight Board
New rules for auditors and management
New roles for audit committees
New rules for information systems development
22. A ________________ helps employees act ethically by setting limits beyond which
an employee must not pass.
a)
b)
c)
d)
Boundary system
Diagnostic control system
Interactive control system
Internal control system
23. A ________________ measures company progress by comparing actual performance
to planned performance.
a)
b)
c)
d)
Boundary system
Diagnostic control system
Interactive control system
Internal control system
24. A ________________ helps top-level managers with high-level activities that
demand frequent and regular attention.
a)
b)
c)
d)
Boundary system
Diagnostic control system
Interactive control system
Internal control system
25. This control framework addresses the issue of control from three vantage points:
business objectives, information technology resources, and information technology
processes.
a)
b)
c)
d)
ISACF's control objectives for information and related technology
COSO's internal control framework
COSO's enterprise risk management framework
None of the above
26. This control framework defines internal controls and provides guidance for evaluating
and enhancing internal control systems.
a)
b)
c)
d)
ISACF's control objectives for information and related technology
COSO's internal control framework
COSO's enterprise risk management framework
None of the above
27. This control framework's intent includes helping the organization to provide
reasonable assurance that objectives are achieved and problems are minimized, and to
avoid adverse publicity and damage to the organization's reputation.
a)
b)
c)
d)
ISACF's control objectives for information and related technology
COSO's internal control framework
COSO's enterprise risk management framework
None of the above
28. The COSO control model has five crucial components. Which of the following is not
one of them?
a) control environment
b) risk assessment
c) compliance with federal, state, or local laws
d) monitoring
29. According to the ERM, these help the company address all applicable laws and
regulations.
a)
b)
c)
d)
Compliance objectives
Operations objectives
Reporting objectives
Strategic objectives
30. According to the ERM, high level goals that are aligned with and support the
company's mission are
a)
b)
c)
d)
Compliance objectives
Operations objectives
Reporting objectives
Strategic objectives
31. According to the ERM, these deal with the effectiveness and efficiency of company
operations, such as performance and profitability goals.
a)
b)
c)
d)
Compliance objectives
Operations objectives
Reporting objectives
Strategic objectives
32. According to the ERM, these objectives help ensure the accuracy, completeness and
reliability of internal and external company reports.
a)
b)
c)
d)
Compliance objectives
Operations objectives
Reporting objectives
Strategic objectives
33. Which of the following is not one of the eight interrelated risk and control
components of COSO?
a)
b)
c)
d)
Internal environment
Monitoring
Risk response
Event assessment
34. Which of the following is not one of the reasons COSO developed the more
comprehensive ERM framework?
a) The internal control framework has too narrow a focus.
b) Long-standing internal control systems often have controls that protect against items that are no
longer risks.
c) Risk should be evaluated first, before controls.
d) The Sarbanes-Oxley Act of 2002 required it.
35. Which of the following would be considered a "red flag" for problems with
management operating style if the question were answered "yes"?
a)
Does management take undue business risks to achieve its objectives?
b) Does management attempt to manipulate performance measures such as net income?
c) Does management pressure employees to achieve results regardless of the methods?
d) All of the above statements would raise "red flags" if answered "yes."
36. The audit committee of the board of directors is composed of
a)
b)
c)
d)
officers of the company.
inside directors of the company.
outside directors of the company.
all of the above
37. The audit committee is responsible for
a)
b)
c)
d)
overseeing the internal control structure.
overseeing the financial reporting process.
working with the internal and external auditors.
All of the above are responsibilities.
38. Regarding the issue of internal control, the internal environment itself consists of
many factors. An issue regarding a conflict of interest should be addressed as a
component of which factor?
a)
b)
c)
d)
organization structure
commitment to integrity and ethical values
the audit committee of the board of directors
management's philosophy and operating style
39. The definition of the lines of authority and responsibility and the overall framework
for planning, directing, and controlling is laid out by the
a)
b)
c)
d)
control activities
organizational structure
budget framework
internal environment
40. Personnel policies such as background checks, mandatory vacations, and rotation of
duties tend to deter
a)
b)
c)
d)
unintentional errors
employee fraud or embezzlement
fraud by outsiders
payroll irregularities
41. The stock exchange or FASB is best described as external influences that directly
affect an organization's
a)
b)
c)
d)
hiring practices
philosophy and operating style
internal environment
methods of assigning authority
42. The internal control model developed by COSO is comprised of five interrelated
components. Among these components is the internal environment. Which attribute
below is not part of the internal environment?
a)
the competence of an organization's people
b) the integrity of an organization's people
c) monitoring activities within the organization itself
d) the ethical values of an organization's people
43. The amount of risk a company is willing to accept in order to achieve its goals and
objectives is
a)
b)
c)
d)
Inherent risk
Residual risk
Risk appetite
Risk assessment
44. The risk that remains after management implements internal controls is
a)
b)
c)
d)
Inherent risk
Residual risk
Risk appetite
Risk assessment
45. The risk that exists before management takes any steps to control the likelihood or
impact of a risk is
a)
b)
c)
d)
Inherent risk
Residual risk
Risk appetite
Risk assessment
46. When undertaking risk assessment, the expected loss is calculated like this.
a)
b)
c)
d)
Impact times expected loss
Impact times likelihood
Inherent risk times likelihood
Residual risk times likelihood
47. Generally in a risk assessment process, the first step is to
a)
b)
c)
d)
identify the threats that the company currently faces.
estimate the risk probability of negative events occurring.
estimate the exposure from negative events.
identify controls to reduce all risk to zero.
48. The third component of COSO's internal control model is risk assessment. Part of
risk assessment is to identify threats to companies. If a company does the right things
in the wrong way, this is known as
a)
b)
c)
d)
a strategic threat.
an operating threat.
a financial threat.
an information threat.
49. Management can authorize employees to handle routine transactions without special
approval. This is known as
a) Authorization
b) General authorization
c) Special authorization
d) Specific authorization
50. Good internal control demands that no single employee be given too much
responsibility. The segregation of duties is key to fulfilling this demand. Which two
functions, when not performed by different employees, will cause a potential internal
control problem due to the lack of separation of duties?
a)
b)
c)
d)
digital signature, specific authorization
custody, recording
digital signature, general authorization
custody, digital signature
51. Regarding project development and acquisition controls, this is developed to show all
projects that must be completed to achieve long-range company goals.
a)
b)
c)
d)
Performance evaluation
Project development plan
Steering committee
Strategic master plan
52. Regarding project development and acquisition controls, a ________ is created to
guide and oversee systems development and acquisition.
a)
b)
c)
d)
Performance evaluation
Project development plan
Steering committee
Strategic master plan
53. Regarding project development and acquisition controls, a ________ shows how a
project will be completed, including tasks and who will perform them as well as a
timeline and cost estimates.
a)
b)
c)
d)
Performance evaluation
Project development plan
Steering committee
Strategic master plan
54. The concept of independent checks in transaction processing is illustrated by all of
the following except
a)
b)
c)
d)
reconciliation of independently maintained records.
extensive edit checking of input data.
comparisons of actual quantities to recorded amounts.
record counts of inputs and outputs.
SHORT ANSWER
55. What are the three functions of internal controls?
56. What are the two categories of internal controls?
57. What is the difference between general and specific authorization?
58. What was the primary objective of the Foreign Corrupt Practices Act?
59. What is COSO?
60. What are the major components of control as defined in the COSO internal control
model report?
61. What is a weakness of the internal control concept of the separation of duties?
62. Classify the following controls as preventive, detective, or corrective: Periodic bank
reconciliation. Separation of cash and accounting records. Maintaining backup copies
of master and transaction files. Pre-numbering of sales invoices. Chart of accounts.
Retina scan before entering a sensitive R & D facility. Resubmission of transactions
for subsequent processing. Internal auditor rechecking the debits and credits on the
payment voucher. Depositing all cash receipts intact. Qualified accounting personnel
ESSAY
63. Provide three reasons why AIS threats are increasing. Briefly discuss each one.
64. Why was the Foreign Corrupt Practices Act of interest to accountants?
65. Discuss the internal (control) environment.
66. Why is management's philosophy and operating style considered to be the most
important component of the control environment?
67. What are some of the ways to assign authority and responsibility within an
organization?
68. Discuss the weaknesses in COSO's internal control framework that lead to the
development of the Enterprise Risk Management framework.
ANSWER KEY
1) B
2) C
3) B
4) A
5) B
6) C
7) D
8) B
9) C
10) C
11) C
12) D
13) B
14) D
15) B
16) C
17) A
18) A
19) B
20) C
21) D
22) A
23) B
24) C
25) A
26) B
27) C
28) C
29) A
30) D
31) B
32) C
33) D
34) D
35) D
36) C
37) D
38) B
39) B
40) B
41) C
42) C
43) C
44) B
45) A
46) B
47) A
48) B
49) A
50) B
51) B
52) D
53) C
54) B
55)
56)
57)
58)
59)
60)
61)
62)
63)
64)
65)
66)
B
Preventive, detective, and corrective
General and application
Authorizations are often documented by signing, initializing, or entering an authorization code on
a transaction document or record. Management may deem that certain transactions are of a routine
nature and as such may authorize employees to handle such transactions without special approval.
This is known as general authorization. Other transactions may be of such consequence that
management grants specific authorization for them to occur. Usually management must approve
of such transactions and oversee them to completion, requiring an additional signature required on
checks exceeding a given dollar amount. Management should have written policies on both
specific and general authorization for all type of transactions.
The primary objective of the Foreign Corrupt Practices Act is to prevent the bribery of foreign
officials by American companies.
The COSO defines internal control as a process implemented by management, the board of
directors, and those under their direction to provide reasonable assurance that control objectives
are achieved regarding effectiveness and efficiency of operations, reliability of financial reporting,
and compliance with applicable laws and regulations.
The major components of control are: the control environment; control activities; risk assessment;
information and communication; monitoring of performance.
When a system effectively incorporates a separation of duties, it should be difficult for any one
employee to defeat the system and commit embezzlement. The problem with the separation of
duties comes when two or more employees agree to defeat the system for their own dishonest
ends. This problem is known as collusion. When two or more employees act together to defeat
the internal controls of the system, they may likely succeed in their endeavor for a time. It is more
difficult to detect such activity because the employees may have planned to "cover their tracks."
This is why independent review of transaction activity by third parties is important to monitor that
internal controls are in place and working as designed.
Detective. Preventive. Corrective. Preventive. Preventive. Preventive. Corrective. Detective.
Preventive. Preventive
Students may provide a variety of acceptable reasons, such as: Client/server systems have
proliferated and have enabled large numbers of employees to have access to the information.
LANs and client/server systems distribute data to various users and are more difficult to control
than centralized systems. EDI and e-commerce have enabled customers and suppliers to access
each other's systems and data, making confidentiality a major concern. Organizations are not
aggressively protecting their data for various reasons. Computer control problems are often
underestimated and downplayed. Control implications of networked systems are not properly
reasoned out. Top management does not grasp the effect of security of data and information on
survival and profitability of the company. Internal controls become a casualty in cost cutting and
productivity measures undertaken by the management.
The act is important to accountants because it incorporates the language of the AICPA
pronouncement on internal controls. The Act mandates that corporations should keep records that
accurately and fairly reflect their transactions and assets in reasonable detail. The internal control
system of these organizations should be able to provide reasonable assurance that: a) transactions
are properly authorized and recorded; b) assets are safeguarded and protected from unauthorized
access; and c) recorded asset values are periodically compared with actual assets and any
differences are corrected. The act requires corporations to maintain good systems of internal
accounting control.
The control environment embraces both individuals and the environment in which they operate in
an organization. Individual employees are "the engine" that drives the organization and form the
foundation upon which everything in the organization rests. Among the many factors found in the
control environment are: 1) a commitment to integrity and ethical values; 2) the philosophy and
operating style of management; 3) organizational structure; 4) the audit committee of the board of
directors; 5) methods of assigning authority and responsibility; 6) human resources policies and
practices; and 7) various external influences. Each of these factors influences the internal control
structure of the organization. Likewise, these factors should be examined and analyzed in detail
when implementing or evaluating a system of internal controls.
67) Management truly sets the tone for the control environment of a business. If top management
takes good control seriously and makes this known to everyone in the organization, then
employees down the line will tend to do likewise. Management's attitude toward risk taking and
the assessment of risk before acting are indications. Willingness to manipulate performance
measures or to encourage employees to do likewise is another indication of attitude. Finally,
pressure on subordinates to achieve certain results regardless of the methods used can be a very
persuasive indicator of problems. Management concerned about control will assess risk and act
prudently, manipulation of performance measures will not be tolerated, and ethical behavior will
be instilled in and required of employees.
68) It is incumbent on management to identify specific business objectives and assign such objectives
to certain departments and individuals. Management must also hold such departments and
individuals responsible and accountable for achieving the assigned business objectives. Ways in
which management may assign authority and responsibility is through formal job descriptions,
employee training, budgets, operating plans, and scheduling. A formal code of conduct also sets
the stage for responsible behavior on the part of employees by defining ethical behavior,
acceptable business practices, regulatory requirements, and conflicts of interest. Another useful
and important tool is a written policy and procedures manual.
69) Weaknesses in COSO's internal control framework that lead to the development of the ERM
model include: 1. It has too narrow a focus. 2. Examining controls without first addressing
purposes and risks of business processes gives little context for evaluating results. 3. Existing
internal control systems often have controls that protect against items that are no longer risks or
are no longer important. 4. Focusing on controls first has an inherent bias toward past problems
and concerns.
Chapter 7
MULTIPLE CHOICE
1. The AICPA and the CICA have created an evaluation service known as SysTrust.
SysTrust follows four principles to determine if a system is reliable. The reliability
principle that states that users must be able to enter, update, and retrieve data during
agreed-upon times is known as
a)
b)
c)
d)
availability.
security.
maintainability.
integrity.
2. According to SysTrust, the reliability principle of integrity is achieved when
a) the system is available for operation and use at times set forth by agreement.
b) the system is protected against unauthorized physical and logical access.
c) the system can be maintained as required without affecting system availability, security, and
integrity.
d) system processing is complete, accurate, timely, and authorized.
3. Which of the following is not one of the five basic principles that contribute to
systems reliability according to the Trust Services framework.
a)
b)
c)
d)
Confidentiality
Processing speed
Security
System availability
4. Which of the following is the foundation of systems reliability?
a)
b)
c)
d)
Confidentiality
Privacy
Processing
Security
5. Which of the following is not one of the three fundamental information security
concepts?
a)
b)
c)
d)
Information security is a technology issue that hinges on prevention.
Security is a management issue, not a technology issue.
The idea of defense-in-depth employs multiple layers of controls.
The time-based model of security focuses on the relationship between preventive, detective and
corrective controls.
6. The trust services framework identifies four essential criteria for successfully
implementing each of the principles that contribute to systems reliability. Which of
the following is not one of those four essential criteria?
a)
b)
c)
d)
Developing and documenting policies
Effectively communicating policies to all outsiders
Designing and employing appropriate control procedures to implement policies
Monitoring the system and taking corrective action to maintain compliance with policies
7. Giving users regular, periodic reminders about security policies and training in
complying with them is an example of which of the following trust services criteria?
a)
b)
c)
d)
Policy development
Effective communication of policies
Design/use of control procedures
Monitoring and remedial action
8. Because planning is more effective than reacting, this is an important criteria for
successfully implementing systems reliability:
a)
b)
c)
d)
Policy development
Effective communication of policies
Design/use of control procedures
Monitoring and remedial action
9. If the time an attacker takes to break through the organization's preventive controls is
greater than the sum of the time required to detect the attack and the time required to
respond to the attack, then security is
a)
b)
c)
d)
effective
ineffective
overdone
undermanaged
10. Preventive controls require two related functions, which are:
a)
b)
c)
d)
Access and control
Authentication and authorization
Detection and correction
Physical access and logical access
11. Verifying the identity of the person or device attempting to access the system is
a)
b)
c)
d)
Authentication
Authorization
Identification
Threat monitoring
12. Restricting access of users to specific portions of the system as well as specific tasks,
is
a)
b)
c)
d)
Authentication
Authorization
Identification
Threat monitoring
13. Which of the following is an example of a preventive control?
a)
b)
c)
d)
Encryption
Log analysis
Intrusion detection
Emergency response teams
14. Which of the following is an example of a detective control?
a)
b)
c)
d)
Physical access controls
Encryption
Log analysis
Emergency response teams
15. Which of the following is an example of a corrective control?
a)
b)
c)
d)
Physical access controls
Encryption
Intrusion detection
Emergency response teams
16. Which of the following is not a requirement of effective passwords?
a)
b)
c)
d)
Passwords should be changed at regular intervals.
Passwords should be no more than 8 characters in length.
Passwords should contain a mixture of upper and lowercase letters, numbers and characters.
Passwords should not be words found in dictionaries.
17. Which of the following is not a requirement of effective passwords?
a)
b)
c)
d)
Passwords should be changed at regular intervals.
Passwords should be no more than 8 characters in length.
Passwords should contain a mixture of upper and lowercase letters, numbers and characters.
Passwords should not be words found in dictionaries.
18. Multi-factor authentication
a)
b)
c)
d)
Involves the use of two or more basic authentication methods.
Is a table specifying which portions of the systems users are permitted to access.
Provides weaker authentication than the use of effective passwords.
Requires the use of more than one effective password.
19. An access control matrix
a)
b)
c)
d)
Does not have to be updated.
Is a table specifying which portions of the system users are permitted to access.
Is used to implement authentication controls.
Matches the user's authentication credentials to his authorization.
20. Perimeter defense is an example of which of the following preventive controls that
are necessary to provide adequate security.
a)
b)
c)
d)
Training
Controlling physical access
Controlling remote access
Host and application hardening
21. Which of the following preventive controls are necessary to provide adequate security
that deals with social engineering?
a)
b)
c)
d)
Controlling remote access
Encryption
Host and application hardening
Training
22. The device that connects an organization's information system to the Internet is a
a)
b)
c)
d)
Demilitarized zone
Firewall
Gateway
Router
23. A special purpose hardware device or software running on a general purpose
computer which filters information allowed to enter and leave the organization's
information system.
a)
b)
c)
d)
Demilitarized zone
Intrusion detection system
Intrusion prevention system
Firewall
24. This protocol specifies the procedures for dividing files and documents into packets
to be sent over the Internet.
a)
b)
c)
d)
Access control list
Internet protocol
Packet switching protocol
Transmission control protocol
25. This protocol specifies the structure of packets sent over the internet and the route to
get them to the proper destination.
a)
b)
c)
d)
Access control list
Internet protocol
Packet switching protocol
Transmission control protocol
26. This determines which packets are allowed entry and which are dropped..
a)
b)
c)
d)
Access control list
Deep packet inspection
Stateful packet filtering
Static packet filtering
27. Compatibility tests utilize a(n) __________, which is a list of authorized users,
programs, and data files the users are authorized to access or manipulate.
a)
b)
c)
d)
validity test
biometric matrix
logical control matrix
access control matrix
28. This screens individual IP packets based solely on the contents of the source or
destination fields in the packet header..
a)
b)
c)
d)
Access control list
Deep packet inspection
Stateful packet filtering
Static packet filtering
29. This maintains a table that lists all established connections between the organization's
computers and the Internet to determine whether an incoming packet is part of an
ongoing communication initiated by an internal computer..
a) Access control list
b) Deep packet inspection
c) Stateful packet filtering
d) Static packet filtering
30. This processes involves the firewall examining the data in the body of an IP packet.
a)
b)
c)
d)
Access control list
Deep packet inspection
Stateful packet filtering
Static packet filtering
31. This is designed to identify and drop packets that are part of an attack.
a)
b)
c)
d)
Deep packet inspection
Intrusion detection system
Stateful packet filtering
Static packet filtering
32. This is used to identify rogue modems (or by hackers to identify targets).
a)
b)
c)
d)
War chalking
War dialing
War driving
None of the above
33. The process of turning off unnecessary features in the system is known as
a)
b)
c)
d)
Deep packet inspection
Hardening
Intrusion detection
War dialing
34. The most common input-related vulnerability is
a)
b)
c)
d)
Buffer overflow attack
Hardening
War dialing
Encryption
35. The final layer of preventive controls.
a)
b)
c)
d)
Authentication
Authorization
Encryption
Intrusion detection
36. The process of transforming normal text into cipher text
a)
b)
c)
d)
Encryption
Decryption
Filtering
Hardening
37. Which of the following is not one of the three important factors determining the
strength of any encryption system?
a) Key length
b) Key management policies
c) Encryption algorithm
d) Privacy
38. Which of the following is not one of the three important factors determining the
strength of any encryption system?
a)
b)
c)
d)
Key length
Key management policies
Encryption algorithm
Privacy
39. These systems use the same key to encrypt and to decrypt.
a)
b)
c)
d)
Asymmetric encryption
Hashing encryption
Public key encryption
Symmetric encryption
40. Which of the following descriptions is not associated with symmetric encryption?
a)
b)
c)
d)
A shared secret key
Faster encryption
Lack of authentication
Separate keys for each communication party.
41. Which of the following is not associated with asymmetric encryption?
a)
b)
c)
d)
No need for key exchange
Public keys
Private keys
Speed
42. A process that takes plaintext of any length and transforms it into a short code.
a)
b)
c)
d)
Asymmetric encryption
Encryption
Hashing
Symmetric encryption
43. These are used to create digital signatures.
a)
b)
c)
d)
Asymmetric encryption and hashing
Hashing and packet filtering
Packet filtering and encryption
Symmetric encryption and hashing
44. Information encrypted with the creator's private key that is used to authenticate the
sender is.
a)
b)
c)
d)
Asymmetric encryption
Digital certificate
Digital signature
Public key
45. An electronic document that certifies the identity of the owner of a particular public
key.
a) Asymmetric encryption
b) Digital certificate
c) Digital signature
d) Public key
46. The system and processes used to issue and manage asymmetric keys and digital
certificates.
a)
b)
c)
d)
Asymmetric encryption
Certificate authority
Digital signature
Public key infrastructure
47. The system and processes used to issue and manage asymmetric keys and digital
certificates.
a)
b)
c)
d)
Asymmetric encryption
Certificate authority
Digital signature
Public key infrastructure
48. In a private key system the sender and the receiver have __________, and in the
public key system they have __________.
a)
b)
c)
d)
different keys; the same key
a decrypting algorithm; an encrypting algorithm
the same key; two separate keys
an encrypting algorithm; a decrypting algorithm
49. One way to circumvent the counterfeiting of public keys is by using
a)
b)
c)
d)
a digital certificate.
digital authority.
encryption.
cryptography.
50. Which of the following describes one weakness of encryption?
a)
b)
c)
d)
Encrypted packets cannot be examined by a firewall.
Encryption protects the confidentiality of information while in storage.
Encryption protects the privacy of information during transmission.
Encryption provides for both authentication and non-repudiation.
51. This creates logs of network traffic that was permitted to pass the firewall
a)
b)
c)
d)
Intrusion detection system
Log analysis
Penetration test
Vulnerability scan
52. This uses automated tools to identify whether a given system possesses any wellknown security problems.
a)
b)
c)
d)
Intrusion detection system
Log analysis
Penetration test
Vulnerability scan
53. This is an authorized attempt by an internal audit team or an external security
consultant to break into the organization's information system.
a)
b)
c)
d)
Intrusion detection system
Log analysis
Penetration test
Vulnerability scan
54. A more rigorous test of the effectiveness of an organization's computer security.
a)
b)
c)
d)
Intrusion detection system
Log analysis
Penetration test
Vulnerability scan
55. These are established to deal with major security breaches.
a)
b)
c)
d)
CERTs
CSOs
FIRSTs
Intrusion detection systems
56. The ___________ disseminates information about fraud, errors, breaches and other
improper system uses and their consequences.
a)
b)
c)
d)
Chief information officer
Chief operations officer
Chief security officer
Computer emergency response team
SHORT ANSWER
57. Identify the five basic principles that contribute to systems reliability according to the
Trust Services framework developed by the AICPA and the CICA.
58. What are the three fundamental information security concepts?
59. What are three ways users can be authenticated?
60. What three factors determine the strength of any encryption system?
61. How does an intrusion detection system work?
62. What is a penetration test?
ESSAY
63. Describe four requirements of effective passwords
64. Explain social engineering.
65. What are the problems with symmetric encryption?
66. Explain the value of penetration testing.
ANSWER KEY
1) A
2) D
3) B
4) D
5) A
6) B
7) B
8) A
9) B
10) B
11) A
12) B
13) A
14) C
15) D
16) B
17) B
18) A
19) B
20) C
21) D
22) D
23) D
24) D
25) B
26) A
27) D
28) D
29) C
30) B
31) B
32) B
33) B
34) A
35) C
36) A
37) D
38) D
39) D
40) C
41) D
42) C
43) A
44) C
45) B
46) D
47) D
48) C
49) A
50) A
51) A
52) D
53) C
54) C
55)
56)
57)
58)
59)
60)
61)
62)
63)
64)
65)
66)
C
C
Security, confidentiality, privacy, processing integrity, availability.
1. Security is a management issue, not a technology issue. 2. The time-based model of security. 3.
Defense-in-depth.
Users can be authenticated by verifying: 1. something they know (password). 2. something they
have (smart card or ID badge). 3. Something they are (biometric identification of fingerprint).
1. Key length. 2. Key management policies. 3. Encryption algorithm.
An intrusion detection system creates logs of network traffic that was permitted to pass the
firewall and then analyze those logs for signs of attempted or successful intrusions.
An authorized attempt by either an internal audit team or an external security consultant to break
into the organization's information system.
1. Strong passwords should be at least 8 characters. 2. Passwords should use a mixture of upper
and lowercase letters, numbers and characters. 3. Passwords should be random and not words
found in dictionaries. 4. Passwords should be changes frequently.
Social engineering attacks use deception to obtain unauthorized access to information resources,
such as attackers who post as a janitor or as a legitimate system user. Employees must be trained
not to divulge passwords or other information about their accounts to anyone who contacts them
and claims to be part of the organization's security team.
Symmetric encryption is much faster than asymmetric encryption, but it has several problems. 1.
Both parties (sender and receiver) need to know the shared secret key. 2. Separate secret keys must
be maintained for use with each different communication party. 3. There is no way to prove who
created a specific document.
Penetration testing involves an authorized attempt by an internal audit team or an external security
consultant to break into the organization's information system. This type of service is provided by
risk management specialists in all the Big Four accounting firms. These specialists spend more
than half of their time on security matters. The team attempts to compromise the system using
every means possible. With a combination of systems technology skills and social engineering,
these teams often find weaknesses in systems that were believed to be secure.
Chapter 8
MULTIPLE CHOICE
1. Concerning virtual private networks (VPN), which of the following is not true?
a) VPNs provide the functionality of a privately owned network using the Internet.
b) Using VPN software to encrypt information while it is in transit over the Internet in effect creates
private communication channels, often referred to as tunnels, which are accessible only to those
parties possessing the appropriate encryption and decryption keys.
c) The cost of the VPN software is much less than the cost of leasing or buying the infrastructure
(telephone lines, satellite links, communications equipment, etc.) needed to create a privately
owned secure communications network.
d) It is more expensive to reconfigure VPNs to include new sites than it is to add or remove the
corresponding physical connections in a privately owned network.
2. The goal of information systems controls is
a)
b)
c)
d)
To ensure that systems objectives are met.
To ensure that systems function
To ensure that systems are reliable.
To ensure that data are confidential.
3. Which of the following is not one of the 10 internationally recognized best practices
for protecting the privacy of customers' personal information?
a)
b)
c)
d)
Choice and consent.
Disclosure to third parties.
Reimbursement.
Use and retention.
4. Which of the following is not one of the 10 internationally recognized best practices
for protecting the privacy of customers' personal information?
a)
b)
c)
d)
Access.
Monitoring and enforcement.
Registration.
Security.
5. A text file created by a website and stored on a visitor's hard disk.
a)
b)
c)
d)
Validity check
Spam
Error log
Cookie
6. Forms design is an example of this type of control.
a)
b)
c)
d)
Data entry controls
Data transmission controls
Output controls
Source data controls
7. Sequentially pre-numbered forms is an example of .
a) Data entry controls
b) Data transmission controls
c) Processing controls
d) Source data controls
8. Message acknowledgement techniques are an example of
a)
b)
c)
d)
Data entry controls
Data transmission controls
Output controls
Processing controls
9. File labels are an example of
a)
b)
c)
d)
Data entry controls
Output controls
Processing controls
Source data controls
10. Turnaround documents are an example of
a)
b)
c)
d)
Data entry controls
Output controls
Processing controls
Source data controls
11. Input validation checks are an example of
a)
b)
c)
d)
Data entry controls
Data transmission controls
Output controls
Source data controls
12. Parity checks are an example of
a)
b)
c)
d)
Data entry controls
Data transmission controls
Output controls
Processing controls
13. Error logs and review are an example of
a)
b)
c)
d)
Data entry controls
Data transmission controls
Output controls
Processing controls
14. Visual scanning is an example of
a)
b)
c)
d)
Data entry controls
Output controls
Processing controls
Source data controls
15. User reviews are an example of
a)
b)
c)
d)
Data entry controls
Data transmission controls
Output controls
Processing controls
16. Data matching is an example of
a)
b)
c)
d)
Data entry controls
Data transmission controls
Processing controls
Source data controls
17. Batch totals are an example of
a)
b)
c)
d)
Data entry controls
Data transmission controls
Output controls
Processing controls
18. Check digit verification is an example of
a)
b)
c)
d)
Data transmission controls
Output controls
Processing controls
Source data controls
19. Data conversion checks are an example of
a)
b)
c)
d)
Data entry controls
Output controls
Processing controls
Source data controls
20. This determines if the characters in a field are of the proper type.
a)
b)
c)
d)
Field check
Limit check
Range check
Reasonableness test
21. This ensures that the input data will fit into the assigned field.
a)
b)
c)
d)
Limit check
Range check
Size check
Validity check
22. This tests a numerical amount to ensure that it does not exceed a predetermined value.
a)
b)
c)
d)
Completeness check
Limit check
Range check
Sign check
23. This tests a numerical amount to ensure that it does not exceed a predetermined value
nor fall below another predetermined value.
a)
b)
c)
d)
Completeness check
Field check
Limit check
Range check
24. This determines if all required data items have been entered.
a)
b)
c)
d)
Completeness check
Field check
Limit check
Range check
25. This compares the ID number in transaction data with similar data in the master file
to verify that the account exists.
a)
b)
c)
d)
Reasonableness test
Sign check
Size check
Validity check
26. This determines the correctness of the logical relationship between two data items.
a)
b)
c)
d)
Range check
Reasonableness test
Sign check
Size check
27. This batch processing data entry control tests if a batch of input data is in the proper
numerical or alphabetical sequence.
a)
b)
c)
d)
Batch total
Financial total
Hash total
Sequence check
28. This batch processing data entry control sums a field that contains dollar values.
a)
b)
c)
d)
Batch total
Financial total
Hash total
Sequence check
29. This batch processing data entry control sums a non-financial numeric field.
a)
b)
c)
d)
Batch total
Financial total
Hash total
Sequence check
30. This batch processing data entry control sums the number of items in a batch.
a)
b)
c)
d)
Batch total
Hash total
Record count
Sequence check
31. This ensures that the correct and most current files are being updated.
a)
b)
c)
d)
Cross-footing balance test
Data matching
File labels
Write-protect mechanism
32. These find processing errors.
a)
b)
c)
d)
Cross-footing balance test
File labels
Recalculation of batch totals
Write-protect mechanisms
33. This compares the results produced by more than one method to verify accuracy.
a)
b)
c)
d)
Concurrent update control
Cross-footing balance test
Data matching
Recalculation of batch totals
34. This protects records from errors that occur when two or more users attempt to update
the same record simultaneously.
a)
b)
c)
d)
Concurrent update controls
Cross-footing balance test
Data conversion controls
Recalculation of batch totals
35. The system and the receiving unit calculate a summary statistic and compare it.
a)
b)
c)
d)
Echo check
Numbered batches
Parity check
Trailer record
36. This entails verifying that the proper number of bit sare set to the value 1 in each
character received.
a)
b)
c)
d)
Echo check
Numbered batches
Parity check
Trailer record
37. This entails verifying that the proper number of bits are set to the value 1 in each
character received.
a)
b)
c)
d)
Echo check
Numbered batches
Parity check
Trailer record
38. Concerning availability, which of the following statements is true?
a)
b)
c)
d)
Human error does not threaten system availability.
Proper controls can maximize the risk of threats causing significant system downtime.
Threats to system availability can be completely eliminated.
Threats to system availability include hardware and software failures as well as natural and manmade disasters.
39. This enables a system to continue functioning in the even that a particular component
fails,
a)
b)
c)
d)
Backup procedures
Fault tolerance
Preventive maintenance
None of the above
40. This enables a system to continue functioning in the even that a particular component
fails,
a)
b)
c)
d)
Backup procedures
Fault tolerance
Preventive maintenance
None of the above
41. Every organization should have a disaster recovery plan so that data processing
capacity can be restored as smoothly and quickly as possible. Which item below
would not typically be part of an adequate disaster recovery plan?
a)
b)
c)
d)
a system upgrade due to operating system software changes
uninterruptible power systems installed for key system components
scheduled electronic vaulting of files
backup computer and telecommunication facilities
42. ________ involves copying only the data items that have changed since the last
backup.
a)
b)
c)
d)
Archive
Backup
Differential backup
Incremental backup
43. ________ copies all changes made since the last full backup.
a)
b)
c)
d)
Archive
Backup
Differential backup
Incremental backup
44. While this type of backup takes longer, it's restoration is simpler.
a)
b)
c)
d)
Archive
Backup
Differential backup
Incremental backup
45. A copy of a database, master file, or software that will be retained indefinitely as a
historical record.
a)
b)
c)
d)
Archive
Backup
Differential backup
Incremental backup
46. A location that is pre-wired for necessary telecommunications and computer
equipment.
a) a cold site
b) a hot site
c) a remote sister site
d) a subsidiary location
47. A facility that contains all the computing equipment the organization needs to
perform its essential business activities.
a)
b)
c)
d)
a cold site
a hot site
a remote sister site
a subsidiary location
48. Which of the following is not the objective of a disaster recovery plan?
a)
b)
c)
d)
Minimize the extent of the disruption, damage or loss.
Permanently establish an alternative means of processing information.
Resume normal operations as soon as possible.
Train employees for emergency operations.
49. The most important change management technique is probably
a)
b)
c)
d)
User rights and privileges are carefully monitored during change process.
Changes tested thoroughly prior to implementation.
All documentation is updated to reflect changes to the system.
Adequate monitoring and review by top management.
50. Which of the following is not a useful control procedure to control access to system
outputs?
a)
b)
c)
d)
Allowing visitors to move through the building without supervision.
Coding reports to reflect their importance.
Requiring employees to log out of applications when leaving their desk.
Restricting access to rooms with printers.
SHORT ANSWER
51. Identify a fundamental control procedure for protecting that confidentiality of
sensitive information.
52. Identify four source data controls.
53. Identify four data entry controls.
54. Identify four processing controls.
55. Identify four data transmission controls.
56. Identify two output controls.
57. What is fault tolerance?
ESSAY
58. Identify four useful procedures for controlling access to system outputs.
59. Identify the 10 internationally recognized best practices for protecting the privacy of
customers' personal information.
60. Describe some steps you can take to minimize your risk of identify theft.
ANSWER KEY
1) D
2) C
3) C
4) C
5) D
6) D
7) D
8) B
9) C
10) D
11) A
12) B
13) A
14) D
15) C
16) C
17) D
18) D
19) C
20) A
21) C
22) B
23) D
24) A
25) D
26) B
27) D
28) B
29) C
30) C
31) C
32) C
33) B
34) A
35) A
36) C
37) C
38) D
39) B
40) B
41) A
42) D
43) C
44) C
45) A
46) A
47) B
48) B
49) D
50) A
51) Encryption
52) Answers include: forms design, pre-numbered forms sequence test, turnaround documents,
53)
54)
55)
56)
57)
58)
59)
60)
cancellation and storage of documents, authorization and segregation of duties, visual scanning,
check digit verification, RFID security.
Answers include: field check, sign check, limit check, range check, size check, completeness
check, validity check, reasonableness check, prompting, pre-formatting, closed-loop verification,
transaction log.
Answers include: data matching, file labels, recalculation of batch totals, cross-footing balance
test, write-protection mechanisms, database processing integrity procedures, concurrent update
controls, data conversion controls.
Answers include: parity checking, echo check, trailer record, numbered batches.
Answers include: user review of output, reconciliation procedures, external data reconciliation.
Fault tolerance is the use of redundant components that enable a system to continue functioning in
the event that a particular component fails.
Not allowing visitors to move through the building without supervision. Coding reports to reflect
their importance. Requiring employees to log out of applications when leaving their desk.
Restricting access to rooms with printers.
Management. Notice. Choice and consent. Collection. Use and retention. Access. Disclosure to
third parties. Security. Quality. Monitoring and enforcement.
Shred documents containing personal information. Never send personally identifying information
in unencrypted email. Beware of email/phone/print requests to verify personal information that the
requesting party should already possess. Do not carry your social security card with you. Print
only your initials and last name on checks. Limit the amount of other information preprinted on
checks. Do not use your mailbox for outgoing mail. Do not carry more than a few blank checks
with you. Use special software to digitally clean any digital media prior to disposal. Monitor your
credit cards regularly. File a police report as soon as you discover a purse or wallet missing. Make
photocopies of driver's license, passports and credit cards and keep in a safe location. Immediately
cancel any stolen or lost credit cards.
Chapter 9
MULTIPLE CHOICE
1. The American Accounting Association has formulated a general definition of
auditing. What is not a characteristic of this general definition?
a) Auditing is a systematic process.
b) Auditors are responsible for objectively obtaining and evaluating evidence regarding assertions
about economic actions and events.
c) Auditors are responsible for financial management and the investment of corporate assets.
d) Auditors are responsible for communicating the results of audits to interested users.
2. Which characteristics below is not a characteristic of auditing?
a)
b)
c)
d)
evidence collection
establishing audit criteria
objectivity
systems development
3. Auditing involves the
a)
b)
c)
d)
collection, review, and documentation of audit evidence.
planning and verification of economic events.
collection of audit evidence and approval of economic events.
testing, documentation, and certification of audit evidence.
4. The purpose of an internal audit is
a)
b)
c)
d)
to evaluate the adequacy and effectiveness of company's internal controls.
to determine the extent to which assigned responsibilities are actually carried out.
to collect evidence on whether the company is continuing as a going concern.
A and B only
5. The type of audit in which the primary responsibility of the auditors is the
management of the organization is
a)
b)
c)
d)
an external audit.
a governmental audit.
an internal audit.
a public audits.
6. What is not a typical responsibility of an internal auditor?
a)
b)
c)
d)
helping management to improve organizational effectiveness
assisting in the design and implementation of an AIS
preparation of the company's financial statements
implementing and monitoring of internal controls
7. The Institute of Internal Auditors (IIA) has established five audit scope standards that
outline the internal auditor's responsibilities. Which standard below deals with the
principles of reliability and integrity?
a) determining whether the systems are designed to comply with operating and reporting policies
b) review of how assets are safeguarded and verification of their existence as appropriate
c) review of company operations and programs to determine whether they are being carried out as
planned
d) review of operating and financial information and how it is identified, measured, classified, and
reported
8. The three different types of audits commonly performed today are
a)
b)
c)
d)
internal, external, defense contracting.
financial, operational, information systems.
financial, operational, management.
internal, external, public.
9. There are different types of internal audit work. Which type of work listed below is
not typical of internal auditors?
a)
b)
c)
d)
operational and management audits
information system audits
financial statement audit
financial audit of accounting records
10. The __________ audit examines the reliability and integrity of accounting records.
a)
b)
c)
d)
financial
informational
information systems
operational
11. The __________ audit reviews the general and application controls of an AIS to
assess its compliance with internal control policies and procedures and its
effectiveness in safeguarding assets.
a)
b)
c)
d)
financial
information systems
management
internal control
12. One type of audit that is concerned with the economical and efficient use of resources
and the accomplishment of established goals and objectives corresponds to the fourth
and fifth standards set forth by the IIA. This is known as a(n) __________ audit.
a)
b)
c)
d)
financial
information systems
internal control
operational or management
13. The __________ audit is concerned with the economical and efficient use of
resources and the accomplishment of established goals and objectives.
a)
b)
c)
d)
financial
informational
information systems
operational
14. The purpose of __________ is to determine why, how, when, and who will perform
the audit.
a)
b)
c)
d)
audit planning
the collection of audit evidence
the communication of audit results
the evaluation of audit evidence
15. Practically all audits follow a similar sequence of activities that can be divided into
four stages. Organizing the audit team and the physical examination of assets are
components of which two separate audit stages?
a)
b)
c)
d)
audit planning; evaluation of audit evidence
audit planning; collection of audit evidence
collection of audit evidence; communication of audit results
audit planning only
16. With which stage in the auditing process are the consideration of risk factors and
materiality most associated?
a)
b)
c)
d)
audit planning
collection of audit evidence
communication of audit results
evaluation of audit evidence
17. A system that employs various types of advanced technology has more __________
risk than traditional batch processing.
a)
b)
c)
d)
control
detection
inherent
investing
18. An audit should be planned so that the greatest amount of audit work focuses on the
areas with the highest risk factors. Regarding risk factors, control risk is defined as
a) the susceptibility to material risk in the absence of controls.
b) the risk that a material misstatement will get through the internal control structure and into the
financial statements.
c) the risk that auditors and their audit procedures will not detect a material error or misstatement.
d) the risk auditors will not be given the appropriate documents and records by management who
wants to control audit activities and procedures.
19. The possibility that a material error will occur even though auditors are following
audit procedures and using good judgment is referred to as
a)
b)
c)
d)
control risk.
detection risk.
inherent risk.
investigating risk.
20. The __________ part of the auditing process involves (among other things) the
auditors observing the operating activities and having discussion with employees.
a)
b)
c)
d)
audit planning
collection of audit evidence
communication of audit results
evaluation of audit evidence
21. The evidence collection method that is used to gather data about the system is
a) reperformance.
b) questionnaires.
c) valuation.
d) none of the above
22. Much of the effort spent in an audit entails the collection of evidence. Verifying the
accuracy of certain information, often through communication with certain third
parties, is known in the language of the auditor as
a)
b)
c)
d)
reperformance.
confirmation.
substantiation.
documentation.
23. The evidence collection method that examines all supporting documents to determine
the validity of a transaction is called
a)
b)
c)
d)
review of documentation.
vouching.
physical examination.
analytical review.
24. The evidence collection method that considers the relationship and trends among
information to detect items that should be investigated further is called
a)
b)
c)
d)
review of the documentation.
vouching.
physical examination.
analytical review.
25. Assessing the quality of internal controls, the reliability of information, and operating
performance are all part of which stage of the auditing process?
a)
b)
c)
d)
audit planning
collection of audit evidence
evaluation of audit evidence
communication of audit results
26. One way an auditor gauges how much audit work and testing needs to be performed
is through evaluating materiality and seeking reasonable assurance about the nature of
the information or process. What is key to determining materiality during an audit?
a) determining if material errors exist in the information or processes undergoing audit
b) the testing of records, account balances, and procedures on a sample basis
c) determining what is and is not important given a set of circumstances is primarily a matter of
judgment
d) none of the above
27. An auditor must be willing to accept some degree of risk that the audit conclusion is
incorrect. Accordingly, the auditor's objective is to seek __________ that no material
error exists in the information audited.
a)
b)
c)
d)
absolute reliability
reasonable evidence
reasonable assurance
reasonable objectivity
28. During all stages of the audit, findings and conclusions are documented in
a)
b)
c)
d)
audit trails.
audit working papers.
audit reports.
audit objectives.
29. The risk-based audit approach is
a)
b)
c)
d)
a four-step approach to internal control evaluation.
a four-step approach to financial statement review and recommendations.
a three-step approach to internal control evaluation.
a three-step approach to financial statement review and recommendations.
30. Which of the following is the first step in the risk-based audit approach?
a)
b)
c)
d)
identify the control procedures that should be in place
evaluate the control procedures
determine the threats facing the AIS
evaluate weaknesses to determine their effect on the audit procedures
31. Determining whether the necessary control procedures are in place is accomplished
by conducting
a)
b)
c)
d)
a systems overhaul.
a systems review.
tests of controls.
none of the above
32. Using the risk-based auditing approach, when the auditor identifies a control
deficiency, the auditor should inquire about
a)
b)
c)
d)
tests of controls.
the feasibility of a systems review.
materiality and inherent risk factors.
compensating controls.
33. The __________ to auditing provides auditors with a clear understanding of possible
errors and irregularities and the related risks and exposures.
a)
b)
c)
d)
risk-based approach
risk-adjusted approach
financial audit approach
information systems approach
34. What is the purpose of an AIS audit?
a)
b)
c)
d)
to determine the inherent risk factors found in the system
to review and evaluate the internal controls that protects the system
to examine the reliability and integrity of accounting records
to examine whether resources have been used in an economical and efficient manner in keeping
with organization goals and objectives
35. There are six objectives of an AIS audit. The objective that pertains to source data
being processed into some form of output is
a) Objective 1: overall security.
b) Objective 2: program development.
c) Objective 3: program modifications.
d) Objective 4: processing.
36. To maintain the objectivity necessary for performing an independent evaluation
function, auditors should not be involved in
a)
b)
c)
d)
making recommendations to management for improvement of existing internal controls.
examining system access logs.
examining logical access policies and procedures.
developing the system.
37. The auditor's role in systems development should be
a)
b)
c)
d)
an advisor and developer of internal control specifications.
a developer of internal controls.
that of an independent reviewer only.
A and B above
38. Regarding program modifications, which statement below is incorrect?
a) Only material program changes should be thoroughly tested and documented.
b) When a program change is submitted for approval, a list of all required updates should be
compiled and then approved by management and program users.
c) During the change process, the developmental version of the program must be kept separate from
the production version.
d) After the amended program has received final approval, the change is implemented by replacing
the production version with the developmental version.
39. How would auditors determine if unauthorized program changes have been made?
a)
b)
c)
d)
by interviewing and making inquiries of the programming staff
by examining the systems design and programming documentation
by using a source code comparison program
by interviewing and making inquiries of recently terminated programming staff
40. Which auditing technique will not assist in determining if unauthorized programming
changes have been made?
a)
b)
c)
d)
use of a source code comparison program
use of the reprocessing technique to compare program output
interviewing and making inquiries of the programming staff
use of parallel simulation to compare program output
41. Strong __________ controls sometimes can compensate for inadequate __________
controls.
a)
b)
c)
d)
development; processing
processing; development
operational; internal
internal; operational
42. The __________ procedure for auditing computer process controls uses a
hypothetical series of valid and invalid transactions.
a) concurrent audit techniques
b) test data processing
c) integrated test facility
d) dual process
43. The auditor uses __________ to continuously monitor the system and collect audit
evidence while live data are processed.
a)
b)
c)
d)
test data processing
parallel simulation
concurrent audit techniques
analysis of program logic
44. Auditors have several techniques available to them to test computer-processing
controls. An audit routine that flags suspicious transactions is known as
a)
b)
c)
d)
SCARF.
an audit hook.
an audit sinker.
the snapshot technique.
45. When it is suspected that a particular application program contains unauthorized code
or serious errors, a detailed analysis of the program logic may be necessary. The
auditor has several types of software packages available to help in analyzing program
logic. A program which identifies unexecuted program code is
a)
b)
c)
d)
a mapping program.
an audit log.
a scanning routine.
program tracing.
46. One way to document the review of source data controls is to use
a)
b)
c)
d)
a flowchart generator program.
a mapping program.
an input control matrix.
a program algorithm matrix.
47. To document the review of source data controls, an auditor may use
a)
b)
c)
d)
an input control matrix.
test data processing.
computer audit software.
analysis of program logic.
48. The auditor has various software programs available to help in the audit effort. A
program that, based on auditor specifications, generates programs that perform certain
audit functions is referred to a(n)
a)
b)
c)
d)
input controls matrix.
CAS.
VAN.
mapping program.
49. The use of a secure file library and restrictions on physical access to data files is a
control procedure used in conjunction with
a)
b)
c)
d)
computer processing controls.
data files.
program modification procedures.
program development.
50. When the auditor wants to read data in different formats and convert it into a single
common format, the __________ function of a generalized audit software package is
used.
a)
b)
c)
d)
data selection
reformatting
file processing
statistics
51. One function of CAS is to review data files to retrieve records meeting a specified
criteria. What is this function called?
a)
b)
c)
d)
reformatting
file processing
data analysis
data selection
52. What is the primary purpose of computer audit software?
a)
b)
c)
d)
to free the auditor from the attest phase of the audit
to assist the auditor in reviewing and retrieving information in computer files
to look for unauthorized modifications and changes to system program code
to assist the auditor in reviewing and retrieving information in accounting records and systems
documentation
53. The scope of a(n) __________ audit encompasses all aspects of information systems
management.
a)
b)
c)
d)
operational
information systems
financial
internal control
54. Evaluating effectiveness, efficiency, and goal achievement are objectives of
__________ audits.
a)
b)
c)
d)
financial
operational
information systems
all of the above
55. In the __________ stage of an operational audit, the auditor measures the actual
system against an ideal standard.
a)
b)
c)
d)
evidence collection
evidence evaluation
testing
internal control
SHORT ANSWER
56. Name the different types of audits.
57. Name the four major stages of all audits.
58. List and explain the types of risk possible when conducting an audit.
59. Explain why the auditor's role in program development and acquisition should be
limited.
60. How and to whom does an auditor communicate the audit results?
61. Why are audit tests and procedures performed on a sample basis?
62. When doing an information systems audit, auditors must review and evaluate the
program development process. What two things could go wrong during the program
development process?
63. Briefly describe tests that can be used to detect unauthorized program modifications.
64. What does an auditor examine when performing a detailed analysis of program logic?
65. What are embedded audit modules?
66. What is computer audit software or generalized audit software?
67. How is a financial audit different from an information systems audit?
68. Why do all audits follow a sequence of events that can be divided into four stages?
69. What are the types of evidence-gathering activities generally used in an operational
audit?
ESSAY
70. Name and briefly describe the different types of audits.
71. List and explain the types of risk possible when conducting an audit.
72. What is the risk-based audit approach?
73. a) What is test data processing? b) How is it done? c) What are the sources that an
auditor can use to generate test data?
74. Discuss the disadvantages of test data processing.
75. Discuss the collection of evidence in audits.
ANSWER KEY
1) c
2) d
3) a
4) d
5) c
6) c
7) d
8) b
9) c
10) a
11)
12)
13)
14)
15)
16)
17)
18)
19)
20)
21)
22)
23)
24)
25)
26)
27)
28)
29)
30)
31)
32)
33)
34)
35)
36)
37)
38)
39)
40)
41)
42)
43)
44)
45)
46)
47)
48)
49)
50)
51)
52)
53)
54)
55)
56)
57)
58)
59)
b
d
d
a
b
a
c
b
b
b
b
b
b
d
c
c
c
b
a
c
b
d
a
b
d
d
c
a
c
c
b
b
c
b
a
c
a
b
b
b
d
b
a
b
b
The financial audit. information systems audit. operational or management audit.
audit planning. collection of evidence. evaluation of evidence. communication of results .
Inherent risk. Control risk. Detection risk.
The auditor's role in any organization systems development should be limited only to an
independent review of systems development activities. The key to the auditor's role is
independence; the only way auditors can maintain the objectivity necessary for performing an
independent evaluation function is by avoiding any and all involvement in the development of the
system itself. If auditor independence is impaired, the audit itself may be of little value and its
results could easily be called into question.
60) The auditor usually prepares a written (or sometimes oral) report summarizing the findings and
recommendations with references to supporting evidence in working papers. The report is
61)
62)
63)
64)
65)
66)
67)
68)
69)
70)
71)
72)
presented to management, the audit committee, the board of directors, and other appropriate
parties.
It is not feasible (in terms of time or costs) to perform tests and procedures on the entire set of
activities, records, assets, or documents under review. Using statistical sampling, reliable numeric
samples can be computed and taken which will give the auditor a good degree of reliability as to
the entire set of activities, records, assets, or documents under review.
There can be unintentional errors due to misunderstood systems specifications, incomplete
specifications, or poor programming. Developers could insert unauthorized code instructions into
the program for fraudulent purposes.
Source code comparison - use of a computer program to compare the auditor's copy of the source
code with the program code currently in use. - on a random basis, the auditor uses a copy of source
code to reprocess company data and compares the results with that obtained with the program
currently in use. simulation - similar to reprocessing but auditor writes a program instead of using
the source code
An auditor refers to systems and program flowcharts, program documentation, and a listing or
program source code.
Embedded audit modules are segments of applications program code that perform audit functions.
Computer audit software or generalized audit software are computer programs written for auditors
that generate programs to perform audit functions based on the auditor's specifications.
Financial audits examine the reliability and integrity of accounting records in terms of financial
and operating information. An information systems (IS) audit reviews the general and application
controls of an AIS to assess its compliance with internal control policies and procedures and its
effectiveness in safeguarding assets. Although the AIS may generate accounting records and
financial information, it is important that the AIS itself be audited to verify compliance with
internal controls and procedures.
The auditor's function generally remains the same no matter what type of audit is being conducted.
The process of auditing can be broken down into the four stages of planning, collecting evidence,
evaluating evidence, and communicating audit results. These stages form a working template for
any type of financial, information systems, or operational or management audits.
There are six general categories of evidence gathering activities in an operational audit. These
activities include reviewing operating policies and documentation, confirming procedures with
management and operating personnel, observing operating functions and activities, examining
financial and operating plans and reports, testing the accuracy of operating controls, and testing
controls.
The financial audit - this audit examines the reliability and integrity of accounting records (both
financial and operating information). The information systems audit - this audit reviews the
general and application controls of an AIS and assesses its compliance with internal control
policies and procedures and effectiveness in safeguarding assets. The operational or management
audit - this audit conducts an evaluation of the efficient and effective use of resources, as well as
an evaluation of the accomplishment of established goals and objectives.
Inherent risk - the susceptibility to material risk in absence of controls. Control risk - the risk that a
material misstatement will get through the internal control structure and into the financial
statements. Detection risk - the risk that auditors and their audit procedures will not detect a
material error or misstatement
The risk-based audit approach has four steps that evaluate internal controls. This approach
provides a logical framework for conducting an audit of the internal control structure of a system.
The first step is to determine the threats facing the AIS. Threats here can be defined as errors and
irregularities in the AIS. Once the threat risk has been established, the auditor should identify the
control procedures that should be in place to minimize each threat. The control procedures
identified should either be able to prevent or detect errors and irregularities within the AIS. The
next step is to evaluate the control procedures. This step includes a systems review of
documentation and also interviewing the appropriate personnel to determine whether the needed
procedures are in place within the system. The auditor can then use tests of controls to determine
if the procedures are being satisfactorily followed. The fourth step is to evaluate weaknesses
found in the AIS. Weaknesses here means errors and irregularities not covered by the AIS control
procedures. When such deficiencies are identified, the auditor should see if there are
compensating controls that may counterbalance the deficiency. A deficiency in one area may be
neutralized given control strengths in other areas. The ultimate goal of the risk-based approach is
to provide the auditor with a clear understanding of errors and irregularities that may be in the
system along with the related risks and exposures. Once an understanding has been obtained, the
auditor may provide recommendations to management as to how the AIS control system can be
improved.
73) a) Test data processing is a technique used to examine the integrity of the computer processing
controls. b) Test data processing involves the creation of a series of hypothetical valid and invalid
transactions and the introduction of those transactions into the system. The invalid data may
include records with missing data, fields containing unreasonably large amounts, invalid account
numbers, etc. If the program controls are working, then all invalid transactions should be rejected.
Valid transactions should all be properly processed. c) The various ways test data can be generated
are: A listing of actual transactions. The initial transactions used by the programmer to test the
system. A test data generator program that generates data using program specifications
74) The auditor must spend considerable time developing an understanding of the system and
preparing an adequate set of test transactions. Care must be taken to ensure that test data does not
affect the company's files and databases. The auditor can reverse the effects of the test
transactions or process the transactions in a separate run using a copy of the file or database.
However, a separate run removes some of the authenticity obtained from processing test data with
regular transactions. Also, since the reversal procedures may reveal the existence and nature of
the auditor's test to key personnel, it can be less effective than a concealed test.
75) Since the audit effort revolves around the identification, collection, and evaluation of evidence,
most audit effort is spent in the collection process. To identify, collect, and evaluate evidence,
several methods have been developed to assist in the effort. These methods include: 1) the
observation of the activities being audited; 2) a review of documentation to gain a better
understanding of the AIS; 3) discussions with employees about their jobs and how procedures are
carried out; 4) the creation and administration of questionnaires to gather data about the system; 5)
physical examination of tangible assets; 6) confirmation of the accuracy of certain information; 7)
reperformance of selected calculations; 8) vouching for the validity of a transaction by
examination of all supporting documentation; and, 9) analytical review of relationships and trends
among information to detect items that should be further investigated. It is important to remember
that only a sample of evidence is collected for audit purposes, as it is not feasible to perform audit
procedures on the entire set of activities, records, assets, or documents that are under the review
process in an audit.
Chapter 10
MULTIPLE CHOICE
1. The credit manager reports to the __________ and the treasurer reports to the
__________.
a)
b)
c)
d)
controller; vice president of finance
treasurer; controller
marketing manager; vice president of finance
treasurer; vice president of finance
2. The revenue cycle is a recurring set of business activities and related information
processing operations associated with providing goods and services to customers and
collecting cash in payment for those sales. With whom is the primary external
exchange of information?
a)
b)
c)
d)
competitors
creditors
customers
marketing organizations
3. What is the primary objective of the revenue cycle?
a)
b)
c)
d)
to maximize revenue and minimize expense
to reduce outstanding accounts receivable balances through increased cash sales
to provide the right product in the right place at the right time at the right price
to sell as much product as possible and/or to maximize service billings
4. To accomplish the objectives set forth in the revenue cycle, a number of key
management decisions must be addressed. Which of the decisions below is not
ordinarily found as part of the revenue cycle?
a)
b)
c)
d)
What credit terms should be offered?
How often should accounts receivable be subjected to audit?
How can customer payments be processed to maximize cash flows?
What are the optimal prices for each product or service?
5. Which of the activities listed below is not part of the revenue cycle?
a)
b)
c)
d)
sales order entry
shipping
receiving
billing
6. In addition to the sales order entry process there are three other processes in the
revenue cycle. Which of the following is not one of them?
a)
b)
c)
d)
shipping
billing
general ledger
cash collections
7. One way to improve sales order entry efficiency is by allowing customers to enter
sales order data themselves. This can be accomplished for both in-store, mail order,
and Web site sales. Such interactive sales order entry systems are referred to as
a)
b)
c)
d)
bulletin boards.
smorgasbords.
catalogue boards.
choiceboards.
8. One way to improve sales order entry efficiency is by allowing customers to enter
sales order data themselves. For example, retail stores would send their orders
directly to a sales order system in a format that would eliminate the need for data
entry. This could be achieved using
a)
b)
c)
d)
VMI.
EDI.
POS.
VAN.
9. Matching customer accounts and inventory item numbers to the information in the
customer and inventory master files is an example of a
a)
b)
c)
d)
completeness test
field check
reasonableness test
validity check
10. During the sales order entry process, a __________ is performed to compare the
quantity ordered with the standard amounts normally ordered.
a)
b)
c)
d)
completeness test
redundant data check
field check
reasonableness test
11. During the sales order entry process, a __________ is performed to verify that each
transaction record contains all appropriate data items.
a)
b)
c)
d)
completeness test
redundant data check
field check
reasonableness test
12. A number of edit checks should be performed to ensure that all of the data required to
process an order have been collected and accurately recorded. The edit check that
compares a quantity being ordered to past history for that item and customer is called
a)
b)
c)
d)
a validity check.
a reasonableness test.
a completeness test.
a limit check.
13. In the revenue cycle, a customer places an order for a certain product. Before the
order is checked for inventory availability, what step should be taken?
a)
b)
c)
d)
The customer's credit should be checked for a sale on account.
The sales order should be created and written to a file.
Shipping should be notified of an order in process.
A picking list should be generated for the warehouse.
14. How is credit approval generally handled for well-established customers with a
documented payment history?
a)
b)
c)
d)
specific authorization by the credit manager
routine approval is usually granted
a new credit application is taken
a formal credit check is made for each sale
15. The maximum allowable account balance for a given customer is called the
a)
b)
c)
d)
credit checkpoint.
credit limit.
reorder point.
backorder point.
16. What is the normal procedure for new customers or customers making a purchase that
causes their credit limit to be exceeded?
a)
b)
c)
d)
routine approval is granted without authorization
specific approval must be granted by the credit manager
reject the sale in either case without question
check the credit bureau for a credit rating on the customer
17. Why should inventory quantities on hand be checked before a sale is actually made?
a)
b)
c)
d)
to inform the customer about availability and delivery times
to know which items must be back ordered
to inform inventory control of mistakes in the inventory records
A and B above
18. When an inventory item that is not in stock has been ordered by a customer, a back
order is sent to the
a)
b)
c)
d)
production department.
purchasing department.
billing department.
A and B above
19. Customer inquiries during the sales order process are best handled by
a)
b)
c)
d)
a sales order and customer service person.
accounting personnel.
the credit manager.
A and C above
20. Responding to customer inquiries and general customer service is an important aspect
in the revenue cycle. Since customer service is so important, software programs have
been created to help manage this function. These special software packages are
called
a)
b)
c)
d)
EDI systems.
POS systems.
VMI systems.
CRM systems.
21. Another essential part of the revenue cycle is filling customer orders and shipping
merchandise to customers. Automating warehouse systems cut costs, improve
efficiency, and enable more customer-responsive shipments. The essential element(s)
required for an automated perpetual inventory system consist(s) of
a)
b)
c)
d)
conveyor belts and forklifts
conveyor belts and forklifts equipped with RFDC
conveyor belts
bar-code scanners
22. Once a customer order has been approved, which document is produced next?
a)
b)
c)
d)
the sales invoice
the packing slip
the remittance advice
the purchase order
23. In a shipping department, a __________ is a legal contract that defines responsibility
for goods that are in transit.
a)
b)
c)
d)
packing slip
bill of lading
picking list
back order
24. The __________ is a legal contract that defines responsibility for the goods that are in
transit.
a)
b)
c)
d)
bill of lading
freight bill
sales order
order acknowledgement
25. Two documents usually accompany goods sent from the vendor to the customer.
What are these two documents?
a)
b)
c)
d)
a bill of lading and an invoice
a packing slip and a bill of lading
an invoice and a packing slip
an invoice and a sales order
26. For a given order, assume that goods have been picked for shipment and the items
and quantities have been entered into the system. Which system update below is not
triggered by these actions?
a)
b)
c)
d)
any back orders are initiated
inventory quantities are updated
the customer accounts receivable is posted
shipping documents such as the bill of lading are produced
27. The third basic activity in the revenue cycle involves billing customers and
maintaining accounts receivable. What is the basic document created in the billing
process?
a) the bill of lading
b) the purchase order
c) the packing list
d) the sales invoice
28. A company uses an invoice method whereby customers typically pay according to
each invoice. This is the __________ method.
a)
b)
c)
d)
monthly statement
open-invoice
balance forward
cycle billing
29. A type of accounts receivable system that matches specific invoices and payments
from the customer is called a(n) __________ system.
a)
b)
c)
d)
closed invoice
balance forward
cycle billing
open invoice
30. A customer returns a document along with cash payment. The document identifies
the source and the amount of the cash payment. It is called a
a)
b)
c)
d)
remittance advice.
remittance list.
credit memorandum.
debit memorandum.
31. With a(n) __________ system, customers pay according to the amount showing on
their monthly statement and payments are simply applied against the total account
balance.
a)
b)
c)
d)
closed invoice
open invoice
balance forward
invoice forward
32. In billing systems, the __________ is sent to the customer that summarizes all
transactions occurring during a given period of time and it indicates the amount due.
a)
b)
c)
d)
remittance list
monthly statement
invoice
aging report
33. When a customer pays off the balance on an invoice, the transaction is credited to the
__________ file.
a)
b)
c)
d)
customer master
sales transaction
cash receipts
All of the above are correct.
34. A type of business document in which part of the original document is returned to the
source for further processing is called a __________ document.
a)
feedback
b) returnable
c) closed-loop
d) turnaround
35. A __________ system spreads out the monthly statements to customers over the
entire month with the idea being that the processing load and cash flow will be more
even.
a)
b)
c)
d)
closed invoice
open invoice
cycle billing
balance forward
36. The last step in the revenue cycle is cash collections. The accounts receivable
department must know when customers pay their invoices, yet segregation of duty
controls dictate that the collection and recording functions be kept separate from each
other. What is a solution to this potential internal control problem?
a)
b)
c)
d)
have customers send a remittance advice with their payment
have mailroom personnel prepare a remittance list which can be forwarded to accounts receivable
establish a lockbox arrangement with a bank
all of the above
37. The benefits of a cash lockbox system are maximized when
a)
b)
c)
d)
the bank is located close to the company.
several banks around the country are used.
only one bank is designated.
EFT is used.
38. A system where the bank electronically notifies a company about customers'
remittances received through the postal system is known an
a)
b)
c)
d)
e-cash system.
electronic lockbox.
electronic funds transfer (EFT).
electronic data interchange (EDI).
39. When customers send their remittances electronically to the company's bank, this is
called
a)
b)
c)
d)
FEDI.
EFT.
to use procurement cards.
an electronic lockbox.
40. Automating the cash collection process is a desirable goal of the organization. A way
to incorporate the advantages of EDI with the electronic funds transfer process is
a)
b)
c)
d)
FEDI.
EFT.
to use procurement cards.
an electronic lockbox.
41. Key differences exist when an integrated Enterprise Resource Planning system (ERP)
replaces an existing AIS or legacy system. For example, __________ are more
accurate and timely, enabling sales order entry staff to provide customers more
accurate information about delivery dates.
a)
b)
c)
d)
inventory records
cash receipts
credit approval decisions
exception reports
42. When an ERP is used, it is assumed that there will be increases in efficiency and the
effectiveness of the activities related to the revenue cycle. However, what must be in
place and functioning well to fully realize these benefits?
a)
b)
c)
d)
an effective marketing staff
all the components of the expenditure cycle
adequate controls
adequate system flowchart documentation
43. Well-designed AIS controls must ensure that all transactions are authorized, valid,
and properly recorded. In addition, there are three other AIS objectives. Which is not
an AIS objective?
a)
b)
c)
d)
transactions are recorded accurately
transactions are matched into the proper time period
assets are safeguarded from loss or theft
business activities are performed efficiently and effectively
44. The activities involved in soliciting and processing customer orders within the
revenue cycle are known as the __________.
a)
b)
c)
d)
sales order entry process
shipping order process
revenue process
marketing process
45. To ensure proper separation of duties the __________ makes decisions concerning
issuance of credit memos.
a)
b)
c)
d)
accounts receivable supervisor
warehouse manager
credit manager
cashier
46. It has been discovered that credit sales have been made to customers with a poor
credit rating. If this activity continues, the company may face uncollectible sales and
losses due to bad debts. What applicable control procedure may help the company to
gain control over this situation?
a)
b)
c)
d)
separation of shipping and billing duties
credit approval by a credit manager and not marketing personnel
data entry application controls
price lists
47. Consider the following revenue cycle scenario: The company has been exposed to
customer dissatisfaction and the suggested control procedure to be implemented is to
install and use bar-code scanners. What is the threat?
a)
b)
c)
d)
The company may be shipping the wrong merchandise.
The company may be shipping the wrong quantities of merchandise.
The company may be shipping orders to the wrong address.
All of the above threats may apply to this scenario.
48. Which of the following would be the least effective control to minimize the loss of
inventory?
a)
b)
c)
d)
secure the storage location of inventory
release inventory only with proper documentation
periodically back up all perpetual inventory records
reconcile the physical and book inventories
49. One applicable control procedure is to separate the shipping and billing functions
within an organization. This control feature is designed to neutralize the threat of
a)
b)
c)
d)
the failure to bill customers.
billing errors.
loss of data.
poor performance.
50. A company fails to bill customers due to a lack of controls. The exposure the
company faces is
a)
b)
c)
d)
customer dissatisfaction.
an overstated accounts receivable balance.
a loss of inventory and revenue.
uncollectible sales and losses due to bad debts.
51. All of the following edit checks for online editing of accounts receivable transactions
would probably be included except
a)
b)
c)
d)
validity checks on customer and invoice numbers.
check digit verification on the amount of the sale.
closed loop verification on the customer name to ensure the proper account is being updated.
field checks on the values in dollar fields.
52. When a proper segregation of duties exists in the area of handling cash receipts, the
__________, who reports to the __________, actually handles the cash and is not the
same person who posts cash receipts to customer accounts.
a)
b)
c)
d)
cashier; treasurer
cashier; controller
accountant; treasurer
accountant; controller
53. In a cash collection system with proper controls, the __________ function,
responsible to the __________, is separate and distinct from the cash handling
activities.
a)
b)
c)
d)
accounts receivable; treasurer
accounts receivable; controller
cashier; controller
cashier; treasurer
54. A serious exposure for an organization that is connected with the revenue cycle is the
loss of assets. What is the related threat and applicable control procedure association
with this exposure?
a)
b)
c)
d)
shipping errors; reconciliation of sales order with picking ticket and packing slip
theft of cash; segregation of duties and minimization of cash handling
loss of data; backup and recovery procedures
poor performance; preparation and review of performance reports
55. Which of the following duties could be performed by the same individual and not
violate segregation of duty controls?
a)
b)
c)
d)
handling cash and posting to customer accounts
issuing credit memos and maintaining customer accounts
handling cash and authorizing credit memos
handling cash receipts and mailing vendor payments
56. To prevent the loss of valuable data in the revenue cycle, internal file labels can be
used to
a)
b)
c)
d)
keep competitors from accessing files.
record off-site storage locations.
organize the on-site physical storage site.
reduce the possibility of erasing important files.
57. In the shipping area of the company, the __________ is used to obtain the goods from
the warehouse facility and prepare them for shipment to the customer.
a)
b)
c)
d)
picking ticket
packing slip
bill of lading
invoice
SHORT ANSWER
58. a) Define revenue cycle. b) What are the basic revenue cycle activities?
59. Explain how validity checks, completeness tests and reasonableness tests can be users
to ensure accuracy of customer ordes.
60. What is a CRM system?
61. How can EDI help the billing and account receivable process?
62. How does a company avoid overbilling customers for items not yet shipped?
63. In billing and accounts receivable, what documents are commonly used?
64. Why is credit approval an important part of the revenue cycle?
65. Name and briefly define the two types of accounts receivable systems.
66. What is cycle billing?
67. Poor performance in the area of cash collections is a threat to the business. What
controls can be used to help neutralize this threat?
68. A well-designed AIS should provide adequate controls to ensure that objectives in the
revenue cycle are met. What are those objectives?
ESSAY
69. Discuss ways in which information technology can be used to streamline cash
collections.
70. Describe four threats and identify appropriate controls for each threat in the revenue
cycle.
71. Discuss the general control issue of the loss of data as it relates to the revenue cycle.
72. Explain how to effectively segregate duties in the sales order cycle.
73. Discuss the revenue cycle threat of stockouts, carrying costs, and markdowns.
ANSWER KEY
1) D
2) C
3) C
4) B
5) C
6) C
7) D
8) B
9) D
10) D
11) A
12) B
13) A
14) B
15) B
16) B
17) D
18) A
19) A
20) D
21) D
22) B
23) B
24) A
25) B
26) C
27) D
28) B
29) D
30) A
31) C
32) B
33) A
34) D
35) C
36) D
37) B
38) B
39) B
40) A
41) A
42)
43)
44)
45)
46)
47)
48)
49)
50)
51)
52)
53)
54)
55)
56)
57)
58)
59)
60)
61)
62)
63)
64)
65)
C
B
A
C
B
D
C
A
C
B
A
B
B
D
D
A
a) The revenue cycle is a recurring set of business activities and related information processing
operations associated with providing goods and services to customers and collecting cash in
payment for those sales. b) The basic activities in the revenue cycle are: order entry - soliciting
and processing customer activities- filling customer orders and shipping merchandise- invoicing
customers and maintaining customer accounts collections - the cashier handles remittances and
deposits them in the bank; accounts receivable personnel credits customer accounts for the
payments received
Validity checks can be used to compare the customer and inventory information on the customer
order with the information in the customer and inventory master files. A completeness test can
ensure that all the necessary information is present on the customer order. A reasonableness test
can compare the quantity ordered with the customer's past order history for that item.
CRM stands for customer relationship management. Since customer service is so important today,
special CRM software packages have been created that support this vital process. CRM systems
help a company to organize detailed data about customers so that more personalized service can be
given to them. A CRM system may retain customer preferences and customer transaction history,
which can be used to suggest other products the customer may wish to purchase. The system
could also take a pro-active marketing approach in contacting customers at certain re-order points.
A well-implemented CRM system can help the business achieve the goal of turning satisfied
customers into loyal customers.
The basic document created in the billing process is the sales invoice. Many companies still print
paper invoices and send them to customers in the mail. Batch processing of invoices may create
cash flow problems because of the time it takes invoices to flow through the regular mail system.
Companies that use EDI can create quicker turnaround for payment, and save costs by reducing
paper handling and processing. Depending on the number of invoices processed per year, these
savings can be significant.
By having the shipping department personnel enter actual quantities shipped into the system that
processes and creates the sales invoices.
Sales invoice notifies customer of amount to be paid. Monthly statement summarizes all
transactions that occurred during month. Credit memo authorizes the billing department to credit
the customer's account, should be issued by credit manager
Most business-to-business sales are made on credit. Key to revenue cycle success is the approval
of credit sales before they are processed and goods shipped. A part of good control in this area is
to establish a credit limit for customers. With new customers, or when orders exceed a customer's
credit limit, or the customer has a past due balance, specific authorization for the credit manager
should specifically authorize and approve further credit. The system can also be programmed to
do a limit check for each order processed to maintain further control in this area. Also, marketing
personnel should not make credit decisions, as a potential conflict of interest is possible.
Open invoice system - customers pay the invoice by returning a remittance advice turnaround
document and a check. Remittances are applied against specific open invoices.The open-invoice
method can be used to offer discounts for prompt payments since invoices are individually
66)
67)
68)
69)
70)
71)
tracked. However, such individual tracking adds complexity in maintaining information. Balanceforward method - customers pay according to the amount shown on a monthly statement and
remittances are applied against the total outstanding balance; this method is used by department
stores typically where customers make a large number of smaller dollar amount purchases.
Cycle billing is spreading out the customer base so that a portion of the billing is done each day to
a group of customers. Credit card and utility companies use it extensively because of their large
customer bases. The advantage of this method is that the billing load is dispersed and the cash
flow of the company is evened out dramatically.
Both accounts receivable and cash flows should be monitored. Segregation of duty controls
should always be implemented and monitored for compliance. Also, a control used to deal with
accounts receivable (which directly impacts cash flow) is to use an accounts receivable aging
schedule. This schedule lists customer account balances by length of time outstanding and
provides information for estimating bad debts. It can also assist in evaluating credit policies and
specific customer credit limits. Also, a cash budget can be used to provide a more precise estimate
of cash inflows (cash collected from sales) and cash outflow (outstanding payables). An
organization can be alerted to a pending cash flow shortage, thus enabling it to secure short-term
financing at competitive rates to deal with the problem in a timely manner.
1. All transactions are properly authorized. 2. All recorded transactions are valid. 3. All valid,
authorized transactions are recorded. 4. All transactions are recorded accurately. 5. Assets are
safeguarded from loss or theft. 6. Business activities are performed effectively and efficiently.
Answers may include the following points: A lockbox system can reduce delays due to processing
and geographical distance between customer and company. Customers send remittances to a
nearby P.O. box; a local bank picks up remittances, deposits cash and sends remittance advices
and copies of all checks to the company. The main disadvantage is cost; the banks charge a
service fee up to 1% of the cash processed through the system. Information technology can
provide additional efficiencies in the use of lockboxes. An electronic lockbox sends electronic
notification of remittances to the company. This method enables the company to begin applying
remittances to customer accounts before the photocopies of the checks arrive. ---- An EFT system
eliminates paper checks and uses electronic payments between banks. Integrating EFT and EDI,
called the financial electronic data interchange, automates billing and cash collections. ---Procurement cards or credit cards can be used. These cards eliminate the risks and costs
associated with creating and maintaining accounts receivable, but cost between 2% to 4% of the
gross sales price.
Threat 1: Sales to customers with poor credit - Controls: Having an independent credit approval
function and maintaining good customer accounting can help to prevent problems. 2: Shipping
errors - Controls: Reconciling shipping notices with picking tickets; bar-code scanners; and data
entry application controls will help to catch these errors. 3: Theft of inventory - Controls: Secure
the location of inventory and document transfers; release only with valid shipping orders; have
good accountability for picking and shipping; and finally, periodically reconcile records with a
physical count. 4: Failure to bill customers - Controls: Separating shipping and billing and prenumbering of shipping documents helps along with reconciliation of all sales documents. 5:
Billing errors - Controls: Reconciliation of picking tickets and bills of lading with sales orders;
data entry edit controls; and price lists may prevent billing errors. 6: Theft of cash - Controls:
Segregation of duties is essential to prevent this serious problem (the following duties should be
separate: handling cash and posting to customer accounts; handling cash and authorizing credit
memos and adjustments; issuing credit memos and maintaining customer accounts); use of
lockboxes for receipts and EFT for disbursements; mailing customer statements monthly; use cash
registers in retail operations where cash payments are received; deposit cash daily in the bank; and
have the bank reconciliation function performed by independent third parties. 7: Posting errors in
updating accounts receivable - Controls: Use of editing and batch totals is essential here. 8: Loss
of data - Controls: Regular backups are essential with one copy stored off-site; and logical and
physical access controls to prevent leakage to competitors and irregularities. 9: Poor performance Controls: Use sales and profitability analyses; accounts receivable aging; and cash budgets to track
operations.
One of the two general objectives that pertain to all revenue cycle activities is the loss of data. The
primary threats related to the data availability objective are the loss of data and access controls. It
is imperative that accurate customer account and inventory records be maintained for external and
internal reporting purposes and for customer inquiries. Such records must be protected from loss
and damage by using backup files. One backup file should be kept on-site, while a second should
be kept off-site. Backup files of the most recent transactions should also be maintained. Also, all
disks and tapes should have both external and internal file labels to reduce the possibility of
accidental erasure of important files. Access controls are also important as a general control.
Unauthorized access to information may cause leaks of the information to competitors and the risk
of damage to sensitive and important data files. Employees should have certain access restrictions
to help prevent this threat from occurring. Passwords and user IDs will help to limit access to files
and the operations allowed to be performed on files. For example, the sales staff should not be
allowed write-access to customers' credit limit and approval information. Individual terminals
should also have access controls in place. An example of this control would be to prevent
someone at a shipping dock terminal from entering a sales transaction order. Another control that
should be put in place is to require activity logs of any management approved transaction. Such a
log should be maintained for audit trail purposes.
72) Recording - should be done by sales order personnel - by the credit manager, not sales order, also,
use of sales order to authorize release of goods to shipping. - separate warehouse and stores
personnel, and shipping, all separate from sales. Because a computer does recording and
authorization, it is important to ensure integrity of the programs and to perform edit checks on any
online entries
73) Stockouts, carrying costs, and markdowns are a threat in the sales order entry process. The
problem with stockouts is that when goods are not available to ship to customers, the business
risks losing the sale to a competitor that can provide the goods in a timely manner. The opposite
problem can also occur where excess inventory increases carrying costs, with the result that
markdowns may be necessary in order to sell the inventory. Two controls can be implemented to
cope with this threat. One control that can be put into place is to establish accurate inventory
control. An AIS with real-time online capabilities can be programmed to use the perpetual
inventory method. This will ensure that accurate records are maintained about the quantity of
inventory for sale. This will eliminate mistakes in placing orders for goods when a sufficient
inventory amount is on hand. Periodic physical counts of inventory will also verify the perpetual
amounts recorded by the AIS. Another important control in this situation is that of accurate sales
forecasting. Proper marketing efforts should be made in conjunction with regularly reviewing
sales forecasts for accuracy. Such forecasts should be revised as necessary. Sales force marketing
efforts should be commensurate with inventory levels as well.
Chapter 11
MULTIPLE CHOICE
1. In the expenditure cycle, the primary external exchange of information occurs with
a)
b)
c)
d)
customers.
suppliers.
management.
the audit committee.
2. Within the expenditure cycle, internal information flows
a)
b)
c)
d)
from the production cycle to the expenditure cycle.
from the revenue cycle to the expenditure cycle.
to the general ledger from the expenditure cycle.
All of the above are correct.
3. To accomplish the objectives set forth in the expenditure cycle, a number of key
management decisions must be addressed. Which of the decisions below is not
ordinarily found as part of the expenditure cycle?
a)
b)
c)
d)
How can cash payments to vendors be managed to maximize cash flow?
What is the optimal level of inventory and supplies to carry on hand?
Where should inventories and supplies be held?
What are the optimal prices for each product or service?
4. There are three basic activities in the expenditure cycle. One of the basic activities is
the receiving and storage of goods, supplies, and services. What is the counterpart of
this activity in the revenue cycle?
a)
b)
c)
d)
the sales order entry process
the shipping function
the cash collection activity
the cash payments activity
5. The first major business activity in the expenditure cycle is ordering inventory and
supplies. The traditional approach to management of inventory to ensure sufficient
inventory to maintain production is known as
a)
b)
c)
d)
safety stock.
just-in-time production.
economic order quantity.
optimal inventory quantity.
6. EOQ includes several variables that must be taken into consideration when
calculating the optimal order size. One variable, the costs associated with holding
inventory, is referred to as
a)
b)
c)
d)
ordering costs.
carrying costs.
the reorder point.
stockout costs.
7. The decision of when to place an order in a traditional inventory system is specified
by the
a)
company inventory policies.
b) economic order quantity.
c) stockout point.
d) reorder point.
8. When goods are being ordered from a vendor, which electronic files are either read or
updated?
a)
b)
c)
d)
inventory, vendors, and accounts payable
vendors and accounts payable
open purchase orders and accounts payable
inventory, vendors, and open purchase orders
9. One alternative approach to managing inventory is materials requirements planning
(MRP). What is a key feature of this approach?
a)
b)
c)
d)
to minimize or entirely eliminate carrying and stockout costs
to reduce required inventory levels by scheduling production rather than estimating needs
to determine the optimal reorder point
to determine the optimal order size
10. The major advantage of an MRP inventory system is that it reduces inventory levels.
This is because
a)
the uncertainty about when materials are needed is reduced, thus reducing the need to carry large
levels of inventory.
b) the system is able to compute exactly the cost of purchasing by taking into account all costs
associated with inventory carrying.
c) inventory is brought to the production site exactly when needed and in the correct quantities by the
vendor.
d) None of the above are correct.
11. The inventory management approach that attempts to minimize, if not eliminate,
carrying and stockout costs is
a)
b)
c)
d)
the materials requirements planning.
the economic order quantity.
a just-in-time inventory system.
There is no such inventory management approach.
12. What aspect below best characterizes a JIT inventory system?
a)
b)
c)
d)
frequent deliveries of smaller quantities of items to the work centers
frequent deliveries of large quantities to be held at the work centers
less frequent deliveries of large quantities of goods to central receiving
infrequent bulk deliveries of items directly to work centers
13. What is the key difference between the MRP and JIT inventory management
approaches?
a)
b)
c)
d)
Only JIT reduces costs and improves efficiency.
MRP is especially useful for products such as fashion apparel.
JIT is more effectively used with products that have predictable patterns of demand.
MRP schedules production to meet estimated sales needs; JIT schedules production to meet
customer demands.
14. MRP will be a preferred method over JIT when the
a)
b)
c)
d)
demand for inventory is fairly predictable.
demand for inventory is mostly unpredictable.
product has a short life cycle.
None of the above are correct.
15. A key decision in ordering is selecting a suitable vendor. Which of the following
would not be a major criterion in vendor selection?
a)
b)
c)
d)
prices of goods
quality of goods
credit rating of the vendor
ability to deliver on time
16. Once a vendor is selected for a product, the company's identity is recorded in the
a)
b)
c)
d)
general ledger.
purchase requisition file.
product inventory transaction file.
product inventory master record.
17. The paper document or electronic form that formally requests a supplier to sell and
deliver specified products at designated prices is called
a)
b)
c)
d)
a purchase order.
a materials requisition.
a sales invoice.
a receiving report.
18. A purchase order is
a)
b)
c)
d)
a document formally requesting a vendor to sell a certain product at a certain price.
a request for delivery of certain items and quantities.
a contract between the buyer and vendor once accepted by the vendor.
All of the above are true.
19. A standing order to purchase specified items at a designated price, from a particular
supplier for a set period of time, is called a
a)
b)
c)
d)
set order.
blanket purchase order.
purchase order.
commodity order.
20. A major cost in the purchasing function is the number of purchase orders processed.
One technique that may reduce purchasing-related expenses is to have suppliers
compete with each other to meet demand at the lowest price. This name of this
technique is
a)
b)
c)
d)
an EDI auction.
a trading exchange.
a reverse auction.
a supplier consortium.
21. The receiving and storage of goods is the responsibility of the receiving department,
which usually reports to the __________ function in the company.
a)
b)
c)
d)
inventory control
stores
production
purchasing
22. The receiving department has two major responsibilities in connection with the
expenditure cycle. Identify one of these responsibilities.
a)
b)
c)
d)
shipping products most efficiently and at the lowest cost
deciding if the delivery should be accepted
verifying any purchase discounts for the delivery
deciding on the location where the delivery will be stored until used
23. Which of the following is generally not shown on a receiving report?
a)
b)
c)
d)
price of the items
quantity of the items
purchase order number
counted and inspected by
24. A receiving clerk notes that a delivery of 10 units has been received, but the purchase
order specified 12 units. A debit memo will be prepared to adjust for the difference
in the quantity ordered and received. Who should prepare this document?
a)
b)
c)
d)
the receiving clerk
management
the sales department
the purchasing department
25. Identify which of the following scenarios the buyer could adjust by using a debit
memo document.
a)
b)
c)
d)
quantity different from that ordered
damage to the goods
goods that fail inspection for quality
All of the above are possible scenarios.
26. What is one of the best ways to improve the overall efficiency and effectiveness of
the receipt and storage of ordered items?
a) requiring all suppliers to have a second party verify quantities purchased before shipment
b) requiring all suppliers to have bar-codes on their items to allow electronic scanning upon delivery
by the receiving department
c) requiring all suppliers to use EDI to expedite the receiving department function
d) requiring all delivery trucks to have satellite data terminals to expedite the receiving department
function
27. All of the following technologies could be useful aids in the receiving process except
a)
b)
c)
d)
bar coding.
radio frequency identification tags.
EFT.
satellite technology.
28. Vendor invoices are approved by the __________, which reports to the __________.
a)
purchasing department; controller
b) accounts payable department; treasurer
c) purchasing department; treasurer
d) accounts payable department; controller
29. From a legal standpoint, when does the obligation to pay a vendor arise?
a)
b)
c)
d)
when the goods are requisitioned
when the goods are ordered
when the goods are received by the purchaser
when the goods are billed
30. The disbursement voucher and supporting documents are sent to the __________ for
payment prior to the due date.
a)
b)
c)
d)
cashier
treasurer
controller
accounts payable department
31. A __________ system is a system in which an approved invoice is posted to the
vendor account and is stored in an open invoice file until payment is made by check.
a)
b)
c)
d)
voucher
nonvoucher
cycle
blanket invoice
32. A disbursement voucher contains
a)
b)
c)
d)
a list of outstanding invoices.
the net payment amount after deducting applicable discounts and allowances.
the general ledger accounts to be debited.
All of the above are correct.
33. A legal obligation arises at the time goods are received from a supplier. The
objective of accounts payable is to authorize payment only for goods or services
actually ordered and received. The best way to process supplier invoices is to use
a)
b)
c)
d)
electronic funds transfer for small, occasional purchases from suppliers.
a nonvoucher system.
EDI for all small, occasional purchases from suppliers.
a disbursement voucher system.
34. What is not an advantage to using disbursement vouchers?
a) Disbursement vouchers reduce the number of checks written.
b) Disbursement vouchers can be prenumbered which simplifies the tracking of all payables.
c) Disbursement vouchers facilitate separating the time of invoice approval from the time of invoice
payment.
d) There are no disadvantages to using disbursement vouchers.
35. Which of the following is not an advantage of a voucher system?
a)
b)
c)
d)
several invoices may be included on one voucher, reducing the number of checks
disbursement vouchers may be pre-numbered and tracked through the system
the time of voucher approval and payment can be kept separate
it is a less expensive and easier system to administer than other systems
36. What is the final activity in the expenditure cycle?
a)
b)
c)
d)
ordering goods
receipt and storage of goods
approving vendor invoices for payment
the payment of approved invoices
37. In a typical cash disbursement procedure, who usually handles the checks and may
even be able to sign checks up to a certain dollar limit?
a)
b)
c)
d)
the accounts payable supervisor
the controller
the cashier
the treasurer
38. Duties in the expenditure cycle should be properly segregated to promote internal
control. This means that the authorization function is performed by __________, the
recording function is performed by __________, and the cash disbursement function
is performed by the __________.
a)
b)
c)
d)
accounts payable; purchasing; cashier
purchasing; accounts payable; cashier
purchasing; cashier; accounts payable
purchasing; accounts payable; treasurer
39. A voucher package should include
a)
b)
c)
d)
a purchase requisition, vendor invoice, and receiving report.
a purchase order, vendor invoice, and receiving report.
a purchase requisition, purchase order, and receiving report.
a bill of lading and vendor invoice.
40. The evaluated receipt settlement (ERS) replaces the more traditional 3-way matching
process with a 2-way match of the purchase order and the
a)
b)
c)
d)
vendor invoice.
sales invoice.
receiving report.
disbursement voucher.
41. What may be the biggest opportunity to improve the efficiency of accounts payable?
a)
b)
c)
d)
convert a manual AIS system to EDI and EFT
streamline noninventory purchases
use ERS
use disbursement vouchers
42. When purchasing miscellaneous supplies, companies can reduce costs, improve
efficiency, and combat employee fraud by using
a)
b)
c)
d)
procurement cards.
a JIT inventory system.
credit cards.
debit cards.
43. If available, a 1% discount for payment within 10 days represents an approximate
savings of __________ % annually.
a)
b)
c)
d)
1
12
18
36
44. When a legacy system is replaced with an integrated Enterprise Resource Planning
(ERP) system, many benefits are realized for the organization. What is a key
improvement in the record keeping function?
a)
b)
c)
d)
Any department can now submit a request to purchase items.
The system tracks the exact time of delivery.
Major suppliers send electronic notification of incoming deliveries.
Inventory records are more accurate and timely.
45. The threat of paying prices that are too high for goods ordered can pose a problem in
the expenditure cycle. What is an appropriate control that would be applicable to
help mitigate this threat?
a)
b)
c)
d)
require the receiving department to verify the existence of a valid purchase order
use only approved suppliers and solicit competitive bids
only pay invoices that are supported by the original voucher package
use bar-code technology
46. What is probably the most effective control for the prevention of kickbacks to
purchasing agents?
a)
b)
c)
d)
purchasing from approved vendors
good supervision in the purchasing area
a corporate policy to prohibit purchasing agents from accepting kickbacks
reviews of vendor performance
47. There are several threats that are associated with the process and activity of receiving
and storing goods. Identify one of these threats below.
a)
b)
c)
d)
errors in counting
kickbacks
requests for unnecessary items
errors in vendor invoices
48. What is the easiest way to prevent the acceptance of unordered goods?
a) order only from approved vendors
b) always require that a valid purchase order exists before goods can be accepted at the time of
delivery
c) have an appropriate conflict of interest policy in place
d) require receiving personnel to call the vendor before accepting any goods
49. Which of the following is not a common control for ensuring inventory is secure and
inventory counts are accurate?
a) control of physical access to the inventory storage areas
b) transfers of inventory with proper documentation
c) sending "blind" copies of purchase orders to inventory control for data entry
d) making physical counts of inventory at least once per year
50. Double-checking the accuracy of an invoice is an applicable control that can help to
neutralize a threat in the expenditure cycle. What process or activity would
specifically be associated with this control?
a)
b)
c)
d)
order goods
receive and store goods
pay for goods and services
general issues
51. There is a threat of paying an invoice twice. What is an applicable control that may
help mitigate this threat?
a)
b)
c)
d)
payment should never be authorized for a photocopy of an invoice
double-check invoice accuracy
approval of a purchase order
adequate perpetual inventory records
52. Which control would be best to prevent payments made to fictitious vendors?
a)
b)
c)
d)
allow payments only to approved vendors
restrict access to any payment or approval documents
have an independent bank reconciliation
make sure all documents are in order before approving payments
53. In the expenditure cycle, good control dictates that expenditures should be paid by
check. This may not be feasible when minor purchases are made. To facilitate quick
payment for minor purchases, a(n) __________ should be set up and maintained
using __________.
a)
b)
c)
d)
special bank account; disbursement vouchers
imprest fund; vouchers
cash box; small denomination bills
petty cash fund; procurement cards
54. A surprise count of petty cash by the auditor should find the total of __________
equal to the amount authorized for the fund.
a)
b)
c)
d)
cash and credit memos
cash and petty cash vouchers
cash
cash and checks
55. Special care should be taken when EFT payments are made to vendors. What control
should be put in place that assigns responsibility for EFT payments?
a)
b)
c)
d)
encrypt all EFT transmissions
time stamp all EFT transactions
establish a control group to monitor EFT transactions for validity and accuracy
number all EFT transactions
56. Which of the following threats is not specific to the purchase requisition process of
the expenditure cycle?
a)
stockouts
b) purchasing from unauthorized vendors
c) requisitioning goods not needed
d) All of the above are threats in the purchase requisition process.
57. The loss of data is a threat encountered in the expenditure cycle. What is the related
process/activity and applicable control used to counteract the threat?
a)
b)
c)
d)
order goods; backup and disaster recovery plans
general issues; backup and disaster recovery plans
general issues; development of periodic review of appropriate performance reports
order goods; various data entry and processing edit controls
SHORT ANSWER
58. a) Define expenditure cycle. b) What are the basic expenditure cycle activities?
59. What is the EOQ approach? What are the components of EOQ?
60. Define the materials requirement planning (MRP)
61. Define just-in-time (JIT) inventory methods.
62. Briefly discuss the differences among EOQ, MRP, and JIT.
63. a) What is the major cost driver in the purchasing function? b) How can information
technology be used to control this cost driver?
64. How is the expenditure cycle a "mirror image" of the revenue cycle?
65. What are the possible problems associated with receiving goods ordered from a
vendor?
66. Name and describe the two common systems for approving vendor payments.
67. How can information technology be used to improve the vendor invoice approval
process?
ESSAY
68. Under what conditions is MRP preferable to JIT and vice versa?
69. In the expenditure cycle, the majority of payments made are by check. What are
some control issues related to payment of vendors by check?
70. Identify ten threats and applicable control procedures for each in the expenditure
cycle.
71. What types of decision-making and strategic information should the AIS provide in
the expenditure cycle?
72. How can using bar codes on goods or products provide significant benefit in the
expenditure cycle?
ANSWER KEY
1) B
2) D
3) D
4) B
5) C
6) B
7) D
8) D
9) B
10) A
11) C
12) A
13) D
14) A
15) C
16) D
17) A
18) D
19) B
20) C
21) C
22) B
23) A
24) D
25) D
26) B
27) C
28) D
29) C
30) A
31) B
32) D
33) D
34) D
35) D
36) D
37) C
38) B
39) B
40) C
41) B
42) A
43) C
44) D
45) B
46) C
47) A
48) B
49) C
50) C
51) A
52) A
53) B
54) B
55)
56)
57)
58)
C
B
B
a) The expenditure cycle is a recurring set of business activities and related data processing
operations associated with the purchase of and payment for goods and services. The basic
activities in the expenditure cycle are: Requesting the purchase of needed goods. Ordering goods
to be purchased. Receiving ordered goods. Approving vendor invoices for payment. Paying for
goods purchased.
59) EOQ (economic order quantity) is the traditional inventory control method to maintain sufficient
inventory levels so production can continue without interruption. EOQ should take into account a
situation where inventory use is greater than expected. EOQ calculates the optimal order size to
minimize the sum of ordering, carrying, and stockout costs. Ordering costs - all expenses
associated with processing purchasing transactions. Carrying costs - costs associated with holding
inventory. Stockout costs - costs from inventory shortages, such as lost sales or production costs.
60) Materials requirements planning (MRP) is an inventory management technique that seeks to
reduce required inventory by better scheduling production. MRP basically estimates the sales
demand for a product.
61) Just-in-time (JIT) is another inventory management technique that minimizes carrying and
stockout costs by having deliveries made in quantities and at the time needed for production based
on customer demand.
62) Economic Order Quantity (EOQ) is the traditional approach to managing inventory. EOQ is used
to find the optimal order size. Ordering costs, carrying costs, and stockout costs are considered in
finding the EOQ. The MRP (Materials Requirements Planning) inventory method seeks to reduce
inventory levels by scheduling production, based on estimated sales, rather than by estimating
needs (which EOQ does). A just-in-time inventory system (or JIT) attempts to minimize, if not
totally eliminate, both carrying and stockout costs through the frequent delivery of small amounts
of materials, parts, and supplies when they are needed. JIT does not attempt to estimate needs or
schedule production based on estimated sales, as it is based on customer demand at a given time.
A JIT system almost eliminates finished goods inventory.
63) a) The major cost driver in the purchasing function is the number of purchase orders processed. b)
The number of purchase orders can be reduced or streamlined by: Electronic data interchange
(EDI) for transmitting purchase orders to vendors. Use procurement cards for small dollar and
small quantity purchases of non-inventory items. Reduce clerical costs by using the Internet to
perform certain purchasing functions. Use vendor-managed inventory programs to reduce
purchasing and inventory costs.
64) The expenditure cycle has been called a "mirror image" of the revenue cycle because the activities
of the expenditure cycle are the opposite, or "reflection" of several activities found in the revenue
cycle. For example, the order goods activity generates a purchase order, which serves as customer
input to the sales order entry process. The receive goods activity handles the goods sent via the
supplier's shipping function. The pay for goods activity generates the payments that are processed
by the supplier's cash collection activity. This mirror image also means that major technological
improvements in the expenditure cycle may bring about complementary improvements in
suppliers' revenue cycle as well.
65) When a shipment of goods arrives, the quantity of goods received may not be the same as the
quantity ordered; the goods may have been damaged in shipment and therefore are not suitable for
use; and, goods may be received that are inferior in quality and fail an inspection. Whenever any
of these problems occur, the purchasing department should deal with the vendor and issue a debit
memo to record an adjustment to the order. The vendor should then issue a credit memo in
acknowledgment of the problem and the pending adjustment.
66) Non-voucher (open invoice) system - approved invoices are posted to vendor records and stored in
an open invoice file; checks are written for each individual invoice; when paid, the documents are
marked "paid" and placed in a paid invoice file. Voucher system - a disbursement voucher is
prepared to summarize information contained in a set of vendor invoices and specify the general
ledger accounts to be debited; the voucher authorizes the cashier to make payment to the vendor.
The voucher system reduces the number of checks written since several invoices can be paid by
one check.
67) EDI eliminates the need to enter invoice data and the matching of payment documents - all of this
can be done using computers and network technologies. Technology can eliminate the need for
vendor invoices by approving payment upon receipt of the goods. Imaging systems can eliminate
paper flow, and universal languages such as XML can provide a paperless means of receiving and
storing vendor invoices. Use of procurement cards, credit cards, and electronic expense forms can
improve the efficiency of non-inventory purchases.
68) MRP systems schedule production based on estimated sales, and JIT systems schedule production
based on customer demand. The choice between these two systems is based on the types of
products a company sells. For example, products that have predictable patterns of demand and a
long life cycle are more suitable for MRP systems. In this case, sales can be forecast with greater
accuracy. Conversely, if the product has an unpredictable pattern of demand and a shorter life
cycle, then a JIT system is more suitable. JIT is able to adapt better to continuously changing
production levels.
69) Key control problems in the area of payment by check can give rise to fraudulent activity.
Fraudulent disbursements made by check to fictitious suppliers are one of the most common types
of fraud. Control over checks can be strengthened in a number of ways. First, all checks should
be sequentially pre-numbered and kept under lock and key until use. The cashier should randomly
audit the supply of unused checks and verify that none are missing. Use of the voucher system
will also provide control over paying a "phantom" supplier, since several supporting documents
must be present in the voucher packet in order to have a check issued. The cashier and/or
treasurer should be the only parties authorized to sign checks. Two signatures should be required
on all checks in excess of a predetermined dollar amount to provide independent review of large
expenditures. Also, signed checks should not be returned to accounts payable, but should be
mailed by the cashier or treasurer. When a check is issued, all documents in the voucher package
should be cancelled so that the voucher cannot be resubmitted for payment. To provide another
independent review of checking account activity, someone not connected with either accounts
payable or the treasurer's office should reconcile all bank accounts. To help circumvent check
alteration and forgery, check protection machines should be used to write the dollar amount of the
check as well as the date. The paper the check is printed on should have some special watermark
or identifying mark that is readable at a certain angle as well.
70) Answers can include the following information:1: Stock-outs - Controls: Inventory control system;
accurate perpetual inventory; and vendor performance analysis is needed to prevent this problem
2: Requesting goods not needed - Controls: Review and approval by supervisors; use of prenumbered requisition forms; and restricted access to blank purchase orders
3: Purchasing goods at inflated prices - Controls: Competitive bidding and proper supervision;
approved purchase orders; and price list consultations are needed to prevent this problem
4: Purchasing goods of inferior quality - Controls: Use experienced buyers who know good
vendors; review purchase orders; and incorporate approved vendor list into formal procedures
5: Purchasing from unauthorized vendors - Control: Pre-numbered purchase orders should be
approved; restrict access to approved vendor list and have procedures in place for any change to
the list
6: Kickbacks paid to buyers to influence their decisions - Controls: Clear conflict of interest policy
prohibiting the acceptance of any gift from vendors; disclosure of financial interest policy for
purchasing agents; and vendor audits
7: Receiving unordered goods - Controls: Receiving department must reject any goods for which
there is no approved purchase order
8: Errors in counting goods received - Controls: Use "blind" P.O. copies to force receiving
personnel to actually count goods; provide incentives for counting goods
9: Theft of inventory - Controls: Secure inventory storage locations; make transfers of inventory
with proper approval and documentation; do periodic physical count and reconciliation with
recorded amounts
10: Errors in vendor invoices - Controls: Invoice accuracy should be verified and compared to
P.O.s and receiving report data
11: Paying for goods not received - Controls: Voucher package and original invoice should be
necessary for payments
12: Failure to take available purchase discounts - Controls: File approved invoices by due date;
track invoices by due date; use a cash budget to plan for cash needs
13: Paying same invoice twice - Controls: Invoices should be approved only with a full voucher
package and paid ones should be canceled so they cannot be used again; do not pay invoices
marked "Duplicate" or "Copy"
14: Recording and posting errors for purchases and payments - Controls: Data entry controls, and
periodic reconciliation of subsidiary ledger with general ledger control account
15: Misappropriation of cash by paying fictitious vendors and alteration of checks - Controls:
Restrict access to cash, blank checks, and check signing machine; use check protection, prenumbered checks, and imprinted amounts on checks to cut down on forgery and fraud; use petty
cash fund for small expenditures only; have proper segregation of duties and independent bank
reconciliation function
16: Theft associated with EFT use - Controls: Access controls to the system; encryption of
transmissions; time-stamp and number transmissions; control group should monitor all EFT
activity
17: Loss of data - Controls: Use file labels, back up of all data files regularly; and, use access
controls
18: Poor performance - Controls: Preparation and review of performance reports
71) The AIS should provide decision making information to: Determine when and how much
additional inventory to order. Select the appropriate vendors from whom to order. Verify the
accuracy of vendor invoices. Decide whether purchase discounts should be taken. Monitor cash
flow needs to pay outstanding obligations. AIS should also provide the following strategic and
performance evaluation information on: Efficiency and effectiveness of the purchasing
department. Analysis of vendor performance such as on-time delivery, quality, etc. Time taken to
move goods from the receiving dock into production. Percentage of purchase discounts taken
72) Bar codes can significantly improve the process of receiving goods from suppliers for several
reasons. First, a bar code can easily be scanned electronically. Electronically capturing the unique
bar code number of a product not only provides identification and quantity data about the product;
it can also provide specific production information such as date and time of manufacture,
production run information, etc. Electronically encoding such information into an integrated AIS
provides up-to-the-minute inventory counts, as well as counts of units sold, and returns for use in a
perpetual inventory system. One significant factor in the wide use of bar codes is that it is cost
effective to maintain such a system. Also, both vendor and suppliers can read bar codes, and
certain bar code formats are universal in nature. This allows goods to be sold virtually anywhere
in the world, allowing for easier global marketing efforts to be made by businesses.
CH 13
MULTIPLE CHOICE
1. The AIS compiles and feeds information among the business cycles. What is the
relationship between the revenue and production cycles regarding the exchange of
information?
a)
The revenue cycle provides sales forecast and customer order information to the production cycle,
but the production cycle sends information back to revenue about finished goods production.
b) The revenue cycle receives information from the production cycle about raw materials needs.
c) The production cycle sends cost of goods manufactured information back to the revenue cycle.
d) The production cycle does not exchange information with the revenue cycle.
2. Whether a company uses an AIS, ERP, or incorporates some degree of CIM into its
production process, it still needs to collect data about four basic facets of its
production operations. The facet that impacts the company's human resource cycle
the most is
a)
b)
c)
d)
the amount of raw material used in a production order.
the labor hours expended to complete a production order.
the machine operations performed during a production order.
the tracking of manufacturing overhead costs incurred for a production order.
3. An AIS should be designed to provide timely and accurate information about
production cycle activities that impact the other business cycles. One type of
information deals with planning and controlling manufacturing costs and evaluating
performance. This type of information is called
a)
b)
c)
d)
product mix.
product pricing.
resource allocation.
cost management.
4. The basic activities in the production cycle are
a)
b)
c)
d)
product design and production operations.
planning, scheduling, and cost accounting.
raw materials requisitioning, planning, and scheduling.
Both A and B are correct.
5. The first step in the production cycle is product design. There are several objectives
connected with this step. Which objective below is not a product design objective?
a)
b)
c)
d)
to design a product that meets customer requirements
to design a quality product
to minimize production costs
to make the design easy to track for cost accounting purposes
6. The bill of materials shows the __________ of each product component.
a)
b)
c)
d)
part number and description
quantity used
quantity ordered
both A and B
7. The operations list shows
a)
b)
c)
d)
the labor and machine requirements.
the steps and operations in the production cycle.
the time expected to complete each step or operation.
all of the above
8. The list which specifies the labor and machine requirements needed to manufacture a
product is called the
a)
b)
c)
d)
bill of materials.
bill of lading.
master production schedule.
operations list.
9. The second step in the production cycle is planning and scheduling. One of the
methods of production planning is referred to as push manufacturing. This method is
also known as
a)
b)
c)
d)
manufacturing resource planning (MRP).
just-in-time manufacturing system (JIT).
the economic order quantity (EOQ) system.
ahead-of-time production implementation (ATPI).
10. The second step in the production cycle is planning and scheduling. One of the
methods of production planning is referred to as pull manufacturing. This method is
also known as
a)
b)
c)
d)
manufacturing resource planning (MRP).
just-in-time manufacturing system (JIT).
the economic order quantity (EOQ) system.
ahead-of-time production implementation (ATPI).
11. MRP-II and JIT manufacturing systems both plan production in advance. What is the
main difference between these two systems?
a)
b)
c)
d)
the length of the planning horizon
JIT uses long-term customer demand for planning purposes
MRP-II relies on EDI
There are no differences between the two systems.
12. A master production schedule is used to
a)
b)
c)
d)
develop detailed timetables of daily production and determine raw material purchasing.
develop detailed reports on daily production and material usage.
develop daily direct labor needs.
develop detailed inventory charts.
13. The form in the production cycle that specifies how much of each product is to be
produced during the planning period and when product should begin is the
a)
b)
c)
d)
bill of materials.
bill of lading.
master production schedule.
operations list.
14. The production planning department develops the master production schedule based
on information from several sources. What information is necessary to create this
schedule?
a)
b)
c)
d)
engineering department specifications and inventory levels
engineering department specifications and sales forecasts
special orders information and engineering department specifications
sales forecasts, special orders information, and inventory levels
15. What document authorizes the manufacturing of a product?
a)
b)
c)
d)
master production schedule
materials requisition
move ticket
production order
16. A __________ authorizes the transfer of raw goods needed for production from the
storeroom to the production facilities.
a)
b)
c)
d)
master production schedule
materials requisition
move ticket
production order
17. The document that authorizes the removal of the necessary quantity of raw materials
from storeroom to factory is referred to as
a)
b)
c)
d)
a bill of materials.
a production order.
a materials requisition.
a move ticket.
18. Information found on the materials requisition form is based in part on information
obtained from which other form?
a)
b)
c)
d)
a bill of materials.
a move ticket.
a production order.
a picking list.
19. A __________ is used to document the subsequent relocation of materials through the
factory for manufacturing in process.
a)
b)
c)
d)
master production schedule
materials requisition
move ticket
production order
20. An integral part of the production process is the use of raw materials. One way to
enable an AIS to efficiently track and process information about raw materials used in
production is to implement __________.
a)
b)
c)
d)
a just-in-time inventory system
bar coding
a materials resources planning inventory system
job-order costing
21. The use of various forms of information technology in the production process is
referred to as
a)
b)
c)
d)
computerized investments and machines.
computerized integration of machines.
computer-integrated manufacturing.
computer intense manufacturing.
22. The accountant's role in the __________ step of production cycle activities is to
understand how CIM affects the AIS.
a)
b)
c)
d)
production operations
product design
planning and scheduling
cost accounting methods
23. A company's production process may incorporate various forms of information
technology such as robots and computer-controlled machinery. One effect of using
such a process is a shift from mass production to custom order manufacturing. This
process is called
a)
b)
c)
d)
ERP.
CRM.
AIS.
CIM.
24. The final step in the production cycle is the cost accounting function. There are
several principal objectives of the cost accounting system. Which objective listed
below is not a principal cost accounting objective?
a)
to provide information for planning, controlling, and evaluating the performance of production
operations
b) to provide cost data about products used in pricing and product mix decisions
c) to collect and process the information used to calculate inventory and cost of goods sold amounts
that appear in the financial statements
d) to provide tests of audit control functions as part of the AIS
25. Factory supervisory costs would be assigned to departments for
a)
b)
c)
d)
product-mix decisions.
pricing decisions.
performance evaluation purposes.
All of the above are correct.
26. Which of the following is not a type of cost accounting system?
a)
b)
c)
d)
activity-based costing
just-in-time costing
job order costing
process costing
27. The type of cost accounting system that primarily assigns costs to specific batches, or
jobs, and is used where production items can be discretely identified is known as
__________ cost accounting.
a)
b)
c)
d)
just-in-time
process
job-order
manufacturing resources
28. Which type of information below should not be maintained by the AIS in accounting
for fixed assets?
a)
b)
c)
d)
identification/serial number
cost
improvements
market value
29. There are four basic activities in the production cycle. The step that may incorporate
robots and computer-controlled machinery to achieve its goals is
a)
b)
c)
d)
product design.
planning and scheduling.
production operations.
cost accounting.
30. Job-time tickets are used to
a)
b)
c)
d)
specify each production task.
collect the time spent by a worker on a specific task.
allocate machine costs.
All of the above are correct.
31. Direct labor must be tracked and accounted for as part of the production process.
Traditionally, direct labor was tracked using __________ but an AIS enhancement is
to use __________ to record and track direct labor costs.
a)
b)
c)
d)
job-time tickets; coded identification cards
move tickets; coded identification cards
employee earnings records; job-time tickets
time cards; electronic time entry terminals
32. Manufacturing overhead consists of all manufacturing costs that are not economically
feasible to trace directly to specific jobs or processes. Which of the costs below
would not be considered an overhead cost?
a)
b)
c)
d)
utilities
rent
earnings of factory production employees
salaries of factory production supervisors
33. Detailed data about warranty and repair costs is considered an applicable control used
to mitigate the threat of
a)
b)
c)
d)
underproduction.
overproduction.
poor product design.
suboptimal investment of fixed assets.
34. For replacement of inventories and assets destroyed by fire or other disasters, an
organization needs
a)
b)
c)
d)
stand-by facilities.
adequate insurance coverage.
source data automation.
All of the above are correct.
35. Overproduction or underproduction can be a threat to an organization. To which
process or activity does this threat relate?
a)
b)
c)
d)
product design
planning and scheduling
production operations
cost accounting
36. Inaccurate recording and processing of production activities can diminish the overall
effectiveness of production operations. One of the application controls that can help
to ensure accounting records are accurate is to restrict the rights of authorized users
only to the portion of the database needed to complete job duties. What specific
control can help achieve this objective?
a)
b)
c)
d)
an access control matrix
passwords and user IDs
closed-loop verification
bar-code scanners
37. To curtail the threat of theft or destruction of inventories and other fixed assets, the
organization may wish to implement which of the following controls?
a)
b)
c)
d)
review and approval of fixed asset acquisitions
improved and timelier reporting
better production and planning systems
document all movement of inventory through the production process
38. The best control procedure for accurate data entry is
a)
b)
c)
d)
the use of on-line terminals.
an access control matrix.
passwords and user IDs.
the automation of data collection.
39. The general threat of the loss of production data can greatly slow or halt production
activity within an organization. To counteract such a major threat, which of the
following organization controls should be implemented and maintained?
a)
b)
c)
d)
store key master inventory and production order files on-site only to prevent their theft
back up data files only after a production run has been physically completed
access controls should apply to all terminals within the organization
allow access to inventory records from any terminal within the organization to provide efficient
data entry
40. The threat of loss of data exposes the company to
a)
b)
c)
d)
the loss of assets.
ineffective decision making.
inefficient manufacturing.
All of the above are correct.
41. Activity-based costing (ABC) can refine and improve cost allocations using either
job-order or process cost systems. There are three significant differences between
ABC and traditional cost accounting approaches. One difference between the two
systems is how clearly the results of management activities are measured on overall
profitability. This benefit is better known as
a)
b)
c)
d)
batch related overhead.
improved cost management.
product related overhead.
improved cost drivers.
42. There are several criticisms of traditional cost accounting systems. One criticism is
that the traditional cost system uses a volume-driven base, such as direct labor or
machine hours, to apply overhead to products. What is the drawback to the use of
such a measurement in a traditional cost accounting system?
a)
b)
c)
d)
The cost accountant may not fully understand how to track direct labor or machine hours.
It is difficult for an AIS to incorporate such a measurement into its system.
It is difficult for an ERP to incorporate such a measurement into its integrated system.
Many overhead costs are incorrectly allocated to products since they do not vary with production
volume.
43. __________ links costs to the corporation's strategy for production of goods and
services.
a)
b)
c)
d)
Activity-based costing
Job-order costing
Process costing
Manufacturing costing
44. Activity-based costing (ABC) can refine and improve cost allocations using either
job-order or process cost systems. There are three significant differences between
ABC and traditional cost accounting approaches. An ABC system attempts to
identify anything that has a cause-and-effect relationship on costs. This cause-andeffect relationship is known as a
a)
b)
c)
d)
cost stimulator.
overhead stimulator.
cost driver.
cost catalyst.
45. What may be perceived as a drawback of using an activity-based costing (ABC)
system?
a)
b)
c)
d)
The ABC system may provide more accurate data results.
The ABC system may help to establish a better product mix.
The ABC system may improve management's ability to control total costs.
The ABC may cost more to run and be more complex in nature.
46. Throughput is a measure of
a)
b)
c)
d)
production yield.
production effectiveness.
production capacity.
production quality.
47. Quality control problems and inefficiencies in production operations will most likely
result in increased expenses. The AIS can produce a measure of throughput to
quantify and measure the number of "good" units produced in a time period. What
does the first term in the throughput formula, productive capacity, represent?
a)
b)
c)
d)
the maximum number of units that can be produced given current technology
the percentage of total production time used to manufacture a product
the percentage of "good" units produced given current technology
the percentage of "bad" units produced given current technology
48. __________ are incurred to ensure that products are created without defects the first
time.
a)
b)
c)
d)
External failure costs
Inspection costs
Internal failure costs
Prevention costs
49. __________ are associated with testing to ensure that products meet quality
standards.
a)
b)
c)
d)
External failure costs
Inspection costs
Internal failure costs
Prevention costs
50. __________ represent testing to identify defective units before they are ready for
sale.
a)
b)
c)
d)
External failure costs
Inspection costs
Internal failure costs
Prevention costs
51. There are various costs associated with quality control, or its absence in a production
operation. Such information can help a company determine the effects of actions
taken to improve production and identify areas of improvement. The cost of a
product liability claim can be classified as a(n)
a)
b)
c)
d)
prevention cost.
inspection cost.
internal failure cost.
external failure cost.
SHORT ANSWER
52. What is the production cycle.
53. What are the basic activities in a production cycle?
54. Identify and discuss the two documents that are the result of product design activities.
55. What is a master production schedule (MPS)?
56. Define the following: production order, materials requisition, and move ticket.
57. What is CIM?
58. Explain the difference between job-order and process costing.
59. What types of data are accumulated by cost accounting? What is the accountant's role
in this phase?
ESSAY
60. What role does the AIS play in the production cycle?
61. Discuss the role the accountant can play in the production cycle.
62. Identify and briefly discuss the two common methods of production planning.
63. What are the two major types of cost accounting systems and what are the differences
between the two?
64. Describe five threats to the production cycle and the applicable control procedures
used to mitigate each threat.
65. Discuss two measures that can address the threats of inefficiencies and quality
controls problems.
66. Discuss the criticisms of traditional cost accounting methods.
67. What is activity-based costing (ABC)? How does it compare with the traditional
costing methods? What are the benefits of activity-based costing?
ANSWER KEY
1) A
2) B
3) D
4) D
5) D
6) D
7) D
8) D
9) A
10) B
11) A
12) A
13) C
14) D
15) D
16) B
17) C
18) A
19) C
20) B
21) C
22) A
23) D
24) D
25) C
26) B
27) C
28)
29)
30)
31)
32)
33)
34)
35)
36)
37)
38)
39)
40)
41)
42)
43)
44)
45)
46)
47)
48)
49)
50)
51)
52)
53)
54)
55)
56)
57)
58)
59)
60)
D
C
B
A
C
C
B
B
A
D
D
C
D
B
D
A
C
B
B
A
D
B
C
D
The production cycle is a recurring set of business activities and related data processing operations
associated with the manufacture of products.
There are four basic activities in the production cycle: product design, planning and scheduling,
production operations, and cost accounting.
The two documents that are the result of product design activity are the bill of materials and the
operations list. The bill of materials specifies the part number, description, and quantity of each
component used in a finished product. The operations list specifies the labor and machine
requirements needed to manufacture the product. The operations list is sometimes also called a
routing sheet, since it indicates how a product moves through the factory.
A master production schedule (MPS) specifies how much of each product should be produced
during the planning period and when the production should occur. It is used to develop a detailed
timetable for daily production.
A production order authorizes the manufacture of a specified quantity of a particular product. It
contains information about the operation to be performed, quantity to be produced, and delivery
location. A materials requisition authorizes the removal of raw materials from storeroom to the
production floor. This document contains the production order number, date of issue, and, based
on the bill of materials, the part numbers and quantities of all necessary raw materials. Raw
material movement through the factory is documented on the move ticket, which identifies the
parts being transferred, the locations to which they are transferred, and time of the transfer.
CIM is the acronym that stands for computer integrated manufacturing. It incorporates various
forms of information technology in the production process such as the use of robots and computercontrolled machinery. The benefit of CIM is that it can significantly reduce production costs.
Job-order costing assigns costs to specific production batches or jobs. It is used whenever the
product or service being sold can be distinctly identified. Process costing assigns costs to each
process, or work center, and then calculates the average cost for all units produced. It is used
whenever similar goods or services are produced in mass quantities.
There are three types of cost data accumulated in a cost accounting system: raw materials; direct
labor; and, manufacturing overhead. The role of the accountant is to control costs by assessing
how product mix changes affect total manufacturing overhead and by identifying factors that drive
changes in costs.
A company’s AIS plays a vital role in the production cycle. Accurate and timely cost accounting
information is essential input to decisions about the following: Product mix (what to produce),
61)
62)
63)
64)
65)
Product pricing, Resource allocation and planning (e.g., whether to make or buy a product, relative
profitability of different products), Cost management (planning and controlling manufacturing
costs, evaluating performance). These decisions require much more detailed information about
costs than the data needed to prepare financial statements in accordance with generally accepted
accounting principles (GAAP). Thus, the design of a company’s production cycle AIS must go
beyond merely meeting external financial reporting requirements.
The accountant can play a role and provide meaningful input into each area of the production
cycle. Accountants should participate in product design since 65 to 80% of product costs are
determined at this stage of the production process. Accountant analysis of cost behavior and
variations in product design can prove invaluable to the organization in this stage of production.
In the planning and scheduling stage, accountants can help a company choose whether MRP-II or
JIT is more appropriate for planning and scheduling. The accountant also should verify that the
AIS collects and reports costs in a manner consistent with the production planning techniques it
has chosen to use. In production operations, the accountant should develop a working knowledge
of CIM in order to understand its effect on the AIS. The accountant will also be integrally
involved with the cost accounting system, whether it is a traditional cost accounting system or an
activity-based cost accounting system. Accountants can provide excellent insight into the cost
aspect of the production process, which is key to the profitability and success of the organization.
The two common methods of production planning are manufacturing resource planning (MRP-II)
and just-in-time (JIT) manufacturing. MRP-II is an extension of the MRP inventory control
system. MRP-II seeks to balance the existing production capacity and raw materials required to
meet forecasted sales demand. JIT manufacturing seeks to minimize or eliminate inventories of
raw materials, work in process, and finished goods. A JIT manufacturing system only produces a
product in response to customer demands. MRP-II systems are referred to as push manufacturing,
since products are made in expectation of customer demand. JIT systems are called pull
manufacturing systems, since goods are produced only in response to customer demands.
Most companies will use either job-order or process costing to assign production costs in the
production of products. Job-order costing is designed to assign costs to specific production
batches, or jobs (hence the name "job-order"). It is used in a production process where a product
is specifically, discreetly identifiable (such as a custom-built home or office building). It should be
noted that job-order costing can also be successfully used in the service sector by law or
accounting firms to calculate and track the costs incurred in legal cases and audits, respectively.
Process costing differs in that it assigns costs to each process, or work center, in the production
cycle, and then averages these costs across the number of units produced. Process costing is
useful whenever similar or homogenous goods are produced in mass quantities, such as laundry
detergent, some types of food items, or soft drinks. Costs can be assigned at each stage in the
production process for these items, and then an average total unit cost for the product can be
calculated based on output. Process costing has also been incorporated by mutual funds to find the
average cost of handling customer deposits and withdrawals.
Threat 1: Unauthorized transactions - Controls: Accurate sales forecasts, maintaining accurate
inventory records; authorizing production; restricting access to the production planning program;
and review and approval of capital expenditures
2: Theft or destruction of inventories and fixed assets - Controls: Restrict physical access to
inventories; document internal physical flow of assets; proper segregation of duties; periodic
physical count and reconciliation of inventory; document and authorize materials requests and
disposal of fixed assets; and have adequate insurance
3: Recording and posting errors - Controls: Automate data collection procedures; online data entry
edit controls; and conduct periodic physical inventory and fixed asset counts
4: Loss of data - Controls: Regularly back up files; keep additional master files; use internal and
external file labels; restrict access; and keep logs of all activities
5: Inefficiencies and quality control problems - Controls: Prepare regular performance reports;
highlight exception reports and variances; compare actual performance to budgeted performance;
measure throughput; and measure the cost of quality control
Throughput represents the number of good (nondefective) units produced in a given period of
time. It consists of three factors, (productive capacity, productive processing time, and yield),
each of which can be separately controlled as shown in the formula: Throughput = (total units
produced/processing time) x (processing time/total time) x (good units/total units). Knowing about
quality costs can help companies determine the effects of actions taken to improve yield and
identify areas for further improvement. The main objective of quality control is to minimize the
sum of the four types of costs recognizing the trade-offs between costs. These costs are:
prevention costs, inspection costs, internal failure costs, and external failure costs.
66) There can be an inappropriate allocation of overhead costs. The factors contributing to this
problem are: A volume-driven form used for activity-driven overhead costs assigned to products.
Overhead cost is either over- or understated due to allocation method used. The system may
distort costs across products, especially if manufacturing is highly automated can be inaccurate
performance measures which do not accurately reflect the effects of factory automation: Measures
collected are not integrated with performance measures. Lack of information about standard costs,
variance, and functioning of production process. Lack of information about defect rates,
breakdown frequency, percentage for finished goods completed without rework, etc.
67) Activity-based costing (ABC) traces costs to the activities that created them and then allocates
those costs to products or shipments thereby linking the costs to a corporate strategy. ABC versus
traditional cost systems: ABC attempts to directly trace most costs to products, ABC uses more
cost pools to accumulate manufacturing overhead instead of lumping all overhead costs together
as in the traditional approach. For example: 1) Batch-related overhead results in larger quantities
having lower batch-related costs than smaller quantities; 2) Product-related overhead results in
costs being allocated to only the product(s) that are linked to the cost; and 3) Company-wide
overhead results in such overhead costs (e.g., rent) being allocated based on department or plant
rates. ABC uses cost drivers that have a cause-and-effect relationship on the products in order to
allocate the costs instead of using the traditional financial variables. Advantages of ABC systems:
Better decisions because can be made with an ABC system because product cost data is more
accurate and data is used to improve product design. Improved cost management is seen due to
four reasons: 1) There are clearer measures of managerial actions on profitability. 2) The
consumption of resources is measured in addition to the amount spent on acquiring resources. 3)
The cost of activity capability = Cost of activity used + Cost of unused capacity. 4) Performance
reports help direct managerial attention to the effect of policy decision on all costs.
Chapter 13
MULTIPLE CHOICE
1. Which activity below is not performed by the HRM?
a)
b)
c)
d)
compensation
training
discharge
recruitment and hiring
2. In most companies the HRM/payroll cycle activities are accomplished by two
separate systems. Which task below is typically not performed by an HRM system?
a)
b)
c)
d)
training
performance evaluation
compensation
recruiting and hiring of new employees
3. What is the payroll system's principal output?
a)
b)
c)
d)
hiring information
checks to employees
checks to government agencies
internal and external use reports
4. Which area provides information to the system about hiring, terminations, and pay
rate changes?
a)
b)
c)
d)
payroll
timekeeping
purchasing
HRM
5. Which of the following is not one of the major sources of input to the payroll system?
a)
b)
c)
d)
payroll changes
time and attendance data
checks for insurance and benefits
withholdings and deduction requests from employees
6. In the payroll system, checks are issued to
a)
b)
c)
d)
employees and to banks participating in direct deposit.
a separate payroll bank account.
government agencies.
All of the above are correct.
7. Some companies have created a position called "director of intellectual assets." What
is the objective of this position?
a) measurement and development of intellectual assets and human resources
b) implementation of a more integrated HRM/payroll system
c) improvement of the hiring and firing procedures in the company
d) All of the above are correct.
8. Some stock analysts believe that a company's human resources may be worth several
times the value of its tangible assets. However, the AIS typically does not account
for or track such assets. Why is this the case?
a) Employees are not "owned" by the company, and may not be considered an asset.
b) Financial statements report on assets that have not yet been used by the
organization.
c) The value of human resources is only acknowledged when used and is tracked as
an expenditure and not an asset.
d) all of the above
9. Employee turnover will always occur and some experts believe it may even be
desirable in an organization. Experts estimate that on average the costs associated
with replacing an employee are about __________ that of the employee's annual
salary.
a)
b)
c)
d)
one-quarter
one-half
one and one-half
twice
10. Payroll is one AIS application that is processed in __________ mode.
a)
b)
c)
d)
sequential
batch
real time
safe
11. The first step in the payroll process is to
a)
b)
c)
d)
calculate gross pay.
update the payroll master file.
input time card data.
print paychecks.
12. The payroll master file is updated with
a)
b)
c)
d)
new hire and termination data.
changes in pay rates and discretionary withholdings.
changes in time card data.
A and B above are correct.
13. When a person quits or is terminated from a company, what should be done with the
person's record in the payroll system?
a) It should be deleted immediately to prevent bogus paychecks from being issued.
b) It should be kept indefinitely.
c) It needs to be kept at least until the end of the current year.
d) There is no rule about the retention of payroll records.
14. Given the four activities below, which of the HRM/payroll cycle activities occurs
infrequently relative to the others?
a)
b)
c)
d)
updating of the payroll master file
updating information about tax rates and withholdings
validating each employee's time and attendance data
preparing payroll
15. Time cards are generally used for employees who are paid on a(n)
a)
b)
c)
d)
monthly basis.
overtime basis.
hourly basis.
production or piece-rate basis.
16. For recording time spent on specific work projects, manufacturing companies usually
use a
a)
b)
c)
d)
job time ticket.
time card.
time clock.
labor time card.
17. Which category of employee below is least likely to use a time card or electronic time
clock to track their hours?
a)
b)
c)
d)
employees who manufacture a product
accountants
attorneys
managers and professional staff
18. Regarding the use of incentives, commissions and bonuses in payroll, which of the
following statements is false?
a) Using incentives, commissions, and bonuses requires linking the payroll system
and the information systems of sales and other cycles in order to collect the data
used to calculate bonuses.
b) Bonus/incentive schemes must be properly designed with realistic, attainable
goals that can be objectively measured.
c) Poorly designed incentive schemes can result in undesirable behavior.
d) All of the above are true
19. Many companies use incentives and bonuses to motivate greater productivity and
better quality work. An effective bonus/incentive system should incorporate realistic,
attainable goals that can be objectively measured. What is not a desired result of an
employee bonus/incentive system?
a) employees may recommend unnecessary services to customers in order to
exceed set sales quotas and earn a bonus
b) employees may look for ways to improve service
c) employees may analyze their work environment and find ways to cut costs
d) employees may work harder and may be more motivated to exceed target goals to
earn a bonus
20. Which of the following is most likely to be a daily activity in the HRM/Payroll
system?
a)
b)
c)
d)
Approve payroll disbursement
Prepare paychecks
Sign payroll checks
Update HRM/Payroll database
21. A manufacturing company is likely to use __________ to collect employee time data
for payroll and job time.
a)
b)
c)
d)
badge readers
supervisor's entries
preprinted time cards
retina scanning
22. These are used to transmit time and attendance data directly to the payroll processing
system.
a) Badge readers
b) Electronic time clocks
c) Magnetic cards
d) None of the above
23. Payroll deductions fall into the broad categories of __________ and __________.
a)
b)
c)
d)
payroll tax withholdings; voluntary deductions
unemployment; social security taxes
unemployment taxes; income taxes
voluntary deductions; income taxes
24. Which of the following deductions is not classified as a voluntary deduction?
a)
b)
c)
d)
pension plan contributions
social security withholdings
insurance premiums
deductions for a charity organization
25. Which type of payroll report contains information such as the employees' gross pay,
payroll deductions, and net pay in a multicolumn format?
a)
b)
c)
d)
payroll register
deduction register
employee earnings statement
federal W-4 form
26. Which type of payroll report lists the miscellaneous voluntary deductions for each
employee?
a)
b)
c)
d)
payroll register
deduction register
earnings statement
federal W-4 form
27. Which type of payroll report includes the details of the current paycheck and
deductions as well as year-to-date totals for each category?
a)
b)
c)
d)
payroll register
deduction register
earnings statement
federal W-4 form
28. Which HR report is used in preparing labor-related reports for government agencies?
a)
b)
c)
d)
payroll register
deduction register
skills inventory
workforce inventory
29. Which HR report is useful in planning future workforce needs and training programs?
a) payroll register
b) deduction register
c) skills inventory report
d) workforce inventory
30. Which HR report is sent to each employee for use in preparing individual tax returns?
a) Form 941
b) Form W-2
c) Form W-4
d) Form 1099
31. Why is a separate payroll account used to clear payroll checks?
a) for internal control purposes to help limit any exposure to loss by the
company
b) to make bank reconciliation easier
c) banks don't like to commingle payroll and expense checks
d) All of the above are correct.
32. One good way to eliminate paper paychecks is to
a)
b)
c)
d)
pay in cash only.
pay with money orders.
use the direct deposit method to transfer funds into employee bank accounts.
use EFT.
33. What step can be taken to reduce the distribution of fraudulent paychecks?
a)
b)
c)
d)
have internal audit investigate unclaimed paychecks
allow department managers to investigate unclaimed paychecks
immediately mark "void" across all unclaimed paychecks
match up all paychecks with time cards
34. This organization maintains the payroll master file for each of its clients and performs
the payroll process.
a)
b)
c)
d)
Cashier
Payroll service bureau
Professional employer organization
Virtual private network
35. This organization provides payroll as well as other HRM services such as employee
benefit design and administration.
a)
b)
c)
d)
Cashier
Payroll service bureau
Professional employer organization
Virtual private network
36. Which of the following is not a benefit of using a payroll service bureau or a
professional employer organization?
a)
b)
c)
d)
Freeing up of computer resources
Increased internal control
Reduced costs
Wider range of benefits
37. Many companies offer their employees a "cafeteria" approach to voluntary benefits in
which employees can pick and choose the benefits they want. This approach is
normally called a(n)
a)
b)
c)
d)
elective plan.
menu options benefit plan.
flexible benefit plan.
pay-as-you-go plan.
38. The fourth step in the payroll cycle is preparing payroll. Pay rate information is
needed in order to complete this task. The pay rate information is accessed by the
system from __________.
a)
b)
c)
d)
the employees' personnel files
the employee subsidiary ledger
the payroll master file
electronic time cards
39. Part of the calculation necessary to process a payroll involves summing payroll
deductions and subtracting the total from an employee's gross pay to arrive at net pay.
Payroll deductions fall into two broad categories. Which deduction below would not
be considered a voluntary deduction?
a)
b)
c)
d)
disability insurance
pension plan contribution
union dues
social security taxes
40. In a batch system, the payroll transaction file would contain
a)
b)
c)
d)
entries to add new hires.
time card data.
changes in tax rates.
All of the above are correct.
41. One step in the payroll cycle is the preparation of paychecks. In the next step the
payroll register is sent to accounts payable for review. What is the following step in
the process?
a) The paychecks are distributed to the employees.
b) A disbursement voucher is prepared to authorize the transfer of funds from
the company’s general account.
c) The payroll taxes are computed.
d) The earnings statements are printed.
42. The document that lists each employee's gross pay, payroll deductions, and net pay in
a multicolumn format is called
a)
b)
c)
d)
an employee earnings statement.
the payroll register.
a deduction register.
an employee time sheet summary.
43. As the payroll system processes each payroll transaction, the system should also
perform which activity listed below?
a) allocate labor costs to appropriate general ledger accounts
b) use cumulative totals generated from a payroll to create a summary journal entry
to be posted to the general ledger
c) both A and B above
d) The HRM system should not perform either activity A or B.
44. Direct deposit of employee paychecks is one way an organization can improve
efficiency and reduce payroll-processing costs. Which statement regarding direct
deposit is incorrect?
a) The cashier does not have to authorize the transfer of funds from the
organization's checking account to a payroll checking account.
b) The cashier does not have to sign employee paychecks.
c) Employees who are part of a direct deposit program receive a copy of their
paycheck indicating the amount deposited.
d) Employees who are part of a direct deposit program receive an employee earnings
statement.
45. Many demands are placed on the company's HRM/payroll system. For example,
federal and state laws require employers to contribute a specified percentage of each
employee's gross pay into certain funds. Such funds are used for
a)
b)
c)
d)
social security taxes.
flexible benefit plans.
federal and state unemployment compensation funds.
federal income taxes.
46. The employer pays a portion of some payroll taxes and employee benefits. Both the
employee and employer pay which benefit or tax listed below?
a)
b)
c)
d)
social security taxes
federal income taxes
state income taxes
none of the above
47. Some organizations outsource their payroll and/or HRM functions in an effort to
reduce costs. A third party that maintains the payroll master file for each of its clients
and processes payroll for them is called
a)
b)
c)
d)
a professional employer organization (PEO).
a payroll service bureau.
a value-added network.
an electronic data interface.
48. When using electronic documents, __________ increase the accuracy of data entry.
a)
b)
c)
d)
access controls
separation of duties
general controls
application controls
49. The key to preventing unauthorized changes to the payroll master file is
a) hiring totally honest people to access and make changes to this file.
b) segregating duties between the preparation of paychecks and their distribution.
c) segregation of duties between the authorization of changes and the physical
handling of paychecks.
d) having the controller closely review and then approve any changes to the master
file.
50. Which of the following is not a potential effect of inaccurate time data?
a)
b)
c)
d)
increased labor expenses
erroneous labor expense reports
damaged employee morale
inaccurate calculation of overhead costs
51. Which control would be most appropriate to address the problem of inaccurate
payroll processing?
a)
b)
c)
d)
encryption
direct deposit
cross-footing of the payroll register
an imprest payroll checking account
52. What is the purpose of a general ledger payroll clearing account?
a) to check the accuracy and completeness of payroll recording and its
allocation to cost centers
b) to make the bank reconciliation easier
c) to make sure that all employees are paid correctly each week
d) to prevent the cashier from having complete control of the payroll cycle
53. A "zero balance check" refers to which of the following control procedures?
a)
b)
c)
d)
batch totals
cross-footing the payroll register
a payroll clearing account
online edit control
54. Which of the following controls is inappropriate for payroll check writing?
a) restrict access to blank payroll checks and documents
b) use of a payroll clearing account
c) someone independent of the payroll process should reconcile the payroll bank
account
d) sequential numbering of paychecks and accounting for the numbers
55. What is the best control to reduce the risk of losing payroll data?
a) passwords
b) physical security controls
c) backup and disaster recovery procedures
d) encryption
56. One threat to the HRM/payroll cycle is the potential for violation of employment
laws. This threat relates directly to the process or activity of
a)
b)
c)
d)
payroll processing.
general activities found in the cycle.
hiring and recruiting.
none of the above
57. What is a potential threat to the activity of payroll processing?
a)
b)
c)
d)
hiring unqualified employees
poor system performance
violations of employment laws
unauthorized changes to the payroll master file
58. The results of an internal audit finds that there is a problem with inaccurate time data
being entered into the payroll system. What is an applicable control that can help
prevent this event from occurring in the future?
a)
b)
c)
d)
proper segregation of duties
automation of data collection
sound hiring procedures
review of appropriate performance metrics
59. Theft or fraudulent distribution of payroll checks is a potential threat to the payroll
processing activity. What is one control that can be implemented to help prevent
paychecks being issued to a "phantom" or "ghost" employee?
a)
b)
c)
d)
the cashier should sign all payroll checks
prenumber all payroll checks
use an imprest account to clear payroll checks
paychecks should be physically distributed by someone who does not
authorize or record payroll
SHORT ANSWER
60. Define an HRM/payroll cycle. What are the basic activities in an HRM/payroll
cycle?
61. List the various ways used to compensate employees.
62. What are different types of deductions in payroll?
63. Why are accurate cumulative earnings records important?
64. Explain the functions of the payroll register, deduction register, and earnings
statement.
65. What is a payroll service bureau?
66. What is a professional employer organization?
67. Discuss the various types of input into an AIS HRM/payroll system.
68. What are some of the benefits of using incentives and bonuses? What are some
dangers?
69. Name some of the benefits of using electronic direct deposit to pay employees.
ESSAY
70. What is the role of "soft assets" in the new information economy? Why has an AIS
not reported on the company's human resources?
71. What factors should be considered in outsourcing payroll to a payroll service bureau?
Discuss the advantages and disadvantages of using a payroll service bureau to process
a payroll.
72. What are the control objectives in an HRM/payroll cycle?
73. Discuss the threat of unauthorized changes to the payroll master file and its
consequences.
74. What controls are available to address the threat of payroll errors?
ANSWER KEY
1. A
2. C
3. B
4. D
5. C
6. D
7. A
8. D
9. C
10. B
11. B
12. D
13. C
14. B
15. C
16. A
17. D
18. D
19. A
20. D
21. A
22. B
23. A
24. B
25. A
26. B
27. C
28. D
29. C
30. B
31. A
32. C
33. A
34. B
35. C
36. B
37. C
38. C
39. D
40. B
41. B
42. B
43. C
44. A
45. C
46. A
47. B
48. D
49. C
50. D
51. C
52. A
53. C
54. B
55. C
56. C
57. D
58. B
59. D
60. The HRM/payroll cycle is a recurring set of business activities and related data
processing operations associated with effectively managing the employee work
force. Important activities in the HRM/payroll cycle include the following tasks:
Recruitment and hiring of new employees. Training. Job assignment.
Compensation (payroll). Performance evaluation. Discharge.
61. Hourly rate; Piece rate (based on some form of production activity); Fixed salary;
Commission based on sales or some quantitative measure; Salary plus
commission; Bonus incentives; stock options.
62. Payroll deductions include: Payroll tax withholdings such as federal, state, and
local income taxes social security taxes, unemployment taxes; Voluntary
deductions such as contributions to a pension plan, premium for group life, etc.
63. Accurate records of cumulative earnings are necessary because social security and
other deductions have maximum earnings amounts upon which taxes are paid;
and the appropriate amount of income and payroll taxes should be remitted to the
government agencies.
64. The payroll register is a report that lists each employee's gross pay, payroll
deductions, and net pay for each pay period. The deduction register lists the
voluntary deductions for each employee. The earnings statement lists the amount
of gross pay, deductions, and net pay for the current period, as well as providing
year-to-date totals.
65. A payroll service bureau is a company that can be hired as an independent
contractor to maintain the payroll master file and perform the payroll processing
activities for an organization.
66. A professional employer organization is a company that provides not only full
payroll services but also provides HRM services such as employee benefit design
and administration.
67. An HRM/payroll system relies on input from various sources. Employees
provide input when they make changes in their discretionary deductions
(contributions to charities or retirement plans); various departments provide data
about the actual hours employees work. The HRM department provides
information about employees who have been hired or terminated, pay-rate
changes, and promotions. Government agencies provide tax rates and various
instructions for meeting regulatory requirements. Insurance companies and other
organizations provide instructions for calculating and remitting various
withholding amounts.
68. Sales staffs are often paid either on a straight commission basis or a combination
of a salary plus commissions. This is done to keep sales at a certain level or to
increase sales. The HRM/payroll system will need input from the sales and other
cycles to properly calculate commissions and bonuses for such employees. It is
important that an incentive and bonus system sets realistic, attainable goals that
are congruent with corporate objectives. It is also important that managers
monitor incentive and bonus goals and ensure that the attainment of such goals is
appropriate for the organization and does not lead to undesirable behavior, which
can result from poorly designed incentive schemes.
69. Direct deposit of paychecks provide a savings to employers because the costs of
purchasing, processing, and distributing paper checks is eliminated. Using direct
deposit also reduces postage and bank fees. The cashier's time can be better spent
because paychecks do not have to be signed. Employees save time as well as they
do not have to make a physical trip to the bank to cash their checks. Direct
deposit is safer as it eliminates misplaced paychecks and reduces the possibility of
the theft of checks.
70. Soft assets represent intangible employee skills and knowledge in the
organization, whereas hard assets represent tangible assets like buildings, land, or
machinery. Many established information technology companies like Microsoft
and new Internet companies like Amazon.com have relatively few hard assets
(termed "bricks and mortar" in e-commerce). Their market value represents
primarily the skills and knowledge of their employees. The accounting profession
has traditionally ignored this "intellectual capital" due to problems with
establishing objective valuation methods. Under GAAP, assets mean resources
"owned" by an organization. Human resources, using this definition, are not assets
since they are not "owned" by the company. Thus, salaries, bonuses,
commissions, and direct labor are recorded by an AIS as expenses--there is no
comprehensive review of measurement and reporting of human resources as
assets. To help enable such measurement and establish value, an AIS should be
integrated with the HRM system so employee costs and information about
employee skills and knowledge can be readily accessed.
71. The following questions should be considered: How much does the service cost?
How would the data be submitted-online or hand carried? What kind of reports
and documents could be obtained from the service bureau? How would the
service interface with the existing general ledger system? What resources are now
being devoted to payroll and how could these resources be re-deployed into other
areas? Could security and control be improved by the outsourcing? What would
be the time length of a contract for outsourcing services? Could the service bureau
system be integrated so that an online query could be made by the organization?
What kind of track record does the service bureau have with other clients? Are
there new technologies and approaches that would become available to the
company via the service bureau? Advantages: No need to deal with complexity
and changes in tax codes. No need to worry about what to do if equipment
crashes. Less chance of employees accessing the payroll files (confidentiality).
Possible efficiency and cost reductions. Wider range of benefits. Reed-up
computer resources. Disadvantages: Less control over the payroll files because
they are stored off-site. Extra costs for any special reports. Slower response to adhoc queries.
72. All payroll transactions are properly authorized. All recorded payroll transactions
are valid. All valid, authorized payroll transactions are recorded. All payroll
transactions are accurately recorded. Applicable government regulations
regarding remittance of taxes and filing of payroll and HRM reports are met.
Assets (both cash and data) are safeguarded from loss or theft. HRM/payroll cycle
activities are performed efficiently and effectively.
73. Many problems may result when there are unauthorized changes to the payroll
master file. Unauthorized changes may be made to employee pay rates, resulting
in the company paying too much in wages. "Ghost" or "phantom" employees
may be added to the payroll master to divert funds to dishonest employees
through the issuance of paychecks to such "employees." Likewise, terminated
employees may still be paid, resulting in the fraudulent diversion of payroll funds.
Two controls that should be implemented and maintained to provide overall
control of the payroll master file: proper segregation of duties and controlling
access to the file. Good internal control dictates that only authorized HRM
personnel be allowed to update the payroll master file for any hiring, termination,
pay raise, and promotion. HRM personnel, who have such access to the payroll
master file, should never be allowed to directly participate in actual payroll
processing or paycheck distribution. This way an adequate control is created to
match actual paychecks (or earnings statements when direct deposit is in place)
with employees when a manager, supervisor, or other third party hand out the
checks (or earnings statements). Also, a different individual should approve all
changes to the payroll master file in writing other than the individual who
recommends or initiates the changes. User IDs and passwords should always be
used to control access to the payroll master file, and an access control matrix
should be established to define what actions each authorized employee is allowed
to make and confirms the files the employee may access.
74. Three types of controls can be used to circumvent payroll errors in an
HRM/payroll system. Batch totals are used to verify totals entered into the
system both at the time of data entry and at each stage in the processing. Hash
totals are particularly useful in this regard, since hash totals calculated at the time
of original data entry and again at each stage in the process can be compared.
When the comparisons match throughout the process, three conclusions can be
made: 1) all payroll records have been processed; 2) the data input was accurate;
and 3) no bogus time cards were entered at any point after initial input. Upon
completion of a payroll, the payroll register should be cross-footed to verify that
the totals of the net pay column and other deduction columns equal the total of the
gross pay column. A third control is the use of a payroll clearing account. This is
a general ledger account that can be used as part of a two-step accuracy and
completeness process. First, the payroll control account will be debited for the
amount of the gross pay for the pay period; cash and other various withholding
liability accounts are credited. Second, the cost accounting process distributes
labor costs to various expense categories and credits the payroll control account
for the total amount of the debits made to the other accounts. The result is that the
payroll control account will have a zero balance. This becomes an internal check
known as a zero balance check, indicating that the proper postings have been
made to all of the accounts associated with payroll for a given pay period.
Chapter 14
MULTIPLE CHOICE
1. The general ledger and reporting system consists of the __________ involved in
__________ the general ledger and __________ reports.
a)
b)
c)
d)
business transactions; updating; processing
data processing; business transactions for; printing
information processing; updating; creating
business transactions; data processing; preparing
2. Which item below is not considered a major input to the general ledger and reporting
system?
a)
b)
c)
d)
summary entries from the major subsystems
reports from managers
adjusting entries
financing and investing activities
3. Who provides the adjusting entries for a well-designed general ledger and reporting
system?
a)
b)
c)
d)
various user departments
the treasurer's area
the other major AIS subsystems
the controller's area
4. The general ledger and reporting system is designed to provide information for which
of the following user groups?
a)
b)
c)
d)
internal users
external users
inquiry processing by internal or external users
all of the above
5. The general ledger system of an organization should be designed to serve the
information requirements of both financial and nonfinancial users. This means that
the system should
a)
b)
c)
d)
support producing regular periodic reports.
support the real-time inquiry needs of all users.
support producing regular periodic reports and respond to real-time inquiry needs.
support access by investors and creditors of the organization to general ledger balances.
6. The first activity in the general ledger system is to update the general ledger. Updates
come from the various accounting subsystems as well as from the treasurer. How is
general ledger updating accomplished by the various accounting subsystems?
a)
Individual journal entries for each accounting subsystem transaction update the general ledger
every 24 hours.
b) Summary journal entries that represent the results of all transactions for a certain time period are
used to update the general ledger.
c) The controller or treasurer must approve accounting subsystem journal entries before any updating
may occur.
d) Nonroutine transactions are entered into the system by the treasurer's office.
7. When updating the general ledger, sales, purchases, and production are examples of
__________ entries, and issuance or retirement of debt and the purchase or sale of
investment securities are examples of __________ entries.
a)
b)
c)
d)
adjusting; controller originated
accounting subsystem; treasurer originated
adjusting; special journal
controller generated; special journal
8. Entries to update the general ledger are often documented by which of the following?
a)
b)
c)
d)
general journal
subsidiary journal
subsidiary ledgers
journal vouchers
9. In accounting terminology, the form that documents journal entry updates to the
general ledger is called
a)
b)
c)
d)
a trial balance.
an adjusted trial balance.
a journal voucher.
an accounting update memo.
10. Adjusting entries that reflect events that have already occurred but for which no cash
flow has taken place and not previously entered into the accounts are called
a)
b)
c)
d)
accruals.
deferrals.
revaluations.
corrections.
11. The recording of interest earned on an account balance or wages payable is an
example of which type of adjusting journal entry?
a)
b)
c)
d)
accrual entry
deferral entry
revaluation entry
correcting entry
12. The posting of adjusting journal entries is the second activity found in the general
ledger system. Adjusting entries fall into several categories. An adjusting entry
made at the end of an accounting period that reflects the exchange of cash prior to
performance of a related event is called a(n)
a)
b)
c)
d)
accrual entry.
deferral entry.
revaluation entry.
correcting entry.
13. Depreciation and bad debts expense are examples of which type of adjusting entries?
a) deferrals
b) accruals
c) revaluations
d) estimates
14. Adjusting entries that are made to reflect differences between the actual and recorded
value of an asset or a change in accounting principle are called
a)
b)
c)
d)
reconciliations.
revaluations.
estimates.
accruals.
15. Adjusting entries that are made to counteract the effects of errors found in the general
ledger are called
a)
b)
c)
d)
accruals.
corrections.
deferrals.
estimates.
16. Corrections are entries made to correct errors found in __________.
a)
b)
c)
d)
all journals.
special journals.
the general ledger.
the financial statements.
17. Immediately after the adjusting entries are completed, the next step in the general
ledger and reporting system is to prepare
a)
b)
c)
d)
an adjusted trial balance.
a closing entry.
a worksheet.
the statement of cash flows.
18. There are four basic activities performed in the general ledger and reporting system.
Several of these activities represent the basic steps in the accounting cycle. In what
step is the adjusted trial balance prepared?
a)
b)
c)
d)
update the general ledger
post adjusting entries
prepare financial statements
produce managerial reports
19. The preparation of financial statements is the third activity in the general ledger
system. To properly complete the accounting cycle, financial statements are prepared
in a certain sequence. Which statement is prepared last in the sequence?
a)
b)
c)
d)
the adjusted trial balance
the income statement
the balance sheet
the statement of cash flows
20. A listing of journal vouchers by numerical sequence, account number, or date is an
example of
a) a general ledger control report.
b) a budget report.
c) a batch to be processed.
d) responsibility accounting.
21. The final activity in the general ledger and reporting system is the production of
various managerial reports. The report that shows planned cash inflows and outflows
for each project is the
a)
b)
c)
d)
journal voucher list.
statement of cash flows.
operating budget.
capital expenditures budget.
22. Various budgets can be produced for planning and evaluating performance within an
organization. The operating budget
a)
b)
c)
d)
compares estimated cash flows from operations with planned expenditures.
shows cash inflows and outflows for each project.
depicts planned revenues and expenditures for each organizational unit.
is used for the purchase and retirement of property, plant, and equipment.
23. Budgets and performance reports should be developed on the basis of
a)
b)
c)
d)
responsibility accounting.
generally accepted accounting principles.
financial accounting standards.
managerial accounting standards.
24. Cost center reports compare actual versus budget regarding __________ costs.
a)
b)
c)
d)
controllable
noncontrollable
fixed
variable
25. Sales departments are most likely to be evaluated as ______ centers
a)
b)
c)
d)
cost
profit
investment
revenue
26. Departments that mostly provide services to other units and charge those units for
services rendered should be viewed as __________ centers.
a)
b)
c)
d)
cost
profit
investment
revenue
27. Variances for variable costs will be misleading when the planned output differs from
budgeted output. A solution to this problem would be
a)
b)
c)
d)
calling all costs fixed.
to use flexible budgeting.
better prediction of output.
to eliminate the budgeting process.
28. Most budgets compare a standard budget amount to actual amounts that reflect the
true performance of the organization. The budget standard is often a fixed target;
however, given that these amounts are static, the budget does not account for
unforeseen changes in the operating environment. A solution to this type of problem
is to use a(n)
a)
b)
c)
d)
operating budget.
capital expenditures budget.
cash flow budget.
flexible budget.
29. Concerning the reporting environment, which of the following statements is not true?
a) Many companies can submit required financial and tax fillings electronically to the SEC and IRS.
b) Management reports are usually developed in spreadsheets and disseminated either through e-mail
or by posting on the company intranet.
c) For many companies, the electronic dissemination of reports containing financial information has
been an efficient process for some time.
d) Many companies post their financial statements on their corporate web sites.
30. Concerning XBRL, which of the following statements is not true?
a)
b)
c)
d)
XBRL is a variant of XML.
XBRL is specifically designed for use in communicating the content of financial data.
XBRL creates unique tags for each data item.
XBRL's adoption means accountants and systems professionals must know how to write XBRL
code to take advantage of its benefits.
31. The benefits of XBRL include:
a)
XBRL enables organizations to publish financial information only once, using standard XBRL
tags.
b) XBRL tagged information is interpretable and doesn't need to be re-entered by users.
c) Both are benefits of XBRL
d) Neither are benefits of XBRL
32. Communications technology and the Internet can be used to reduce the time and costs
involved in disseminating financial statement information. Users of such financial
information still struggle in that many recipients have different information delivery
requirements and may have to manually reenter the information into their own
decision analysis tools. The ideal solution to solve these problems and efficiently
transmit financial information via the Internet is to use
a)
b)
c)
d)
HTML code.
XML.
the pdf file format.
XBRL.
33. Which of the following would be an effective control for achieving the general
control objectives in the general ledger and reporting system?
a)
b)
c)
d)
using well-designed documents and records
online data entry with the use of appropriate edit checks
prenumbering documents and accounting for the sequence numbers
All of the above are appropriate.
34. A type of edit check that would ensure that entries are made to existing general ledger
accounts is called a(n) __________ check.
a)
b)
c)
d)
validity
existence
closed loop verification
field
35. Journal entries made by either the treasurer or controller should be subject to input
edit and processing controls. A check that can be made to ensure that the amount
field in a journal entry contains only numeric data is called a __________.
a)
b)
c)
d)
validity check
field or format check
zero-balance check
sign check
36. One way of ensuring that recurring adjusting journal entries that are needed each
month are in fact made each month would be
a)
b)
c)
d)
to make all the entries a month in advance.
to rotate the responsibility among the accounting staff.
to program the entries to be made automatically.
to create a standard adjusting journal entry file.
37. The edit check that verifies the ending balance of an account in fact fully reflects the
beginning balance and all debit and credit entries made thereafter is referred to as a
a)
b)
c)
d)
run-to-run total.
completeness check.
closed loop verification.
zero balance check.
38. Reconciliation and control reports can help detect whether any errors have been made
during the process of updating the general ledger. One reconciliation that indicates
whether the sum of debit balances is equal to the sum of credit balances in the general
ledger is commonly known as
a)
b)
c)
d)
a trial balance.
a completeness test.
a closed-loop verification.
a general journal listing.
39. This report indicates whether the total debits equal the total credits posted to the
general ledger.
a)
b)
c)
d)
a trial balance.
a completeness test.
a closed-loop verification.
a general journal listing.
40. Which of the following tasks are accomplished by following the audit trail?
a) trace a transaction from original source document to the general ledger to a report
b) trace an item in a report back through the general ledger to the original source
c) trace all changes in the general ledger from beginning to ending balances
d) All of the above are correct.
41. Which one of the following measures four dimensions of performance?
a)
b)
c)
d)
human resources accounting
social responsibility accounting
a balanced scorecard
integrated databases
42. A report containing measures that relate to the financial, internal operation, customer,
and innovation and learning perspectives of an organization is called a(n)
a)
b)
c)
d)
ERP.
AIS.
balanced scorecard.
data warehouse.
43. Which one of the following dimensions provides measures on how efficiently and
effectively the organization is performing key business processes?
a)
b)
c)
d)
financial
internal operations
innovations and learning
customer perspectives
44. To support the strategic decision-making requirements of organizations, a separate
database may be created and maintained. The name used for such a database depends
on its size. What is the smaller version of such a database called?
a)
b)
c)
d)
a data warehouse
a data mart
a data store
a database management system
45. A financial data warehouse provides support for strategic decision making because it
a)
b)
c)
d)
consolidates current financial data.
contains both current and historical financial data.
contains current financial and operational data.
summarizes historical data.
46. Which statement below about data warehouses and data marts is true?
a) The typical size of a data warehouse is small.
b) Data warehouses may replace the transaction processing databases of an organization.
c) A data warehouse or data mart complements the other databases within the organization by
providing support for strategic decision making.
d) Data marts can be used for transaction processing.
47. The process of accessing the data contained in a data warehouse and using it for
strategic decision making is often referred to as:
a)
b)
c)
d)
artificial intelligence
business intelligence
data mart
data warehousing
48. Which of the following techniques is not used in data mining?
a)
b)
c)
d)
statistical analysis
artificial intelligence
expert systems
neural networks
49. Which of the following is not one of the basic principles that make bar charts easy to
read?
a)
b)
c)
d)
Include data values with each element.
Use 3-D rather than 2-D bars to make reading easier.
Use colors or shades instead of patterns to represent different variables.
Use titles that summarize the basic message.
SHORT ANSWER
50. What is a general ledger and reporting system?
51. What are the four basic activities involved in the general ledger and reporting system?
52. What is a journal voucher file? What is the purpose of this file?
53. What is responsibility accounting?
54. How is a balanced scorecard used to assess organizational performance?
55. How is an audit trail used in the general ledger and reporting system?
56. Explain the benefits of XBRL.
ESSAY
57. Discuss the value and role of budgets as managerial reports.
58. What is data mining? Give an example of how it is used.
59. What are the control objectives in the general ledger and reporting system?
60. Describe three threats in the general ledger and reporting system and identify
corresponding controls for each threat.
61. Explain the preparation of financial statements as the third step in the general ledger
and reporting system.
ANSWER KEY
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
C
B
D
D
C
B
B
D
C
A
A
B
D
B
B
C
A
B
D
A
D
C
A
A
D
B
B
D
C
D
C
D
D
A
B
D
A
A
D
D
C
C
B
B
B
C
B
C
B
A general ledger and reporting system consists of the information processing operations involved
in updating the general ledger and preparing reports that summarize the results of activities for
both external and internal users. The information contained in the general ledger is also part of the
preparation of financial statements.
51. Update general ledger. Post adjusting entries. Prepare financial statements. Produce managerial
reports
52. A journal voucher is a form on which journal entries to update the general ledger are documented.
The individual entries are stored in the journal voucher file. This file is equivalent to the general
journal in a manual AIS. The journal voucher file forms an important part of the audit trail as
well. Various internal controls must be implemented in order to maintain adequate security and
access control over the file, because it provides a way to alter and change the data contained in the
general ledger.
53. Responsibility accounting involves the reporting of financial results on the basis of managerial
responsibilities within an organization. Reports show actual amounts and variances to budget for
the current month and year to date for items controllable at that level.
54. The balanced scorecard contains four perspectives of measurement of the organization. The
perspectives are financial, internal operations, innovation and learning, and customer. Together
these different perspectives provide a dimensional overview of organizational performance that is
greater than financial measures alone. A scorecard that has been properly designed will measure
key aspects of the organization's strategy as well as show important links across the perspectives
or dimensions.
55. An audit trail shows the path of a transaction through the accounting system. It can provide
information needed to trace any changes made to the general ledger by tracing either to or from an
original source document to the general ledger. It helps in tracing all changes in general ledger
accounts from beginning balances to ending balances as well as any adjustments made to the
accounts.
56. XBRL (eXtensible Business Reporting Language) is a variation of XML, which is designed to
communicate the content of data. XML improves upon HTML by being able to describe the
content of the data presented. However, XML is limited when communicating financial
information. For financial purposes, XBRL identifies each piece of data, along with how the data
should be processed and how the data relate to other data items. XBRL may soon become the
universal standard computer language for communicating financial data. XBRL enables
organizations to publish financial information only once, using standard XBRL tags. XBRL
tagged information is interpretable and doesn't need to be re-entered by users.
57. Budgets are managerial reports that can be extracted from the general ledger and reporting system.
Budgets are used for planning and evaluating the organization's performance. There are several
different types of budgets that an organization may use in this regard. The operating budget shows
the planned revenues and expenditures for each organizational unit. Cash flow budgets compare
the estimated cash inflows from operations with planned expenditures, and they are particularly
useful to determine the borrowing needs of the organization. A capital expenditure budget shows
the projected cash inflows and outflows for a given project. Budgetary reports should be tailored
to the nature of the unit or department being evaluated, and they should show actual versus
projected budget amounts. Unfortunately, many budget amounts are viewed as fixed targets, and
they are therefore static and inflexible. Such an approach may either reward or penalize managers
for factors that are beyond their control. A solution to this problem is to develop a flexible budget,
in which variable budgeted amounts change in relation to some measure of organizational activity,
such as labor hours, or a percentage of sales. A flexible budget may also break amounts into their
respective fixed and variable components. Variable amounts can then be adjusted for fluctuations
in sales or production.
58. Data mining is another way to access the information stored in a data warehouse. Data mining
involves the use of sophisticated statistical analysis, including artificial intelligence techniques
like neural networks, to discover new hypothetical relationships in the data. Credit card companies
use data mining to identify patterns of use indicative of fraud. Similarly, data mining techniques
can be used to identify previously unknown relationships in sales data that can then be used as the
basis for future promotions.
59. All updates to the general ledger are properly authorized. All recorded general ledger transactions
are valid. All valid, authorized general ledger transactions are recorded. All general ledger
transactions are accurately recorded. General ledger data are safeguarded from loss or theft.
General ledger system activities are performed efficiently and effectively.
60. Threat 1: Errors in updating the general ledger because of inaccurate/incomplete journal entries or
posting of journal entries - Controls: (1) Input, edit, and processing controls over summary entries
from subsystems. (a) Validity check over existence of general ledger accounts. (b) Field check
over numeric data in amount field. (c) Zero-balance check ensures equality of debits and credits
(d) Completeness test - all pertinent data are entered (e) Redundant data check - closed loop
verification to see if on account numbers and descriptions (f) Standard adjusting entry file for
recurring entries - improves accuracy of the process (g) Sign check on debit and credit entries (h)
Calculation of run-to-run totals can verify the accuracy of journal voucher batch processing (2)
Reconciliation and control reports - can detect errors made during updating and processing; trial
balances, clearing, and suspense accounts are examples (a) Balancing of control and subsidiary
accounts (b) Control reports can help identify the source of errors in the general ledger update
process - listings of journal vouchers and general journal entries will show entries posted to the
general ledger and ensures equality of debits and credits (3) The audit trail - the path of
transactions through the system-should be able to perform the following tasks: (a) Trace any
transaction from its original source document to the general ledger; any other document or report
using that data (b) Trace any item from a report or an output document to the general ledger and
thence to the source document (c) Trace all changes in the general ledger balances from their
beginning balance to their ending balance. THREAT 2: Loss or unauthorized disclosure or
alteration of financial data - Controls: (1) User IDs, passwords, and access controls should be used
(2) Enforce segregation of duties (3) Adjusting entries only from the controller's area (4) Valid
authorization for journal voucher submission. THREAT 3: Loss or destruction of the general
ledger - Controls: (1) Use of internal and external file labels to protect from accidental data loss
(2) Make regular backup copies of the general ledger, one copy stored off-site (3) A good disaster
recovery plan and (7) access and processing integrity controls to ensure confidentiality and
accuracy of data transmitted to branch offices or externally. THREAT 3: Poor performance –
Controls: (1) XBRL, (2) redesign business processes, and (3) redesign metrics used to report
results of business activities.
61. The general ledger collects and reports financial information, and is it used to prepare the financial
statements for an organization. The first statement that is prepared is the income statement. It is
based on data from revenue and expense accounts that have been subject to adjustment. The
adjusted trial balance is used to provide the balances used on the income statement (of course the
adjusted trial balance is generated as part of the second step in the general ledger and reporting
system). Revenue and expense accounts can then be "zeroed out" using closing entries, which will
transfer any net income or loss to the retained earnings account. The balance sheet can then be
prepared. The statement of cash flows is prepared after the balance sheet, because it uses data
obtained from both the income statement and the balance sheet as well as other information about
the organization's investing and financing activities.
Chapter 15
MULTIPLE CHOICE
1. There are five basic stages in the database design process. The step which includes
developing the conceptual-, external-, and internal-level schema into the actual
database structures is known as
a)
b)
c)
d)
stage one.
stage two.
stage three.
stage four.
2. Accountants should be involved in __________ aspect(s) of the database design
process.
a)
b)
c)
d)
only the physical modeling
all
only the data flow diagram
only the requirements analysis
3. At what stage should accountants participate in the database design process?
a)
b)
c)
d)
in stages one, two, and three
in stages four, five, and six
only in stage one
in all six stages, although their level of participation may vary
4. The process of defining a database so that it faithfully represents all aspects of the
organization including its interactions with the external environment is called
a)
b)
c)
d)
data modeling.
data designing.
data development.
data definition.
5. Accountants may provide the greatest value to their organization by taking
responsibility for data modeling. In which stage(s) of the database design process
does data modeling occur?
a)
b)
c)
d)
only in the systems analysis stage
only in the design stage
in both the systems analysis and design stages of database design
neither the systems analysis nor the design stages of database design
6. A(n) __________ diagram graphically depicts a database's contents by showing
entities and relationships.
a)
b)
c)
d)
DFD
flowchart
E-R
REA
7. An entity-relationship diagram (E-R) is useful because it shows the various entities
being modeled and the important relationships among them. Anything about which
the organization wants to collect and store information is called
a)
a data model.
b) an entity.
c) a schema.
d) a tuple.
8. An E-R diagram represents entities as __________ and the relationships between
them as lines and __________.
a)
b)
c)
d)
circles; squares
squares; diamonds
rectangles; diamonds
rectangles; circles
9. An E-R diagram
a)
b)
c)
d)
Can represent the contents of any database.
Are only used in conjunction with REA models.
Can show a limited number of entities and relationships
Are used only to design new databases.
10. An E-R diagram
a)
b)
c)
d)
only depicts the contents of a database.
only graphically models an organization.
only defines a database so that it represents all aspects of the organization.
depicts both the contents of a database and graphically models an organization.
11. The REA data model
a)
b)
c)
d)
Is used in many areas of business and science.
Was developed solely for use in designing accounting information systems.
Classifies data into relationships, entities and accounts.
All of the above.
12. An example of an event is
a)
b)
c)
d)
employees
customers
sales
cash
13. An example of a resource is
a)
b)
c)
d)
employees
customers
sales
cash
14. An example of an agent is
a)
b)
c)
d)
customer
sales
cash
inventory
15. What does the acronym REA mean?
a) resources, events, agents
b) resources, entities, agents
c) relations, events, agents
d) relations, entities, agents
16. In the REA data modeling technique, the identifiable objects that have economic
value to the organization are called
a)
b)
c)
d)
resources.
assets.
entities.
objects.
17. The __________ in the REA model include all of the organization's business
activities.
a)
b)
c)
d)
resources
events
agents
entities
18. The groups of people about which an organization collects data to help it better plan,
control, and evaluate performance of its basic business activities are the
a)
b)
c)
d)
employees.
events.
agents.
entities.
19. Events must be linked to at least one
a)
b)
c)
d)
Account
Agent
Entity
Resource
20. Events must be linked to at least two
a)
b)
c)
d)
Agents
Entities
Events
Resources
21. Which of the following is not one of the rules that describe how the three types of
entities should relate to one another in an REA data model?
a)
b)
c)
d)
Each event is linked to at least one resource that it affects.
Each event is linked to at least one other event.
Each event is linked to at least two participating agents.
All of the above are important rules.
22. The REA data model supports both __________ and __________ types of data.
a)
b)
c)
d)
financial; nonfinancial
logical; physical
planning; control
traditional; nontraditional
23. Nonfinancial information should be collected because
a)
b)
c)
d)
it may indicate events that may affect resources.
it can be used to plan other activities.
it can be used in transaction processing.
both A and B
24. Which is a true statement about the REA data model?
a)
b)
c)
d)
The REA data model classifies entities into three distinct categories.
The term REA is an acronym that stands for resources, entities, and agents.
Using an REA data model is not helpful when creating an R-E diagram.
The "E" in the REA data model stands for things that have an economic value to the organization.
25. An REA diagram must link every event to at least one __________ and two
__________.
a)
b)
c)
d)
resource; agents
agent; resources
transaction; entities
resource; relationships
26. Each event in an REA model will in most cases have at least one __________ agent
and one __________ agent involved with the event.
a)
b)
c)
d)
internal; resource
external; entity
internal; employee
internal; external
27. Relationships that affect the quantity of a resource are sometimes referred to as
_______ relationships.
a)
b)
c)
d)
commitment
exchange
stockflow
none of the above
28. Using the REA data model, promises to engage in future economic exchanges are
called
a)
b)
c)
d)
commitments.
economic exchanges.
resources.
agents.
29. The "give" event represents an activity which
a)
b)
c)
d)
includes a promise to engage in future economic exchanges.
increases the organization's stock of an economic resource.
reduces the organization's stock of a resource that has economic value
none of the above.
30. The "get" event represents an activity which
a) includes a promise to engage in future economic exchanges.
b) increases the organization's stock of an economic resource.
c) reduces the organization's stock of a resource that has economic value
d) none of the above.
31. Concerning the development of an REA model, which of the following statements is
true?
a)
b)
c)
d)
Events that pertain to the entry of data are included in the REA model.
The objective is to model the basic value-chain activity.
REA diagrams model individual transactions and data collections.
Information retrieval events are modeled as events in the REA model.
32. Developing an REA diagram for a specific transaction cycle consists of how many
steps?
a)
b)
c)
d)
one
two
three
four
33. Developing an REA diagram for a specific transaction cycle consists of steps. The
first step involves
a)
b)
c)
d)
Identifying events
Identifying agents
Identifying resources
Identifying cardinality
34. Developing an REA diagram for a specific transaction cycle consists of steps. The
second step involves
a)
b)
c)
d)
Identifying agents
Identifying resources
Identifying cardinality
Both a and b
35. Developing an REA diagram for a specific transaction cycle consists of steps. The
third step involves
a)
b)
c)
d)
Identifying events
Identifying agents
Identifying resources
Identifying cardinalities of each relationship
36. The measure of how many instances of the other entity can be linked to one specific
instance of a given entity is called
a)
b)
c)
d)
a resource.
a cardinality.
an agent.
an exchange event.
37. Concerning cardinality, which of the following is false?
a)
b)
c)
d)
Cardinalities describe the nature of the relationship between two entities.
No universal standard exists for representing information about cardinalities in REA diagrams.
The minimum cardinality can be zero.
The maximum cardinality can be zero.
38. Concerning cardinality, which of the following is true?
a)
b)
c)
d)
The three basic types of relationship between entities are identified by their minimum cardinality.
The choice of cardinalities is arbitrary.
The minimum cardinality is generally given last.
Cardinality information is the final step in drawing an REA diagram
39. In an REA diagram, the pair of numbers next to each entity represents the
cardinalities for the entity. The first number in the pair is known as
a)
b)
c)
d)
the minimum cardinality.
the maximum cardinality.
the x axis cardinality.
the y axis cardinality.
40. The minimum cardinality of a relationship in an REA diagram can be either
a)
b)
c)
d)
0 or 1.
0 or N.
1 or N.
none of the above
41. The maximum cardinality of a relationship in a REA diagram can be either
a)
b)
c)
d)
zero or one.
one or many.
zero or many.
none of the above
42. How many types of relationships are possible between entities?
a)
b)
c)
d)
one
two
three
an infinite number
43. A one-to-many relationship exists between entities when the maximum cardinality of
one entity is __________ and the maximum cardinality for the other entity in that
relationship is __________.
a)
b)
c)
d)
1; 1
1; N
M; N
M; M
44. Cardinalities reflect __________ about the organization being modeled and its
business practices.
a)
b)
c)
d)
assumptions
opinions
facts
theories
45. Assume the cardinalities associated in a relationship all have zero minimums and N
maximums. This would be an example of which cardinality rule?
a)
b)
c)
d)
agent-event relationship
resource-event relationship
event-event relationship
none of the above relationships
46. Concerning REA diagrams, which of the following is false?
a)
b)
c)
d)
Each organization will have its own unique REA diagram.
An REA diagram for a given organization will change over time.
Data modeling and REA diagram development involve complex and repetitive processes.
Redrawing an REA diagram several times during development is uncommon.
47. Which of the following is not one of the five stages of database design?
a) systems analysis
b) conceptual design
c) data modeling
d) implementation
48. Data modeling is an element of
a) Systems analysis
b) Conceptual design
c) Both A and B
d) None of the above
49. The REA model classifies entities into three basic categories. Which of the following
is one of these three?
a) resources
b) relationships
c) accounting
d) entities
50. Developing an REA model involves three steps. In which step are the agents
identified?
a) First
b) Second
c) Third
d) None of the above
SHORT ANSWER
51. What is data modeling?
52. What is an REA data model?
53. Name and describe the three parts of the REA data model.
54. List the five stages in the database design process.
55. Define cardinality.
56. Identify the three basic rules that apply to the REA model pattern.
57. What are the three steps in developing an REA diagram?
58. Explain how an AIS system can be viewed as a set of "give-to-get" exchanges.
ESSAY
59. Define minimum and maximum cardinalities.
60. Describe the possible relationships between entities in terms of cardinalities.
61. Comment on the statement, "Accountants can and should participate in all stages of
the database design process."
ANSWER KEY
1. B
2. B
3. D
4. A
5. C
6. C
7. B
8. C
9. A
10. D
11. B
12. C
13. D
14. A
15. A
16. A
17. B
18. C
19. D
20. A
21. D
22. A
23. D
24. A
25. A
26. D
27. C
28. A
29. C
30. B
31. B
32. C
33. A
34. D
35. D
36. B
37. D
38. D
39. A
40. A
41. B
42. C
43. B
44. C
45. B
46. D
47. C
48. C
49. A
50. B
51. Data modeling is the process of defining a database so that it faithfully represents all aspects of the
organization, including its interaction with the external environment.
52. The REA data model is a conceptual modeling tool specifically designed to provide structure for
designing an AIS database. The REA data model identifies what entities should be included in the
AIS database and prescribes how to structure relationships among the entities in the AIS database.
53. REA stands for resources, events, and agents. Resources are defined as those things that have
economic value to the organization. Events are the various business activities about which
management wants to collect information for planning and control purposes. Agents are the
people and organizations that participate in events and about which information is desired for
planning, control, and evaluation purposes.
54. Systems Analysis, conceptual design, physical design, implementation and conversion, and
operation and maintenance.
55. The cardinality of the relationship indicates how many occurrences of the entity on the other side
of the relationship can be linked to a single occurrence of the entity on this side of the relationship.
In relational database terms, cardinality provides information about how many rows in the other
table can be linked to each row in this table.
56. Each event is linked to at least one resource that it affects. Each event is linked to at least one
other event. Each event is linked to at least two participating agents.
57. Developing an REA diagram involves three steps. First, identify the basic events of interest (any
activity about which management wants to collect information in order to plan, control, and
evaluate performance). Second, identify the resources affected by and the agents who participate
in those events. Third, use knowledge about the organization’s business practices to add
relationship cardinality information to the diagram.
58. An AIS system can be viewed as a set of "give-to-get" exchanges because such exchanges reflect
the nature of the five transaction cycles: revenue, expenditure, human resources, production, and
financing. In each cycle the organization "gives" some resource in exchange for another resource
(the "get" part of the transaction). The goal is that the "give" part of the exchange is of lesser value
than the "get" portion, thus generating a profit for the organization. The AIS should capture,
record, and organize information relating to any transaction that occurs within a cycle.
59. A minimum cardinality indicates the number of instances of that entity that must be associated
with at least one instance of the other entity. Minimum cardinalities can be 0 or 1. A maximum
cardinality indicates the number of instances of that entity that can be linked to at most one
instance of the other entity. Maximum cardinalities can be 1 or N (many).
60. There are three types or relationships possible between entities depending upon maximum
cardinality. These are: A one-to-one relationship exists when the maximum cardinality of each
entity is 1. A one-to-many relationship exists when the maximum cardinality on one entity is 1 and
maximum cardinality of the other entity is N. A many-to-many relationship exists when the
maximum cardinality of both entities is N.
61. Accountants are in a unique position within a business organization. They are intimately
acquainted with the many business transactions that occur in an organization and they are
knowledgeable about the policies and practices of the business itself as well as the environment
within which it operates. The knowledge base and skill sets of the accountant should be put to
good use in the development of database design to the fullest extent possible (although some
accountants may not possess AIS coding and development skill sets). Consider that during the
planning stage accountants provide some of the information used to evaluate the feasibility of the
proposed project and they participate in making the decision itself. Accountants can identify user
information needs and develop logical schema during the requirement analysis and design stages.
Accountants can also help test the accuracy of the new database and application programs during
the implementation stage of development. Accountants can also act as "subject matter experts"
since they are knowledgeable users of the new system. They can also serve as managers of the
system once it is up and running.
Chapter 16
MULTIPLE CHOICE
1. Integrating separate REA diagrams developed for individual transaction cycles into a
single, comprehensive enterprise-wide data model
a) is possible.
b) requires understanding what the cardinalities in each separate diagram reveal about the
organization’s business policies and activities.
c) provides a single comprehensive enterprise-wide model of the organization.
d) all of the above are true.
2. An integrated REA diagram merges multiple copies of _______ and ______entities
but retains multiple copies of ______ entities.
a)
b)
c)
d)
Resource, event, agent
Relationship, economic, accounting
Resource, economic, agent
Relationship, event, accounting
3. An integrated REA diagram contains multiple copies of
a)
b)
c)
d)
4.
Accounts
Agents
Events
Resource
An integrated REA diagram merges multiple copies of some entities in order to
a) Minimize the repetition of agent entities.
b) Maximize the legibility of the comprehensive REA diagram by avoiding the need to have
relationship lines cross one another.
c) Both A and B are true.
d) Both A and B are false.
5.
An integrated REA diagram merges multiple copies of some entities in order to
a) Minimize the repetition of agent entities.
b) Maximize the legibility of the comprehensive REA diagram by avoiding the need to have
relationship lines cross one another.
c) Both A and B are true.
d) Both A and B are false.
6. Combining REA diagrams for individual transaction cycles into a single, enterprisewide model adds two more rules to the three basic principles for drawing REA
diagrams. Which of the following is not one of those two new rules?
a)
Every resource must be linked to at least one event that increments that resource and to at least one
event that decrements that resource.
b) If a specific event can be linked to more than one other type of event, but cannot be linked
simultaneously to all of those other events, then the minimum cardinality between that event and
every other event with which it may be associated must be 0.
c) If a specific event can be linked to more than one other type of event, but cannot be linked
simultaneously to all of those other events, then the maximum cardinality between that event and
every other event with which it may be associated must be 0.
d) None of the above
7. Concerning a correctly drawn enterprise-wide REA diagram, which of the following
statements is not true?
a) Every event must be linked to at least one resource.
b) Merging two transaction cycles on a common event may affect the minimum cardinalities between
the merged event and the agents participating in that event.
c) Every event must be linked to one agent who participates in that event.
d) Creating a set of tables from an REA diagram automatically results in a well-structured relational
database.
8. Which of the following is not one of the three steps to implementing an REA diagram
in a relational database?
a)
b)
c)
d)
Assign attributes to appropriate tables.
Create a table for each distinct entity in the diagram and for each many-to-many relationship.
Every event must be linked to at least one resource.
Use foreign keys to implement one-to-one and one-to-many relationships.
9. REA diagrams for different organizations may be similar, but will likely result in
different relationship cardinalities because of
a)
b)
c)
d)
Differences in business policies
Different designers of REA diagrams
Different methods of drawing REA diagrams
Errors in drawing REA diagrams
10. What is the first step to implementing an REA diagram in a relational database?
a)
b)
c)
d)
Assign attributes to appropriate tables.
Create a table for each distinct entity in the diagram and for each many-to-many relationship.
Identify cardinalities.
Use foreign keys to implement one-to-one and one-to-many relationships.
11. Concerning REA diagrams and relational databases, which of the following is true?
a) A well designed relational database is the starting point for creating an REA diagram.
b) A well-designed REA diagram will result in the occasional update, insert or delete anomaly
problem in the relational database.
c) Database design is generic for similar organizations.
d) The design of a database is specific to the organization being modeled.
12. Concerning the creation of tables from an REA diagram, which of the following is
false?
a) A properly designed relational database has a table for each distinct entity in an REA diagram.
b) A properly designed relational database has a table for each many-to-many relationship in an REA
diagram.
c) To reduce confusion, table names should not duplicate REA diagram entities' names.
d) Many-to-many relationships will be shown in tables with hyphenated concatenations of the
entities' names.
13. When assigning attributes to each table,
a)
The database designer must interview users to identify which facts should be included in the
database.
b) The database designer must interview management to identify which facts should be included in
the database.
c) The database designer must use the REA diagram to help determine in which tables those facts
belong.
d) All of the above.
14. Multiple attribute primary keys are
a)
b)
c)
d)
Common
Concatenated keys
Disallowed
Secondary keys
15. The primary key for M:N relationship tables
a)
b)
c)
d)
Is a single attribute
Always consists of two attributes
Is the primary key of the most important entity linked to that relationship
Is impossible to determine
16. Other attributes besides the primary key are
a)
b)
c)
d)
Included to satisfy transaction processing requirements.
Included to meet management's information needs.
Both A and B
None of the above
17. Concerning tables for M:N relationships, which of the following statements is false?
a)
b)
c)
d)
Non-key attributes may be included.
Multiple attribute primary keys are used.
Single attribute primary keys may be used.
Concatenated keys are used.
18. Concerning the creation of tables from an REA diagram, which of the following is
false?
a)
b)
c)
d)
Foreign keys are used to implement 1:1 and 1:N relationships.
A table is created for each distinct entity.
A table is created for each M:N relationship.
Tables are completed with input data.
19. When implementing 1:1 and 1:N relationships
a)
b)
c)
d)
Foreign keys are used.
Separate tables could be used.
The primary key of one entity becomes a foreign key in the other entity's table.
Concatenated primary keys are used.
20. Concerning the creation of tables from an REA diagram, which of the following is
false?
a) M:N relationships must be implemented as separate tables.
b) 1:N relationships are implemented with the primary key of the 1 side becoming a foreign key on
the N side.
c) 1:1 relationships are implemented with the primary key of either entity included as a foreign key
in the table representing the other entity.
d) All of the above are true
21. M:N relationships must be implemented
a)
b)
c)
d)
As separate tables
With concatenated primary keys
Both A and B
Neither A nor B
22. Which of the following is not part of a "final accuracy check" when creating
relational tables from an REA diagram?
a)
b)
c)
d)
Every attribute in every table is single-valued (i.e., each table is a flat file).
Every event must be linked to at least one resource.
Every table must have a primary key.
Other non-key attributes in each table must be either a fact about the thing designated by the
primary key or foreign keys used to link that table to another table.
23. When comparing REA diagrams used to design an AIS with a traditionally designed
AIS,
a)
b)
c)
d)
Traditional AIS information, such as journals and ledgers no longer exist.
Similar information is present as in a traditional AIS but stored in a different format.
Queries are used to input data into the AIS.
An REA designed AIS cannot recreate a traditional journal.
24. Concerning the use of REA diagrams to retrieve information from a database:
a)
Although neither journals nor ledgers appear explicitly in an REA diagram, each can be created
through appropriate queries.
b) The information normally found in a journal is contained in the tables used to record data about
events.
c) Much of the information about an organization’s assets that is traditionally recorded in ledgers is
stored in resource tables in an REA-based relational database.
d) All of the above
25. Much of the information about an organization’s assets that is traditionally recorded
in ledgers is stored in ______ tables in an REA-based relational database.
a)
b)
c)
d)
Account
Agent
Event
Resource
26. In an REA-based relational database, the information normally found in a _______ is
contained in the tables used to record data about _______.
a)
b)
c)
d)
Journal, events.
Journal, resources.
Ledger, events.
Ledger, resources.
27. Concerning REA models, which of the following is false?
a) Many financial statement accounts are represented as resources in the REA model.
b) Accounts such as Accounts Receivable show up as entities in the REA model.
c) Some accounts represent an imbalance between two related events in the REA model.
d) Much of the information about an organization’s assets that is traditionally recorded in ledgers is
stored in resource tables in an REA-based relational database.
28. Because information about temporal imbalances between two _________, such as
accounts receivable and accounts payable, is needed so frequently, such calculated
values are sometimes stored as _________ in the appropriate tables.
a)
b)
c)
d)
Events, agents.
Events, attributes.
Resources, agents.
Resources, attributes.
29. Concerning the generation of financial statements from an REA-based relational
database, which of the following is false?
a)
It is possible to use a completed REA diagram to guide the writing of queries to produce the
information that would be included in financial statements.
b) Many financial statement items can be displayed by querying a single table.
c) It is unnecessary to understand the REA data model to know which tables need to be included in
each query to generate the correct answers to financial statement questions.
d) A major advantage of the REA data model is that it integrates non-financial and financial data.
30. In comparing the REA model to the traditional AIS, which of the following is false?
a) Traditional AISs contain only data about the financial aspects of transactions.
b) A major advantage of the REA data model is that it integrates non-financial and financial data in
the AIS and makes both types of data easily accessible to management.
c) In the REA model, many financial statement items can be displayed by querying a single table.
d) Accounts in the traditional AIS are analogous to resources in the REA-based relational database.
31. The majors benefits of using the REA model as the basis for designing an AIS
include all of the following except:
a) The REA data model integrates non-financial and financial data in the AIS
b) The REA data model makes both non-financial and financial data easily accessible to
management.
c) The REA data model provides the basis for building the kind of flexible AIS that is responsive to
management’s changing information needs,
d) The REA data model reduces the need for accountants to understand the underlying accounting
journals and ledgers.
32. Technological changes
a)
b)
c)
d)
Do not change the mechanics of accounting procedures.
Have little effect on accounting process.
Do not change the need for management reports and financial statements.
Are more easily adapted using traditional AIS models.
33. REA data modeling
a)
b)
c)
d)
Can be used only to model financial data.
Can provide accountants with a method for more easily adapting the AIS to respond to change.
Is an example of a traditional accounting concept.
Is just a fancy way of doing E-R diagramming.
34. Concerning REA diagrams for individual transaction cycles, which of the following is
false?
a) They depict basic give-to-get economic duality relationships
b) They usually provide only a partial view of resources
c) They need to be combined in order to provide a comprehensive enterprise-wide data model. .
d) They show both how resources are acquired and how they are used
35. Concerning enterprise-wide REA diagrams, which of the following is false?
a)
Merging two or more REA diagrams that contain the same resource entity does not require any
changes to the cardinality pairs in the individual diagrams.
b) Merging two or more diagrams that contain a common event entity, however, often requires
changing the minimum cardinalities associated with the other events to 0, to reflect the fact that
the merged event may be connected to any one of several different events, but not to all of them
simultaneously.
c) The minimum cardinalities associated with agents may also have to be changed to 0.
d) All of the above are true
36. Concatenated keys
a)
b)
c)
d)
Are only needed when combining two or more REA diagrams.
Are foreign keys used to implement 1:N or 1:1 relationships.
Are multiple attribute keys used to implement 1:M relationships.
Are required to implement M:N relationships.
37. Which types of REA entities become separate tables in a relational database?
a)
b)
c)
d)
Agents
Events
Resources
All of the above.
38. How many tables are needed to implement an REA data model that has six distinct
entities, three M:N relationships and four 1:N relationships in a relational database?
a)
b)
c)
d)
6
9
11
13
39. How many tables are needed to implement an REA data model that has five distinct
entities, two M:N relationships and three 1:N relationships in a relational database?
a)
b)
c)
d)
5
7
8
10
40. Which type of relationship cardinality requires the implementation of a separate
table?
a) 1:0
b) 1:1
c) 1:N
d) M:N
41. When combining two REA diagrams by merging common entities, changes in the
cardinality of the merged entity is needed when it is a
a)
b)
c)
d)
Agent
Event
Relationship
Resource
42. Where is information traditionally found in journals stored in an REA database?
a)
b)
c)
d)
Agent
Event
Relationship
Resource
43. Which table is most likely to have a concatenated key?
a)
b)
c)
d)
customer
sales
customer-sales
none of the above
44. An REA diagram contains five instances of the Customer entity. How many tables
does this require in a relational database?
a)
b)
c)
d)
one
two
three
four
45. In an REA relational database, traditional ledger information is obtained by querying
a)
b)
c)
d)
Agents
Events
Resource
All of the above
46. Cardinalities reflect __________ about the organization being modeled and its
business practices.
a)
b)
c)
d)
assumptions
opinions
facts
theories
47. _______ databases are commonly used to support transaction processing.
a)
b)
c)
d)
Access
E-R
REA
Relational
48. Integrating separate REA diagrams into a single comprehensive enterprise-wide
model of the organization, requires understanding what the __________ in each
separate diagram reveal about the organization's business policies and activities.
a)
b)
c)
d)
cardinalities
data
events
transactions
49. When merging redundant resource entities into a new REA diagram,
a)
b)
c)
d)
Common resources are placed between the events that affect them.
Each resource is connected to two agents that either increase or decrease it.
Resources are duplicated to show the give and get of economic duality relationships.
None of the above.
50. The five rules for drawing an integrated REA diagram
a) Help develop a correct REA diagram
b) Are used as check figures to validate the accuracy of a completed REA diagram.
c) Both
d) None of the above
SHORT ANSWER
51. What kinds of databases can the REA data model be used to design?
52. In order to integrate separate REA diagrams into an integrated organizational REA
model, what must the designer understand?
53. List the five rules for drawing integrated REA diagrams.
54. What is a concatenated key?
55. What are the three steps to implementing an REA diagram in a relational database?
ESSAY
56. Explain a completeness check.
57. Explain where in the REA model you can find the information normally found in a
ledger.
58. Explain where in the REA model you can find the information normally found in a
journal.
59. What are the advantages of the REA data model over the traditional AIS model?
ANSWER KEY
1. D
2. A
3. B
4. B
5. B
6. C
7. C
8. C
9. A
10. B
11. D
12. C
13. D
14. B
15. B
16. C
17. C
18. D
19. A
20. D
21. C
22. B
23. B
24. D
25. D
26. A
27. B
28. B
29. C
30. D
31. D
32. C
33. B
34. D
35. D
36. D
37. D
38. B
39. B
40. D
41. B
42. B
43. C
44. A
45. D
46. C
47. D
48. A
49. A
50. C
51. The REA data model can be used to design both relational and object-oriented databases.
52. The designer must understand what the cardinalities in each separate diagram reveal about the
organization’s business policies and activities.
53. Every event must be linked to at least one resource. Every event must be linked to two agents who
54.
55.
56.
57.
58.
59.
participate in that event. Every event that involves the disposition of a resource must be linked to
an event that involves the acquisition of a resource. (This reflects the economic duality underlying
“give-to-get” economic exchanges.) Every resource must be linked to at least one event that
increments that resource and to at least one event that decrements that resource. If a specific event,
referred to as the focal event, can be linked to more than one other type of event, but cannot be
linked simultaneously to all of those other events, then the minimum cardinality between that focal
event and every other event with which it may be associated must be 0.
A concatenated key is a multiple-attribute primary key, general used for M:N relationships.
Create a table for each distinct entity in the diagram and for each many-to-many relationship.
Assign attributes to appropriate tables. Use foreign keys to implement one-to-one and one-tomany relationships.
The list of attributes that users and management want included in the database provides a means to
check and validate the implementation process. Every attribute in that list should appear in at least
one table, as either a primary key or “other” attribute. Checking this list against the table column
names may reveal not only the fact that a particular attribute has not been assigned to the
appropriate table in the database but may even indicate the need to modify the REA diagram itself.
In traditional AISs, ledgers are master files that contain cumulative information about specific
accounts. In a relational database designed according to the REA data model, resource and agent
entities contain permanent information that is carried over from one fiscal year to the next. Thus,
much of the information about an organization’s assets that is traditionally recorded in ledgers is
stored in resource tables in an REAbased relational database.
In traditional AISs, journals provide a chronological listing of transactions. In a relational database
designed according to the REA data model, event entities store information about transactions.
Thus, the information normally found in a journal is contained in the tables used to record data
about events. For example, each row in the Sales event table contains information about a
particular sales transaction. Thus, a sales journal can be produced by writing a query that displays
the appropriate entries in the sales table for a given period. In a similar manner, queries of the
Order Inventory event and Cash Disbursements event tables can be used to generate purchases and
cash disbursements journals.
A major advantage of the REA data model is that it integrates non-financial and financial data in
the AIS and makes both types of data easily accessible to management. In contrast to the REA
data model, the general ledger in traditionally designed AISs uses the chart of accounts to store
and organize data based on the structure of financial statements. Consequently, traditional AISs
contain only data about the financial aspects of transactions. Other information that may be of
use to management, such as the time of day a sale occurred or the reason why a customer was
purchasing a specific item, would have to be stored in a separate database or information
system. The existence of separate systems makes it more difficult for management to easily
and quickly access the information it needs. It also provides opportunities for data entry errors
to create inconsistencies between systems, thereby reducing the utility of any reports that are
generated. Thus, a major benefit of using the REA model as the basis for designing an AIS is
the ability to easily integrate information that traditionally appears in financial statements
with other, non-financial information necessary to effectively manage operations and evaluate
performance. It is vitally important that an organization’s AIS be capable of storing both
traditional financial measures and other operational performance measures.
Chapter 17
MULTIPLE CHOICE
1. Explicitly identifying the different employees who participate in each event by their
job functions is helpful when verifying
a) Internal controls.
b) Job descriptions.
c) Proper supervision.
d) Segregation of duties.
2. Many companies sell software, music, or digital photographs over the Internet. They
give up a digital copy of those resources, but not the actual resource itself. How will
this company's REA model differ from those selling traditional inventory?
a) These companies do not need an Inventory table.
b) The structure of Inventory table is completely different from that of massproduced merchandise.
c) The inventory table is only different in that it doesn't need attributes such as
quantity-on-hand, quantity-available, reorder point, and standard reorder quantity.
d) The Inventory table need not include information about the standard list price of
each item and its description.
3. The minimum cardinality from the Take Order event to the Call on Customer event is
_____ and the maximum cardinality is _____.
a)
b)
c)
d)
0;0
0;1
1;0
1;1
4. The relationship between the Fill Customer Order and Ship Order events is 1-1. The
minimum cardinalities reflect the fact that the two events are sequential.
a)
b)
c)
d)
0:N
1:1
1:N
M:N
5. Sales order number is most likely to be a foreign key in:
a) Call on Customers
b) Fill Customer Order
c) Ship Order
d) Take Customer Order
6. Sales order number is most likely to be a primary key in:
a) Call on Customers
b) Fill Customer Order
c) Ship Order
d) Take Customer Order
7. Customer number is least likely to be a foreign key in:
a) Call on Customers
b) Customers
c) Fill Customer Order
d) Take Customer Order
8. Picking ticket number is most likely to be a primary key in:
a) Call on Customers
b) Fill Customer Order
c) Ship Order
d) Take Customer Order
9. Picking ticket number is most likely to be a foreign key in:
a)
b)
c)
d)
Call on Customers
Customers
Fill Customer Order
Ship Order
e) Take Customer Order
10. In an REA model, rental transactions differ from sales transactions in that
a)
b)
c)
d)
Each rental has a part number.
Each rental has a unique serial number
Rental transactions require completely different REA models than sales transactions.
All of the above.
11. Concerning the relationship from the Rent Item to the Receive Cash event: The
minimum cardinality is______ because customers typically pay first, prior to taking
possession of the item. The maximum cardinality is _____ because there may be
additional charges imposed when the item is returned.
a)
0,1
b) 1,1
c)
1,N
d) N,M
12.
The relationship between the Rent Item and Return Item events is ____.
a)
b)
c)
d)
13.
0:N
1:1
1:N
M:N
Which of the following is an example of an additional event that larger organizations
might want to include in their REA models?
a) Purchase requests
b) Purchase orders
c) Sales
d) None of the above
14.
Concerning cost data, which of the following is false?
a) Cost information is stored in several tables.
b) Standard cost is stored as an attribute of the Inventory table because it is the same for all units of a
given inventory item for a fiscal year.
c) In contrast, the actual cost of inventory is stored in the Inventory-Order_Goods table because
purchase prices can vary over time.
d) Actual cost can be stored as an attribute of the Inventory table for organizations using LIFO or
FIFO.
15. Which is the most likely primary key for the Inventory—Request_Goods table?
a)
b)
c)
d)
Product number
Product number - Purchase order number
Product number - Purchase requisition number
Purchase requisition number
16. Which is the most likely primary key for the Pay for Goods table?
a)
b)
c)
d)
Cash transaction number
Check number
Receiving report number
Receiving report number, check number
17. Concerning the sale of services, the minimum cardinality from the Sales event to the
Services entity is ____. However, the minimum cardinality from the Sales event to
the Inventory Resource is ____.
a) 0;0
b) 0;1
c) 1;0
d) 1;1
18. The REA model for sale of services includes relationships between the Sales event
and both the Services and Inventory Resource entities. The nature of the cardinality of
those relationships depends on the specific business, but usually both relationships
will be modeled as being _____because most businesses provide the same types of
services to many different customers, using standard mass-produced parts.
a)
b)
c)
d)
0:N
1:1
1:N
M:N
19. M:N agent-event relationships occur whenever an activity is performed by
_________ employee and management wants to retain the ability to monitor
_________ performance.
a) More than one, group
b) More than one, individual
c) One, group
d) One, individual
20. Most locations, such as Warehouse or Financial Institution, will have a minimum
cardinality of
a)
b)
c)
d)
0
1
M
None of the above
21. Since, the same inventory items may be stored in several different warehouses, hence
the maximum cardinality from Inventory to Warehouses is ____ and the minimum
cardinality from the Inventory resource to Warehouses may be ____.
a)
b)
c)
d)
0; N
N; 0
1; N
M; N
22. Relationships between resources and agents, such as the Inventory Resource entity
and the Supplier Agent entity, reflect the common best practice of identifying
preferred and alternative suppliers for specific inventory items. Similar relationships
between resources and employees can be used to model __________ and
__________.
a)
b)
c)
d)
Cost; revenue
Performance; behavior
Responsibility; accountability
Segregation of duties; internal control
23. Warehouse number is most likely to be a foreign key in:
a)
b)
c)
d)
Order Goods
Pay for Goods
Receive Goods
Warehouse
24. Supplier number is least likely to be a foreign key in:
a)
b)
c)
d)
Order Goods
Pay for Goods
Receive Goods
Warehouse
25. Financial institution number is most likely to be a foreign key in:
a)
b)
c)
d)
Cash
Pay for Goods
Receive Goods
Warehouse
26. The cardinality pair from the Financial Institution entity to the Cash resource has a
___ minimum and an ___ maximum because companies will probably only keep
information about financial institutions with which they have accounts but may have
more than one account at the same financial institution.
a)
b)
c)
d)
0; N
0; 1
1; N
M; N
27. Supplier number is most likely to be a foreign key in:
a)
b)
c)
d)
Inventory—Request_Goods
Receive Goods
Supplier
Warehouse
28. In the HR REA M/payroll diagram, the __________ entity is linked to almost every
other entity in the diagram.
a) Employee
b) Job title
c) Payroll
d) Worker I.D.
29. In the human resources REA model, the relationship between Skills and Employees is
modeled as
a)
b)
c)
d)
0:N
1:1
1:N
M:N
30. The __________ entity stores much of the data typically found in the employee
(payroll) master file:
a)
b)
c)
d)
Accounting
Employee
HR
Payroll
31. In the human resources REA model, the relationship between the Employees and
Training is
a)
b)
c)
d)
1:1
1:N
M:N
None of the above
32. The ______ relationship between Skills and Recruiting reflects the fact that each
advertisement may seek several specific skills and that, over time, there may be
several advertisements for a given skill.
a)
b)
c)
d)
1:1
1:N
M:N
None of the above
33. The Interview event stores detailed data about each job interview. It is linked to the
Hire Employees event in a(n) _____ relationship.
a)
b)
c)
d)
1:1
1:N
M:N
None of the above
34. Concerning the issuance of debt, the cardinality of the relationship from the Disburse
Cash event to the Issue Debt event has a _____ maximum.
a)
b)
c)
d)
0
1
M
None of the above
35. Concerning the issuance of debt, the cardinality of the relationship from the Disburse
Cash event to the Issue Debt event has a _____ minimum.
a)
b)
c)
d)
0
1
M
None of the above
36. The cardinality pair from the Order Goods event back to the Request Goods event
also has a ___ minimum and ___ maximum.
a)
0,1
b) 0,N
c) 1,N
d) N,M
37. The cardinality pair from the Request Goods event to the Order Goods event has a
minimum cardinality of ____ and a maximum of ____.
a)
0,1
b) 0,N
c) 1,N
d) N,M
38. The relationship between the Disburse Cash and Issue Stock events is modeled as
being
a)
b)
c)
d)
1:1
1:N
M:N
None of the above
39. Concerning the relationship between the Disburse Cash and Issue Stock events the
minimum cardinalities are (respectively)
a) 0;0
b) 0;1
c) 1;0
d) 1;1
40. The relationship between the Acquire Services and Disburse Cash events is modeled
as ____ to reflect the common situation in which the organization obtains the use of a
specific service for a particular period of time and makes a payment each month for
the services it acquired and used that month.
a)
b)
c)
d)
1:1
1:N
M:N
None of the above
41. Concerning tracking employee time, it is not necessary to link the Track Time Used
entity to specific business events, however, but doing so facilitates
a) evaluating performance at a very detailed level
b) general performance evaluation
c) evaluating the quality of the services
d) All of the above are true
42. An REA diagram for the production cycle, models the relationships between the Job
Operations event and the Job Operations List entity, and between the Machine
Operations event and the Machine Operations List entity, as being (respectively)
a)
b)
c)
d)
1:1; 1:1
1:N; 1:N
M:N; M:N
1:N; M;N
43. Data about actual raw materials used in production is stored in the __________
entity.
a)
b)
c)
d)
Finished goods
Raw materials
Raw materials issuance
Work-in-process
44. The _________ entity is used to collect and summarize data about the raw materials,
labor, and machine operations used to produce a batch of goods.
a)
b)
c)
d)
Finished goods
Raw materials
Raw materials issuance
Work-in-process
45. In the table called Perform Machine Operations, which is the likeliest primary key?
a)
Equipment number
b) Job Operation number
c) Machine Operation Number
d) Machine Operations List Number
46. Employee number is most likely to be a foreign key in:
a)
b)
c)
d)
Perform Job Operations
Perform Machine Operations
Machine Operations List
Work in Progress
47. W-I-P job number is least likely to be a foreign key in:
a)
b)
c)
d)
Perform Job Operations
Perform Machine Operations
Issue Raw Materials
Machine Operations List
48. There are four main events of interest included in a typical production cycle REA
diagram. Which of the following is not one of them?
a) Issuance of raw materials
b) Use of general and administrative expenses
c) Use of labor in production
d) Use of machinery and equipment in production
49. One of the benefits of an integrated enterprise-wide data model is that
a)
Auditors can use it to guide the development of queries to validate the completeness and accuracy
of transaction processing.
b) Journals and ledgers will be more accurate than in a traditional AIS data model.
c) Workers can understand information flows better.
d) All of the above
50. An REA diagram for the production cycle would likely show _____ relationships
between the Bill of Materials entity and both the Raw Materials and Finished Goods
entities.
a)
b)
c)
d)
1:1
1:N
M:N
None of the above
SHORT ANSWER
51. What four main events of interest are included in a typical production cycle REA
diagram?
52. Give an example of an M:N Agent-Event relationship
53. Why is the event Issue Debt often modeled as a separate event entity?
54. Why might an REA diagram show relationships between agents?
55. Why might an REA diagram show relationships between resources and agents?
ESSAY
56. Why is cost information stored in several relational tables?
57. What are the benefits of an integrated enterprise-wide data model?
58. Describe the relationships between Recruiting event and Skills, and between
Recruiting event and Job Applicants.
ANSWER KEY
1. D
2. C
3. B
4. B
5. B
6. D
7. B
8. B
9. D
10. B
11. C
12. B
13. A
14. D
15. C
16. B
17. C
18. D
19. B
20. A
21. B
22. C
23. C
24. D
25. A
26. C
27. B
28. A
29. D
30. B
31. C
32. C
33. B
34. B
35. A
36. B
37. B
38. C
39. A
40. A
41. A
42. B
43. C
44. D
45. C
46. A
47. D
48. B
49. A
50. B
51. 1 Issuance of
raw materials. 2 Use of labor in production. 3 Use of machinery and
equipment in production. 4 Production of new finished products.
52. Some deliveries are so large that several employees must work together to unload and store the
53.
54.
55.
56.
57.
58.
items. M:N agent-event relationships occur whenever an activity is performed by more than one
employee, yet management wants to retain the ability to monitor each individual’s performance.
The event Issue Debt is a special kind of cash receipt. It is often modeled as a separate event entity
because it contains distinctly different attributes from those associated with cash receipts that arise
from the Sales event, such as the face amount of debt issued, total amount received, date issued,
maturity date, and interest rate.
Relationships between internal agents may be created to model lines of responsibility.
Relationships between internal and external agents can also occur. For example, some
organizations that provide primarily services, such as banks and insurance companies, may assign
customers to specific employees who are responsible for effectively managing the overall quality
of the ongoing association with each customer. Relationships between external agents are rare but
may sometimes be implemented to satisfy the requirements for a well-structured database.
For example, the REA model for the expenditure cycle includes a relationship between the
Inventory Resource entity and the Supplier Agent entity. This relationship reflects the common
best practice of identifying preferred and alternative suppliers for specific inventory items. Similar
relationships between resources and employees can be used to model responsibility and
accountability.
Cost information is stored in several tables. Standard cost is stored as an attribute of the Inventory
table because it is the same for all units of a given inventory item for a fiscal year. In contrast, the
actual cost of inventory is stored in the Inventory- Order_Goods table. This reflects the fact that
purchase prices can vary over time. By storing the cost of each order with the quantity purchased,
the system can calculate the actual cost of ending inventory and the cost of goods sold according
to any accepted inventory valuation method (LIFO, FIFO, weighted-average, or specific
identification). If, on the other hand, actual cost were stored as an attribute of the Inventory table,
it would necessitate using the weighted-average method because all units of a given inventory item
would be assigned the same cost. In addition, cost data would be available only in this format; it
would be impossible to compute alternative values for inventory because the detailed data about
the cost associated with each purchase would not be stored in the database.
One of the benefits of an integrated enterprise-wide data model is that auditors can use it to guide
the development of queries to validate the completeness and accuracy of transaction processing. In
contrast, an integrated, enterprise-wide data model provides greater flexibility for analyzing data.
Creating an integrated, enterprise-wide data model also facilitates the amalgamation of financial
and non-financial information in the same database. Effective integration of financial and nonfinancial data also results in improved internal reporting. It can also significantly improve the
support provided for managerial decision-making.
The Recruiting event entity stores data about activities performed to notify the public of job
openings. The data recorded in this entity are useful for documenting compliance with
employment laws and also for evaluating the effectiveness of various methods used to announce
job opportunities. The M:N relationship between Skills and Recruiting reflects the fact that each
advertisement may seek several specific skills and that, over time, there may be several
advertisements for a given skill. The relationship between the Recruiting event and Job Applicants
is modeled as being M:N because many people typically apply for each job opening, but a given
individual may also respond to more than one recruiting event. Also, more than one employee may
participate in each recruiting event, and, over time, a given employee may participate in many
such events.
CH 18
MULTIPLE CHOICE
1. Organizations continually face the need for new, faster, and more reliable ways of
obtaining information. One reason why companies change their systems is to
increase quality, quantity, and the speed with which information can be accessed and
processed. Such an improvement may result in an improved product or service and
may help lower costs. This change is referred to as a(n)
a)
b)
c)
d)
competitive advantage
improved business process
productivity gain
technological change
2. An antiquated information system used by an office supply manufacturer caused
customer dissatisfaction since it took two days to process a telephone order. After the
system was upgraded and redesigned, the time to process a telephone order was
reduced to three minutes. This is a prime example of
a)
b)
c)
d)
a competitive advantage.
a technological change.
an improved business process.
growth.
3. What is the correct sequence of the phases in the systems development life cycle?
a)
conceptual design, physical design, system analysis, implementation and conversion, and
operations and maintenance
b) conceptual design, system analysis, physical design, implementation and conversion
c) system analysis, conceptual design, physical design, implementation and conversion, and
operations and maintenance
d) system analysis, physical design, conceptual design, and operations and maintenance
4. In which phase of the systems development life cycle are the broad needs of the users
converted into detailed specifics that are coded and tested?
a)
b)
c)
d)
conceptual design
implementation and conversion
physical design
systems analysis
5. In which phase of the systems development life cycle are the new hardware and
software for a system tested?
a)
b)
c)
d)
conceptual design
implementation and conversion
operations and maintenance
physical design
6. Which of the following activities is performed during the systems development life
cycle?
a)
b)
c)
d)
assessing the ongoing feasibility of the project
managing the behavioral reactions to change
planning
All of the above activities are performed during the life cycle.
7. Which group of individuals listed below can be the most effective in generating
employee support and encouraging the development and acceptance of an AIS
project?
a)
b)
c)
d)
accountants
information systems steering committee
management
project development team
8. Which group listed below has responsibility for ensuring that the new AIS will meet
the needs of users?
a)
b)
c)
d)
accountants
the information system steering committee
the project development team
the system analysts and programmers
9. Who is responsible for preparing the specifications that are used to create the
programs?
a)
b)
c)
d)
management
programmers
systems analysts
the information systems steering committee
10. Whether systems changes are major or minor, most companies go through a system
development life cycle. How many steps are there in this cycle?
a)
b)
c)
d)
2
3
4
5
11. One step in the systems development life cycle (SDLC) identifies and evaluates
design alternatives and to develop design specifications. This step is called
a)
b)
c)
d)
conceptual design.
implementation and conversion.
physical design.
systems analysis.
12. In which step of the SDLC do all of the elements of the system come together?
a)
b)
c)
d)
conceptual design
implementation and conversion
physical design
systems analysis
13. What is the role of the information systems steering committee?
a)
It is a team of systems specialists, managers, accountants, and auditors that guides project
development.
b) Since AIS development spans functional and divisional boundaries, an executive-level group is
established to plan and oversee the IS function.
c) The group takes an active role in designing system controls and periodically monitoring and
testing the system to verify the controls are implemented and functioning properly.
d) None of the descriptions above are appropriate.
14. Which group of professionals is responsible for planning and monitoring a project to
ensure timely and cost-effective completion?
a)
b)
c)
d)
information systems steering committee
management
project development team
system analysts
15. All of the following are benefits of planning and managing systems development with
the exception of
a)
b)
c)
d)
controlling costs
ensuring that the system is consistent with the organization's goals.
guaranteeing use of the system
helping keep the organization abreast of technological change
16. In which plan is the prioritized list of projects contained?
a)
b)
c)
d)
project development plan
scheduled project plan
the master plan
all of the above
17. What is the planning horizon for the master plan?
a)
b)
c)
d)
one year
three years
five years
seven years
18. What is the basic building block of information systems planning?
a)
b)
c)
d)
the master plan
the project development plan
systems analysis
adaptability
19. A planning horizon of at least __________ years is reasonable for any master plan;
however, the plan should be updated at least __________ each year.
a)
b)
c)
d)
3; twice
5; twice
7; once
5; once
20. __________ requires that all activities and the precedent and subsequent relationships
among them be identified.
a)
b)
c)
d)
CASE
The Gantt chart
The PERT diagram
The SDLC cycle
21. A network of arrows and nodes representing project activities that require an
expenditure of time and resources and the completion of initiation of activities,
respectively, is called
a)
b)
c)
d)
a Gantt chart.
a PERT diagram.
a SDLC cycle.
CASE.
22. Which planning technique does not show the relationships among various activities?
a)
b)
c)
d)
Gantt chart
PERT
the critical path method
VAN
23. In which phase of the systems development life cycle is the feasibility study first
performed?
a)
b)
c)
d)
conceptual design
implementation and conversion
physical design
system analysis
24. A federal law demands that certain information about foreign customers should be
maintained in the information system. In which part of a feasibility study should this
requirement be considered?
a)
b)
c)
d)
economic feasibility
legal feasibility
operational feasibility
technical feasibility
25. Which of the following parts of a feasibility study is generally considered the most
important and is frequently re-analyzed?
a)
b)
c)
d)
economic feasibility
operational feasibility
scheduling feasibility
technical feasibility
26. What is the basic model used to create a framework for economic feasibility analysis?
a)
b)
c)
d)
the capital budgeting model
the cash budgeting model
the cost/benefit model
All of the above models are used to create a framework.
27. What is most difficult item to quantify when assessing economic feasibility?
a)
b)
c)
d)
benefits
costs
Costs, benefits, and the payback period are all of equal difficulty.
the payback period
28. When using the payback method to determine economic feasibility of projects, the
company usually accepts the project with the
a)
b)
c)
d)
longest payback period.
mid-range payback period.
payback period that is equal to the project's economic life.
shortest payback period.
29. Systems development planning is an important step in the SDLC for a number of
reasons. When management is better prepared for future resource needs and
employees are better prepared for the changes that will occur, it can be said that the
systems development planning has
a)
b)
c)
d)
adaptability.
attained lower costs.
consistency.
reached a level of efficiency.
30. What is another name for a feasibility study?
a)
b)
c)
d)
a business case
a Gantt chart
an executive summary
PERT
31. There are several important aspects to be considered during a feasibility study. The
aspect that asks the question, "Can people use the system and will they use it?" is
called
a)
b)
c)
d)
economic feasibility.
operational feasibility.
scheduling feasibility.
technical feasibility.
32. The question of economic feasibility is important when designing and implementing a
new system. Accountants can contribute to feasibility study analysis by evaluating
cost savings and other benefits versus operating costs and other cash outflows. This
is better known as
a)
b)
c)
d)
the "best guess" model of benefit analysis.
the "value added" benefit model.
the capital budgeting model.
the estimated benefits model.
33. It is appropriate to develop several different design approaches to meeting system
requirements for a project. Capital budgeting techniques are used to evaluate the
economic merits of each alternative. The technique where estimated future cash
flows are discounted back to the present is referred to as
a)
b)
c)
d)
the future value method.
the internal rate of return.
the net present value method.
the payback method.
34. The type of resistance in which data are erroneously entered into a system is called
a)
b)
c)
d)
acceptance.
aggression.
avoidance.
projection.
35. Continuing to use a manual system instead of the new AIS is a form of resistance
known as
a)
b)
c)
d)
acceptance.
aggression.
avoidance.
projection.
36. To minimize adverse behavioral reactions, the organization must first understand why
resistance to change occurs. One behavioral problem occurs when there is insufficient
explanation of why a change must take place. This type of problem falls into the
general category of
a)
b)
c)
d)
communication.
natural resistance to change.
the manner in which the change is introduced.
top management support of change.
37. Major resistance to change takes one of several forms. What is the name of the form
of resistance where the new system is blamed for any and every unpleasant
occurrence?
a)
b)
c)
d)
aggression
avoidance
procrastination
projection
38. To minimize adverse behavioral reactions, the organization must first understand why
resistance to change occurs. One behavioral problem occurs when there is insufficient
explanation of why a change must take place. In order to curtail this resistance from
occurring within the organization, what guideline should be implemented and
followed?
a)
b)
c)
d)
attempt to meet the users' needs
avoid emotionalism
keep communication lines open
keep the system simple
39. A good rule to follow is "Avoid complex systems that cause radical changes." What
expression is used to describe this system design rule?
a)
b)
c)
d)
humanize the system
keep the system simple
present the system in its proper context
test the system's integrity
40. During what step in systems analysis is an examination made of each development
activity to define the problem to be solved?
a)
information needs and systems requirements
b) the feasibility study
c) the initial investigation
d) the systems survey
41. When is a proposal to conduct a systems analysis prepared?
a)
b)
c)
d)
after a written request for systems development is prepared
after the development team completes the survey of the existing AIS
after the initial investigation of the project is approved
before the initial investigation
42. During which phase of systems analysis does modeling of the existing system occur?
a)
b)
c)
d)
information needs and system requirements
the feasibility study
the initial investigation
the systems survey
43. Which data-gathering approach is most helpful when the information to be gathered
deals with question: "Why?"
a)
b)
c)
d)
interviews
observation by the analyst
questionnaires
system documentation
44. Which method of data gathering is most likely to result in information that represents
the personal biases and opinions of the person giving the information?
a)
b)
c)
d)
a questionnaire
an interview
observation by the analyst
system documentation
45. When the information is brief and well defined, which is the best data-gathering
approach to use?
a)
b)
c)
d)
a questionnaire
an interview
observation by the analyst
system documentation
46. Which is the best data-gathering approach to use when information must be obtained
from many different people?
a)
b)
c)
d)
a questionnaire
an interview
observation by the analyst
system documentation
47. The __________ method of gathering information helps to determine how a system
actually works.
a)
b)
c)
d)
interview
observation
questionnaire
system documentation
48. The __________ method of gathering information helps to determine how a system
should work.
a)
b)
c)
d)
interview
observation
questionnaire
system documentation
49. What are the best strategies for determining system requirements?
a) analyze existing systems, ask users what they need, prototyping, and monitoring
b) ask users what they need, analyze existing systems, develop concept of new system, and
prototyping
c) ask users what they need, analyze existing systems, examine existing system utilization, and
prototyping
d) ask users what they need, analyze existing systems, examine existing system utilization, and
develop concept of new system
50. How frequently should an AIS be monitored and any minor modifications be made to
it?
a)
b)
c)
d)
annually
continuously
when technology changes
when the competition changes its systems
51. When would a company go through a systems development life cycle?
a) only when major changes are needed
b) only when minor changes are needed
c) Usually a company only goes through one complete systems development life cycle, after which
the only phase that is repeated is the operations and maintenance phase.
d) whenever minor or major changes are needed
52. What report serves as a repository of data from which systems designers can draw
information?
a)
b)
c)
d)
the executive steering committee report
the initial investigation report
the systems analysis report
the systems survey report
53. Which group is responsible for preparing a systems analysis report?
a)
b)
c)
d)
computer analysts
management
the project development team
the steering committee
54. Proper systems analysis is a five-step process. What is the step in which analysts
conduct an extensive study of the present system to gain a thorough understanding of
how it works?
a) feasibility study
b) information needs and requirements
c) systems analysis report
d) systems survey
55. The question of what the project should and should not accomplish is determined in
what step of systems analysis?
a)
b)
c)
d)
feasibility study
initial investigation
systems analysis report
systems survey
56. A method used to gather information about an existing system is to make a model of
it. There are several approaches to modeling in systems analysis. Logical modeling
a)
b)
c)
d)
comes only after a physical model of the existing system is created.
describes how a system should work, rather than how it actually works.
illustrates how a system functions by describing the flow of documents and computer processes.
illustrates what is being done, regardless of how that flow is actually accomplished.
57. It is important for the systems analyst to determine AIS system objectives so that
everyone involved can focus on the elements most vital to the system's success. The
__________ objective states that crucial information should be produced first and
then less important items as time permits.
a)
b)
c)
d)
flexibility
reliability
timeliness
usefulness
58. One strategy used by systems analysts is prototyping. What is this?
a) making an internal and external review of the system to be analyzed
b) making an internal and external review of the system to be analyzed, noting that users may not use
the existing AIS as intended
c) simply asking users what they need
d) when it is difficult to identify a usable set of requirements, a developer can quickly "rough" out a
system for users to critique
SHORT ANSWER
59. Identify the main reasons why companies change existing systems?
60. Name the five phases of the systems development life cycle.
61. What are the three other main activities performed during the SDLC?
62. Who makes up the project development team and what is the team's purpose?
63. What are the five phases of systems analysis?
64. What are the objectives of a system survey?
65. What four strategies can be used for determining user requirements?
66. Identify and briefly discuss the points at which a "go/no go" decision is made in the
systems analysis process.
67. What is the physical design stage of the systems development life cycle?
68. What is the importance of the master plan in systems development?
ESSAY
69. Discuss the role of the groups that influence the development and implementation of
an AIS.
70. What is economic feasibility analysis? What techniques are used in economic
feasibility analysis?
71. Discuss the relative advantages and disadvantages of the four different methods for
gathering data during a systems survey.
72. Discuss the aspects that must be considered during a feasibility study.
73. What are some of the reasons why behavioral problems occur when a new AIS is
introduced?
ANSWER KEY
1. A
2. C
3. C
4. C
5. B
6. D
7. C
8. D
9. C
10. D
11. A
12. B
13. C
14. C
15. C
16. D
17. B
18. B
19. A
20. C
21. B
22. A
23. D
24. B
25. A
26. B
27. A
28. D
29. A
30. A
31. B
32. C
33. C
34. B
35. C
36. A
37. D
38. C
39. B
40. C
41. C
42. D
43. A
44. B
45. A
46. A
47. B
48. D
49. C
50. B
51. D
52. C
53. C
54. D
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
B
D
C
D
Changes in user needs or business needs due to growth, consolidation, a merger, new regulations,
or changes in regional and global relationships. Technological changes due to advances,
improvements, and lower costs. Improvement of business processes to eliminate inefficiency.
Competitive advantage from increased quality, quantity, and speed of information will result in an
improved product to be sold at a lower price. Productivity gains that automate clerical and
repetitive tasks and decrease performance time. Outgrowing old systems requires upgrades or the
installation of completely new systems. Downsizing - moving from mainframes to networked PCs
to get a better price/performance ratio. Systems age and need to be replaced.
Five phases - systems analysis, conceptual design, physical design, implementation and
conversion, and operations and maintenance.
Other main activities - planning the change, managing the behavioral reactions to change, and
assessing the ongoing feasibility of the project
The project development team includes systems specialists, managers, accountants, internal
auditors, and users. The project development team's duties include planning each project,
monitoring it to ensure timely and cost-effective implementation, properly introducing changes
after considering the human element, and communication with the top management and the
steering committee at all steps in the process.
Initial investigation of each development activity to define the problem to be solved. Systems
survey to study the present system and gain a thorough understanding of how it works. Feasibility
study with special focus on the economic feasibility of the project. Information needs and system
requirements which will identify the needs of users and determine the objectives of the new
system. Systems analysis report which provides management with the findings of the analysis
phase.
Analyze existing operations, policies and procedures, and data and information flow to gain a
thorough understanding of the current system including its strengths and weaknesses. Make a
preliminary assessment of current and future processing needs, and determine both the extent and
nature of the changes that are needed. Develop relationships with users and build coalitions to gain
support for the AIS. Collect data that identify user needs, conduct a feasibility analysis, and make
recommendations to the management .
Ask users what they need. Analyze existing systems. Examine existing system utilization. Create a
prototype.
There are three points at which a "go/no go" decision can be made during systems analysis. The
first point is during the initial investigation, in which a decision will be made whether to conduct a
systems survey. The second point is at the end of the feasibility study, at which point a decision
will be made whether to proceed to the information requirement stage. The third (and last) point is
at the completion of the analysis phase, which is the point at which a decision is rendered about
whether to proceed to the design phase.
The physical design stage of the systems development life cycle (SDLC) is the third of five stages
in the lifecycle, coming after the systems analysis and conceptual design stages. In this stage of
the SDLC, input, output, and database attributes are designed, as well as various controls.
Programs and procedures are developed during this stage as well. A final part of this stage is the
delivery of the developed system, which will be further enhanced during the implementation and
conversion stage of the SDLC.
A master plan is a long-range planning document specifying the components of the system, how
the system will be developed, who will do the developing, how resources will be acquired for
development, and the direction the AIS will take into the future. The document should give a
status of projects already in process, prioritize them, describe criteria for prioritization and provide
a timetable for their development. A master plan should span a time period of three years, and it
should be updated at least two to three times each year.
Management - support from management is crucial in successful development and implementation
of an AIS. Any actual or perceived lack of support from management may cause skepticism and a
lack of "buy in" from employees. Accountants - determine the user requirements and communicate
to system developers; members of the project development team; design system controls and
monitor and test the system. Accountants can also help in assessing and tracking costs of projects.
Information systems steering committee - a cross-functional, executive-level team that champions
the project and is responsible for high-level support of the project. Sets policies that govern AIS
systems analysts - study existing systems, design new ones, and prepare system specifications for
computer programmers. Systems programmers - write computer programs based on specifications
and requirements created by the system analysts. External players - customers, vendors, auditors,
and regulations from governmental entities influence design of an AIS.
70. The capital budgeting model is used as the foundation for economic feasibility analysis. In this
model, cost savings and other (even intangible) benefits, as well as initial outlay costs, operating
costs, and other cash outflows are quantified in terms of dollars and cents. The tangible and
intangible benefits include cost savings; improved customer service, overall increased
productivity; improved decision making and data processing; better management control; and
increased job satisfaction and employee morale. The costs include: software acquisition; design;
programming; testing; documentation and maintenance costs; site preparation; and human
resource costs such as hiring, testing, and relocation. The capital budgeting model is used as a
framework for economic feasibility analysis. The three techniques that are used are: -- Payback
period: The number of years for the net savings to recover the initial costs of the investment is
calculated. A project with the shortest payback period is preferable under this method. -- Net
Present Value (NPV): A discount rate representing the time value of money is used to discount all
future cash flows to the present. The initial outlay costs are deducted from discounted cash flows
to obtain net present value. A positive NPV indicates favorable economic feasibility. -- Internal
Rate of Return (IRR): IRR is the effective interest rate that results in an NPV of zero. This
effective interest rate is compared with a company's desired rate of return (sometimes it can be the
cost of capital). A project with the highest IRR will be selected when this method is used for
evaluation purposes.
71. Interviews: Advantages of this method include: answers to "why" questions; a way to build
relationships; analysts can easily probe and ask follow-up questions; and analysts can build
acceptance for the project. Disadvantages to interview include: time consumed, expense to
conduct, and the information given is subject to personal biases and opinions of those interviewed.
Questionnaires: The advantages to using questionnaires are: anonymity from respondents can
yield candid answers; much information can be obtained in a short time period; they are generally
inexpensive; and a questionnaire gives the respondent time to think about answers, which may
produce answers of a high quality. Disadvantages include: lack of any follow up or probing on a
personal level; since the questionnaire is anonymous, the analyst cannot clarify questions;
sometimes questionnaires are viewed as impersonal, and they may often be ignored or not
completed carefully. Observation: Advantages of observation include verification of how systems
actually work and better understanding of the system. Disadvantages include: time consumed; they
are expensive and difficult to interpret, the observed people may alter their behavior. Systems
Documentation. The advantages of system documentation are that such documentation may
provide a good description of how the system should work, and generally documentation is easy to
read. The disadvantages to system documentation are: that it can be time consuming to obtain and
analyze; it may not be available or it may be incomplete; and it may not show how system really
works if it has not been maintained on a regular basis.
72. There are five major aspects that must be considered during a systems analysis feasibility study.
These five aspects of feasibility are technical, operational, legal, scheduling, and economic.
Technical feasibility is asking the question of whether the planned system can be developed and
implemented using the technology that exists today. Operational feasibility focuses on the
question of whether the organization possesses the human resources capable of designing,
implementing, and operating the proposed system, and whether people can actually use the system
and will use the system. Legal feasibility deals with issues of federal and state law compliance,
administrative agency regulations, and any contractual obligations the company may have. The
focus of scheduling feasibility is the question of whether the system can be developed and
implemented within the time allotted. Economic feasibility tackles questions of whether the
system benefits will outweigh the time, money, and resources used to develop it. These questions
are by far the most complex to analyze and answer. Capital budgeting models are used to evaluate
the costs versus benefits of a system. The capital budgeting techniques of a payback period, the
net present value (NPV) of cash flows, and the internal rate of return (IRR) can be incorporated as
part of the economic feasibility component of the feasibility study.
73. Personal characteristics and background of the users involved or impacted by the change. The
manner in which change is introduced may have greater impact than the actual change itself.
Experience with prior changes that went poorly may make employees wary of new anticipated
changes. Any lack of top management support may raise an issue of endorsement for such
changes. Communication can be a problem when no explanation is given to employees about a
change. Biases and natural resistance to change may occur due to emotional attachments to duties
or coworkers. Disruptive nature of the change process can place additional burdens on workers.
People may have a fear of the unknown and uncertainty about accompanying changes.
CH 19
MULTIPLE CHOICE
1. Which statement below regarding the development of an AIS is false?
a) A newly designed AIS always meets user needs for a time period.
b) Changes to the AIS are often difficult to make after requirements have been frozen into
specifications.
c) The development process can take so long that the system no longer meets company needs.
d) Users are unable to specify their needs adequately.
2. In which approach to systems acquisition is "inexpensive updates" considered an
advantage?
a)
b)
c)
d)
canned software
custom software
modified software
turnkey software and systems
3. When canned software is used for systems acquisition, the conceptual design phase of
the SDLC
a)
b)
c)
d)
involves a make-or-buy decision.
is combined with the physical design phase.
is eliminated.
is the same.
4. When canned software is used for systems acquisition, the physical design phase of
the SDLC
a)
b)
c)
d)
does not involve designing and coding although modifications may be made.
is combined with the conceptual design phase.
is eliminated.
is the same.
5. When canned software is used for systems acquisition, the implementation and
conversion phase of the SDLC
a)
b)
c)
d)
does not involve the documentation step.
does not require the company to have trained IS personnel.
does not require the develop and test software step.
both A and C above
6. When canned software is used for systems acquisition, the maintenance aspect of the
operations and maintenance phase of the SDLC
a)
b)
c)
d)
is more costly.
is not necessary and is eliminated.
is usually the responsibility of the vendor.
requires trained personnel.
7. Software development companies write commercial software that can be used by a
variety of organizations. Sometimes these companies combine both software and
hardware together to sell as one package. Such a package is commonly referred to as
a) a turnkey system.
b) a value-added system.
c) an application service package.
d) canned software.
8. What is a major problem with "canned software"?
a)
b)
c)
d)
A commercial software development company has developed it.
Canned software is sold on the open market to a broad range of users with similar requirements.
Canned software may not meet all of a company's information or data processing needs.
Canned software may offer easy availability and lower costs.
9. Which statement is true regarding canned software and the SDLC?
a)
b)
c)
d)
Canned software cannot be modified to meet unique user needs.
Companies that buy rather than develop AIS software can still follow the SDLC process.
Most canned software meets all of a company's information or data processing needs.
The SDLC process does not apply to canned software.
10. The reasons for __________ are to simplify the decision-making process, reduce
errors, provide timesavings, and avoid potential disagreements.
a)
b)
c)
d)
leasing
outsourcing
prototyping
sending out a request for a proposal
11. Total costs are usually lower and less time is required for vendor preparation and
company evaluation when requests for proposal are solicited based on
a)
b)
c)
d)
exact equipment needs.
generalized software needs.
specific hardware and software specifications.
None of the above are correct.
12. Information given to vendors should include
a)
b)
c)
d)
a budget for software and hardware.
detailed specifications for the AIS.
timeframe required for completion of the project.
None of the above are correct.
13. The approach that evaluates vendors' systems based on the weighted score of criteria
and points totaled is called
a)
b)
c)
d)
benchmark problem.
point scoring.
prototyping.
requirements costing.
14. The approaches to evaluating proposals that do not incorporate dollar estimates of
costs and benefits is known as
a)
b)
c)
d)
benchmark problem and point scoring.
point scoring and requirement costing.
requirement costing and point scoring.
All methods mentioned above include dollar estimates.
15. It is important for a company to be selective in choosing a software vendor. When a
company buys a large or complex system, it may request that a software vendor
submit a specific proposal for a system by a specified date. What acronym is used to
identify such a request?
a)
b)
c)
d)
ASP
EIS
ISP
RFP
16. A request for proposal sent to software vendors is an important tool since it can
reduce errors. Which statement below supports this reason?
a)
b)
c)
d)
All responses are in the same format and based on the same information.
Both parties possess the same expectations and pertinent information is captured in writing.
The chances of overlooking important factors are reduced.
The same information is provided to all vendors.
17. A company should carefully evaluate proposals submitted by software vendors. What
is the first step a company should take in the proposal evaluation process?
a)
b)
c)
d)
Carefully compare proposals against the proposed AIS requirements.
Determine how much of a given proposal meets the desired AIS requirements.
Eliminate proposals that are missing important information or fail to meet minimum requirements.
Invite vendors to demonstrate their systems.
18. Among the methods a company can use to help it evaluate software and hardware
systems from vendors, one way is to calculate and compare the processing times of
different AIS to compare system performance. This is the __________ method.
a)
b)
c)
d)
benchmark problem
mandatory requirements
point scoring
requirements costing
19. What is a drawback to using the requirements costing method of software and
hardware evaluation?
a)
b)
c)
d)
Dollar estimates of costs and benefits are not included.
Intangible factors such as reliability and vendor support are overlooked.
The weights and points used are assigned subjectively.
There is no drawback to using the requirements costing method.
20. The costly and labor-intensive approach to systems acquisition is
a)
b)
c)
d)
canned software.
custom software.
modified software.
turnkey software.
21. The least costly approach to systems acquisition is
a)
b)
c)
d)
canned software.
custom software.
modified software.
prototyping.
22. Which of the following is not appropriate for end user development?
a)
b)
c)
d)
performing statistical analyses
preparing schedules and lists
retrieving information from databases
updating database records
23. What is the basic function of a help desk?
a)
b)
c)
d)
develop and implement standards and control data
provide hot line assistance and serve as a clearinghouse of information
train end users and assist with application development
All of the above are basic functions of a help desk.
24. Despite the fact that many good canned software packages are available to
organizations today, many organizations develop their own software. What is a
reason for such in-house development?
a)
b)
c)
d)
an organization may have unique requirements
canned software packages are often less expensive than software developed in house
the organization's size and complexity necessitates the in-house development of software
A and C above are correct.
25. Another alternative to buying a canned system or in-house development is to have a
third-party vendor develop a custom system. Which guideline below should not be
used by the organization to select an outside developer for a custom system?
a)
The outside developer should have an in-depth understanding of how the company conducts its
business.
b) The outside developer should have experience in the company's industry.
c) The outside developer should possess a good understanding of business in general.
d) The outside developer that charges the least for the system should be chosen over others.
26. A company must carefully evaluate each alternative of developing in-house software,
buying canned software, or using an outside third party when planning an AIS.
Which statement below is true regarding such a decision?
a) Generally the best overall decision is to buy a canned software and hardware system.
b) The most efficient and effective systems are the ones developed in house.
c) Using an outside third party to develop a system always gives the organization a significant
competitive advantage.
d) There is no single right answer to the build-or-buy decision.
27. Since the introduction of the computer, there has been an astronomical demand for
information systems. Such demand has resulted in many users becoming involved in
the hands-on development, control, and employment of information systems. What
term is used to refer to this phenomenon?
a)
b)
c)
d)
amateur user computing (AUC)
competitive intra-organization systems development approach (CIOSDA)
end-user computing (EUC)
novice information systems development (NISD)
28. End-user development is inappropriate for some types of systems. What is an
example of a system that end users should not be allowed to develop?
a)
b)
c)
d)
a payroll processing program
a program that performs "what-if" statistical modeling
developing an application using prewritten software such as a spreadsheet or database system
preparing a schedule or list such as a depreciation schedule
29. What is an important risk to be considered when allowing end users to develop a
system?
a)
b)
c)
d)
IS resources are freed up for other tasks
systems are implemented that have not been adequately tested
systems are usually easy to use and modify
users control development process and decide what systems are created and implemented
30. What is an important benefit to be considered when allowing end users to develop a
system?
a)
b)
c)
d)
systems are developed when they are needed
systems are more likely to be incompatible with other systems within the organization
systems are more likely to be inefficient
systems are often poorly controlled and documented
31. A help desk can encourage, support, coordinate, and control end-user activities. A
help desk department may be organized with front-line and second-line analysts and
technicians. What would be one duty of second-line help desk personnel?
a)
b)
c)
d)
handling complicated queries requiring research
provide callers with scripted answers
using expert systems to quickly find answers
None of the duties listed above pertain to second-line help desk personnel.
32. The practice of hiring an outside company to handle all or part of the organization's
data processing activities is called
a)
b)
c)
d)
outsourcing.
prototyping.
reengineering.
turnkey system.
33. How does outsourcing improve an organization's utilization of assets?
a)
by allowing a company to completely eliminate its IS department, which will reduce its payroll
costs
b) by allowing the company to sell assets to outsourcers and improve their cash position
c) by eliminating the expense of keeping up with the latest technology and, thus, eliminate the drain
on cash reserves
d) Both B and C above are correct.
34. Which of the following is not a benefit of outsourcing?
a)
b)
c)
d)
access to greater expertise and more advanced technology
greater control
improved development time
lower costs
35. A company that has outsourced its AIS function can lose a fundamental
understanding of its AIS needs and the strategic uses of AIS with the passing of time.
What is this risk called?
a)
b)
c)
d)
locked-in system
loss of control
reduced competitive advantage
unfulfilled goals
36. The success of large corporations that use outsourcing for their information system
requirements has motivated other organizations to consider outsourcing. Which
advantage of outsourcing, given below, may tend to cause resistance on the part of inhouse IS staff and other organization employees?
a)
b)
c)
d)
Outsourcing allows a company to better use its assets and scarce resources.
Outsourcing can lower a company's overall IS costs.
Outsourcing facilitates downsizing.
Outsourcing helps eliminate the peaks and valleys of system usage.
37. What is a disadvantage of an organization's outsourcing of information systems?
a)
b)
c)
d)
Many outsourcing goals and benefits are never realized.
Outsourcing may result in faster and more efficient systems development.
Outsourcing provides access to greater expertise.
Outsourcing provides access to more advanced technology.
38. There are certain risks associated with outsourcing. One possible risk is the exposure
of the sharing of confidential data with unauthorized parties. This risk can be placed
into the category of
a)
b)
c)
d)
a locked-in system.
a loss of control.
a reduced competitive advantage.
inflexibility.
39. Which of the following statements about reengineering is inaccurate?
a)
b)
c)
d)
The data should be centralized and then dispersed throughout the company.
The information should be processed by those who use it.
The organization should be based on the different tasks that make up the processes.
The processes should be performed by output users.
40. Which business process reengineering principle is applied when the traditional
approvals for routine purchases are removed and replaced by users placing the orders
themselves?
a)
b)
c)
d)
have output users perform the process
have those who produce the information process it
integration of parallel activities
organize around outcomes, not tasks
41. Developing and putting teams in charge of products is an application of which
business process reengineering principle?
a) have output users perform the process
b) have those who produce the information process it
c) integration of parallel activities
d) organize around outcomes, not tasks
42. What factor underlies the seven principles of reengineering?
a)
b)
c)
d)
advances in management practices
efficient and effective use of information technology
global competition
the work flow software
43. Which of the following would not be considered a challenge when implementing
business process reengineering efforts?
a)
b)
c)
d)
availability of mainframe computer hardware and software
cost
risk
skepticism
44. A sobering fact is that even though a trillion-plus-dollars has been spent on
information technology in the last decade, productivity has not increased
significantly. One change suggested to improve performance dramatically is to
analyze thoroughly and completely redesign business processes and information
systems. What is such a change called?
a)
b)
c)
d)
a CSC Index
business process reengineering
end-user development
information system outsourcing
45. There are seven major principles of business process reengineering (BPR). One
principle states that whenever possible, one person should be given responsibility for
the entire process. What is the name given to this principle?
a)
b)
c)
d)
capture data once, at its source
centralize and disperse data
integrate parallel activities
organize around outcomes, not tasks
46. One of the principles of business process reengineering is to centralize and disperse
data. How is this principle defined?
a)
b)
c)
d)
certain processes can be performed in parallel and integrated at the end
data is entered once in an on line database and made available to all who need it
existing job descriptions and departmental boundaries are eliminated
information technology can maintain a centralized database, while telecommunications technology
can disburse data to necessary locations
47. Business process reengineering (BPR) can be a challenging venture for all involved.
Many reengineering efforts fail or fall short of the goals to be achieved in the process.
Which statement below applies to the BPR obstacle of controls?
a)
Nonbelievers and cynics who say a BPR cannot be done should be controlled during all phases of
the effort.
b) Reengineering efforts should not eliminate the separation of duties without implementing
compensating controls.
c) Throughout the process managers must continually reassure, persuade, and control those affected
by the BPR so that the necessary changes will work.
d) None of the statements apply to the BPR principle of controls.
48. The basic premise of __________ is that it is easier for people to express what they
like or dislike about an existing system than to imagine what they would like in a
system.
a)
b)
c)
d)
modified software
outsourcing agreements
prototyping
turnkey systems
49. What is an advantage of prototyping?
a)
b)
c)
d)
It is a less efficient use of system resources.
It may be inadequately tested and documented systems.
The developer need not maintain or update the system.
There are negative behavioral reactions.
50. Which statement below regarding prototyping is false?
a)
A prototype is considered a "first draft," which is quickly and expensively built for testing
purposes.
b) Developers who use prototyping still go through the SDLC.
c) It is easier for people to express what they like or dislike about a prototype than to imagine what
they want in a system.
d) Prototyping allows developers to condense and speed up parts of the analysis and design phases.
51. There are four steps involved in developing a prototype. Which step emphasizes
speed and low cost rather than efficiency of operation?
a)
b)
c)
d)
first
second
third
fourth
52. What is the emphasis of the first step involved in developing a prototype?
a)
b)
c)
d)
develop a good prototype into a fully functional system
speed and low cost rather than efficiency of operation
users identify changes to be made in an iterative process
what output should be produced rather than how it should be produced
53. A prototype that is turned into a fully functional system is referred to as a(n)
a)
b)
c)
d)
disappearing prototype.
nonoperational prototype.
operational prototype.
throwaway prototype.
54. The development of which type of system listed below would not benefit from the
creation of a prototype?
a)
b)
c)
d)
decision support systems
executive information systems
expert systems
systems that cross a number of organizational boundaries
55. What is a disadvantage to prototyping?
a)
b)
c)
d)
developers may shortchange the testing and documentation process
errors are likely to be detected and eliminated early in the development process
prototyping may be less costly than other approaches
prototyping usually produces a better definition of user needs than other approaches
56. CASE stands for
a)
b)
c)
d)
computer-aided software engineering.
computer-aided systems engineering.
both A and B
none of the above
57. Which is not a problem with CASE technology?
a)
b)
c)
d)
cost
incompatibility
lack of system documentation
unmet expectations
58. Computer-aided software (or systems) engineering is another tool used for improving
the development process. What is one thing that CASE tools were not designed to do
in assisting in the software and systems development process?
a)
b)
c)
d)
automate important aspects of the software development process
enhance the efforts of managers in understanding information needs
plan, analyze, design, program, and maintain an information system
replace skilled designers
59. What is a disadvantage of using CASE?
a)
b)
c)
d)
cost savings
improved control procedures
improved program quality
incompatibility
60. What is an advantage of using CASE?
a)
b)
c)
d)
incompatibility
replacement of skilled designers
simplified documentation
unmet expectations
SHORT ANSWER
61. Briefly identify the difficulties encountered when developing an AIS.
62. What are the three methods of obtaining software? What is a turnkey system?
63. What are the guidelines for successfully purchasing custom software when using an
outside vendor?
64. What is a help desk? What are the uses of a help disk?
65. What is outsourcing? What are the different types of outsourcing agreements?
66. What is business process reengineering? What are the principles of reengineering?
67. What is computer-aided software (or systems) engineering (CASE)? What are the
advantages and disadvantage of CASE technology?
68. Explain the concept of an application service provider.
69. What are the key things an organization can do to enhance an RFP to be sent to
vendors?
70. Briefly discuss how an organization can develop custom software.
ESSAY
71. What are the relative advantages and disadvantages of custom software and canned
software for meeting application software needs?
72. What is end-user computing? Why has end-user computing seen explosive growth?
What are the advantages and risks of end-user computing?
73. What is prototyping? When is prototyping appropriate? What are the steps involved
in prototyping? Discuss the advantages and disadvantages in prototyping.
74. Discuss how information system outsourcing can provide the organization with both a
business solution and asset management.
75. Explain the business processing reengineering principle: "Require those who produce
information to process it."
ANSWER KEY
1. A
2. A
3. A
4. A
5. D
6. C
7. A
8. C
9. B
10. D
11. D
12. B
13. B
14. B
15. D
16. C
17. C
18. A
19. B
20. B
21. A
22. D
23. D
24. D
25. D
26. D
27. C
28. A
29. B
30. A
31. A
32. A
33. D
34. B
35. C
36. C
37. A
38. B
39. C
40. A
41. C
42. B
43. A
44. B
45. D
46. D
47. C
48. C
49. C
50. A
51. B
52. D
53. C
54. D
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
A
C
C
D
D
C
Demand for development resources is very high and can backlog AIS projects for several years.
The development process can be lengthy. System developers may not understand the company's
business, and consequently the new system may not always meet user's needs. The time taken to
develop an AIS may make it obsolete when the new system is ready to launch. Users may not be
able to articulate their demands adequately, and therefore they may be dissatisfied with the
finished product. Changes to the AIS are difficult to make beyond a certain point, so the AIS
remains in a state of "perpetual development" and flux .
The three methods of obtaining software are purchasing new software, developing software inhouse (either by development staff or by the system end-users themselves), or hiring an outside
company to create a system. A turnkey system is a software and hardware package, which is
complete and ready to be used "at the turn of a key." Vendors for turnkey systems primarily
specialize in a particular industry.
Guidelines when contracting with a third-party company: Carefully select a developer by checking
into references and inquiring about reputation and past experiences from other organizations. Sign
a contract with clearly defined areas of responsibility for the vendor. Plan and monitor each step
by designing each step of the project in detail, and making frequent checkpoints for monitoring the
project. Maintain effective communication between the company and the developer. Control all
costs and minimize cash outflow until the project has been completed and is accepted
A help desk consists of analysts and technicians that encourage, support, coordinate, and control
end-user activities. Some of the duties and activities of the help desk includes the following: Hotline assistance to solve problems. Clearinghouse for information, coordination, and assistance.
Training, maintenance, and support center for the software and hardware. Application
development assistance center. Approval point for development and implementation standards for
hardware and software purchases, documentation and application testing, and security issues.
Controlling access to corporate data by using access matrix controls, etc. Evaluating new end-user
hardware and software products.
Outsourcing is the hiring of an outside company to handle all or part of a company's data
processing activities. There are two main types of outsourcing agreements: Mainframe
outsourcing is when the outsourcer buys the client's equipment, hires the client's employees, and
operates on the client's site or connects the system to outsourcer's computer. Client/server or
desktop outsourcing is when a particular service, segment of business, function, or PC support is
outsourced.
Business process reengineering is a thorough analysis and complete redesign of business processes
and information systems to achieve dramatic performance improvements. Business process
reengineering focuses on why the business processes are performed and not on how they are
performed. The seven basic principles of reengineering are: Organize around outcomes, not tasks.
Have output users perform the process. Have those who produce information process it. Centralize
and disperse data. Integrate parallel activities. Empower workers, use built-in controls, and flatten
the organizational chart. Capture data once, at its source.
CASE refers to an integrated package of computer-based tools that automate important aspects of
the software development process. CASE tools can be used to plan, analyze, design, program, and
maintain an information system. CASE tools do not replace skilled designers, but they provide
effective support for all phases of the SDLC. Advantages-- Improved productivity, improved
program quality, cost savings, improved control procedures, and simplified documentation.
Disadvantages -- Incompatibility, cost, and unmet expectations
An application service provider (or ASP) is a third-party provider of software to organizations.
An ASP is Web-based, providing delivery of software to its clients over the Internet. An
organization that uses an ASP "rents" the software, thus eliminating the tasks of buying, installing,
and maintaining the software. Among the advantages to using this approach as opposed to the
outright purchase of software is a reduction of software costs and administrative overhead,
69.
70.
71.
72.
73.
74.
automated software upgrades, scalability as the organization itself grows, global access to
information, access to skilled IT personnel, and ability to focus on core competencies rather than
IT requirements.
The more information an organization provides in its RFP, the better its chances are of receiving a
system that meets its requirements. It is important to include detailed specifications for the new
AIS, including required applications, inputs, outputs, files, databases, frequency and ways of
updating files and creating queries, and any unique characteristics or requirements. It is also
essential that the RFP distinguishes between what are mandatory requirements and what are
"desirable but not essential" requirements.
Custom software is usually developed and written in house. Albeit a difficult, error prone, and
time- consuming process, many organizations develop their own software because their
requirements are unique or their size and complexity necessitate the creation of a custom package.
As an alternative, third-party developers can be enlisted to develop custom software for an
organization. Custom software should only be developed when it results in a distinct, competitive
advantage to the organization.
Custom software: tailored to needs; potential competitive advantage; and better control over the
process: expensive; difficult to write; error prone; and time consuming. Canned software: easy to
acquire; fast to acquire; inexpensive; good documentation; updates are inexpensive; and can be
tested: not tailored to needs; not as efficient as custom software; does not develop in-house
expertise in creation; and developer may go out of business.
End-user computing is the hands-on development, use, and control of computer-based information
systems by users. The suitable applications are: Producing simple reports and answers to one-time
queries by accessing the company database. Sensitivity, statistical, or "what-if" analysis. Using
spreadsheets or data base software to analyze data. Preparing schedules and lists such as
depreciation schedule, accounts receivable aging, and loan amortizations. User computing has
seen an explosive growth because: Users realized that computers can be used to meet more and
more information needs. Increased access to data created many new uses and needs for
information. One prediction is that end-user computing may account for 75% to 95% of all
information processed in the near future. Advantages of end-user computing: The user is involved
in the creation, control, and implementation of the software; systems tend to meet user needs;
programs can be created timely; end-users creating programming can free up IS resources; and
programs tend to be versatile and easy to use. Disadvatages of end-user computing: Logic and
development errors; inadequately tested applications; inefficient systems; poorly controlled and
documented systems; systems incompatibilities; duplication of systems and data; and wasted
resources and increased costs.
Prototyping is the development of a simplified working model (prototype) of an information
system. It is a "first draft," that is quickly and inexpensively built and provided to users for
testing. Prototyping is appropriate if: There is uncertainty about the existing AIS. The questions to
ask are unclear. The final AIS is not clearly visualized. Speed is an issue. There is a high
likelihood of failure. The system is a decision support system, executive information system,
expert system, or information retrieval system. Suitable when the system involves experimentation
and trial-and-error development. Suitable when the system requirements evolve as the system is
used. Prototyping is not appropriate if: The system is large or complex and serves major
organizational components or crosses a number of organizational boundaries. Steps in developing
a prototype: Identify basic system requirements based on users' needs for what output should be
produced. Develop initial prototype emphasizing speed and low cost instead of efficiency of
operation and demonstrate it for users. Make changes needed as identified by users, may take
several iterations. Develop and use the user-approved system. Advantages of prototyping: Better
definition of user needs. Higher user involvement and satisfaction; faster development time; fewer
errors; more opportunity for changes; and less costly to the organization. Disadvantages of
prototyping: significant user time; less efficient use of system resources; incomplete system
development; inadequately tested and documented systems; negative behavioral reactions; neverending development.
Many companies have come to view information system outsourcing as not merely an IS solution
but a true business solution. Outsourcing has become a plausible business solution because it
allows the organization to focus and put its concentration into its core competencies. This transfer
of IS responsibilities can be liberating to the organization, as it frees up more resources to devote
to the mainstay of its business efforts. The viewpoint is that a company should be allowed to do
what it does best; so the outsourcer is better at IS operations and management, while the
organization is better in its areas or core competencies. Many organizations treat outsourcers as
business partners, working closely to meet the strategic business objectives of the organization.
An additional benefit of IS outsourcing is asset management. Many organizations tie up millions
of dollars in their IS efforts, and the attempt to keep up with technological improvements can
create a steady drain on cash reserves and other organizational resources. One way to significantly
improve an organization's cash position and reduce annual expenses is to sell off IS assets, or lease
them to the outsourcing organization. This can have positive benefits for both the organization
and outsourcing vendor as well, as it helps the organization with cash and expense management,
and can provide an outsource vendor with the equipment (and even people) it needs to properly
service its client.
75. The idea behind this BPR principle is to save time, money, and other resources. By having the
people who produce the information also be responsible for its processing, a more efficient and
effective business process is created. As an example, with the reduced cost of PC technology,
LANs, and WANs, it is feasible for purchasing agents to create and process their own purchase
orders on-line by entering them into a database. A vendor using EDI can ship goods to a customer
but does not have to send a physical invoice. When the goods arrive at the customer's warehouse, a
receiving clerk can check in the goods by scanning bar codes found on each item. The system will
automatically check the goods received against the electronic information sent from the vendor,
and if goods received match the order, the system can automatically prepare a check and forward
the appropriate information to the accounts payable department for approval. The net result is that
fewer people perform more automated tasks due to their immediate input of information into the
system. There is also less paper in the process. Ultimately, the organization can process orders
more quickly, at lower cost, and provide better customer service all at the same time. Hence, there
is a significant saving of money and time by having the people who produce the information also
be responsible for its processing.
Chapter 20
MULTIPLE CHOICE
1. What is one activity that is not one of the responsibilities of accountants to help keep
a project on track?
a)
b)
c)
d)
ensuring that the project is on schedule
evaluating and measuring benefits
helping programmers write code
monitoring costs
2. Developing a general framework for implementing user requirements and solving
problems identified in the analysis phase occurs in which phase of the SDLC?
a)
b)
c)
d)
conceptual systems design
implementation and conversion
operations and maintenance .
physical design
3. Who is responsible for identifying and evaluating a variety of design alternatives?
a)
b)
c)
d)
design team
implementation committee
steering committee
systems analysts
4. Who is responsible for evaluating the design alternatives and selecting the one that
best meets the organization's needs?
a)
b)
c)
d)
design team
implementation committee
steering committee
systems analysts
5. Which of the following lists represent the sequence of elements in developing the
conceptual design specifications?
a)
b)
c)
d)
input, data storage, processing procedures and operations, and output
input, output, data storage, and processing procedures and operations
output, data storage, input, and processing procedures and operations
processing procedures and operations, input, data storage, and output
6. The project team wants to find the most efficient way to collect data in order to
prepare a report on sales per store. Which element in design specifications will deal
with the decision?
a)
b)
c)
d)
data collection
input
output
processing procedures
7. One of the purposes of the __________ is to guide physical systems design activities.
a)
b)
c)
d)
conceptual systems design report
physical systems design report
program design
systems analysis report
8. The conceptual design phase is the second phase in the systems design life cycle.
There are several steps in this phase. Which step listed below is not a valid step made
in the second phase of the SDLC?
a)
b)
c)
d)
evaluate design alternatives
physical systems design
prepare a conceptual systems design report
prepare design specifications
9. A part of the conceptual design phase is the evaluation of design alternatives. The
design team should identify a variety of design alternatives and evaluate them based
on several standards. Who is responsible for approving the final design that best
meets the organization's needs?
a)
b)
c)
d)
IS management
the end-users of the system
the steering committee
the system analyst design team
10. Once a design alternative has been chosen, the project team is responsible for the
development of several conceptual design elements. A decision about how often to
produce a certain report falls under the category of which design element?
a)
b)
c)
d)
data storage
input
output
processing procedures and operations
11. At the end of the conceptual design phase the development team prepares a
conceptual systems design report. What item below is not considered a rationale for
issuing the report?
a)
b)
c)
d)
it can be used to guide physical systems design activities
it communicates how management and user information needs will be met
it discusses the design alternatives that were not selected for the project
it helps the steering committee assess system feasibility
12. The objective of __________ is to determine the nature, format, content, and timing
of printed reports, documents, and screen displays.
a)
b)
c)
d)
input design
output design
report design
None of the above are correct.
13. Which consideration below is not considered important to output design?
a)
b)
c)
d)
format
location
medium
source
14. All of the four categories of output have pre-specified content and format except for
a)
b)
c)
d)
demand reports.
scheduled reports.
special-purpose reports.
triggered exception reports.
15. In the file and database design step of the physical systems design phase, it is
advantageous to have
a)
b)
c)
d)
a compatible format.
easy access.
timely queries.
various capabilities.
16. In evaluating input design, the design team must identify
a)
b)
c)
d)
a single view so data can be shared.
organization and access.
types of data input and optimal input methods.
what is relevant, complete, and useful.
17. Program development can be improved by
a)
b)
c)
d)
having special codes for input, output, and file maintenance.
having users code the programs.
using standards to find incorrect logic errors, omissions, or other problems.
using structured programming.
18. Structured programming divides the program into small, well-defined modules.
Which of the following statements below is correct?
a)
b)
c)
d)
Modules interact with each other directly and also through the control module.
Modules interact with each other directly.
Modules interact with only the control module.
Modules primarily, but not always, interact with the control module.
19. Rules for writing programs are called
a)
b)
c)
d)
applications.
basic code.
common routines.
programming standards.
20. Everyone who interacts with the newly designed AIS should follow __________ that
answer the who, what, where, why, and how questions related to all AIS activities.
a)
b)
c)
d)
procedures
programs
standards
none of the above
21. Which consideration is not of concern in controls design?
a)
b)
c)
d)
security
alphabetical control
audit trail
validity
22. The accountant wants to make sure that all cash disbursements are made only to
legitimate vendors. Which of the following control considerations will deal with this
concern?
a)
b)
c)
d)
security
accuracy
authorization
validity
23. The sales department wants to make sure that all customer inquiries are answered in
real-time. Which of the following controls design considerations will deal with this
concern?
a)
b)
c)
d)
security
authorization
accuracy
audit trail
24. At what point in the systems development life cycle does the company determine how
the conceptual AIS design is to be implemented?
a)
b)
c)
d)
the conceptual design phase
the implementation and conversion phase
the physical design phase
the systems analysis phase
25. The physical design stage of the SDLC is the point at which the broad, user-oriented
AIS requirements of conceptual design are translated into detailed specifications that
are used to code and test the various computer programs. What is the most timeconsuming activity found in this phase, or even in the entire SDLC process?
a)
b)
c)
d)
controls design
input design
output design
program design
26. Which consideration listed below applies to file and database design?
a)
b)
c)
d)
form size
format
medium
organization and access
27. Control design considerations are important to the physical systems design phase of
the SDLC. One concern of control design relates to the pre-numbering of documents
to prevent errors or intentional abuse. What is the control design consideration
related to this concern?
a)
accuracy
b) audit trail
c) numerical control
d) validity
28. __________ is the process of installing hardware and software and getting the AIS up
and running.
a)
b)
c)
d)
Conceptual design
Physical design
Systems analysis
Systems implementation
29. The first step in developing software is to
a)
b)
c)
d)
determine user needs.
develop a plan.
hire program users.
write program instructions.
30. The initial visual and mental review to discover keying or programming errors is
called
a)
b)
c)
d)
desk checking.
desk correction.
desk debugging.
desk imaging.
31. Flowcharts, record layouts, decision tables, and related items are part of
a)
b)
c)
d)
determining user needs.
documenting the program.
testing the program.
training program users.
32. Effective AIS training involves
a)
b)
c)
d)
instruction on new hardware and software.
orientation to new policies and operations.
planning and scheduling so it occurs before system testing and conversion.
All of the above are correct.
33. Step-by-step reviews of procedures or program logic early in the system design that
focus on inputs, files, outputs, and data flows are called
a)
b)
c)
d)
acceptance tests.
operating tests.
processing of test transactions.
walk-throughs.
34. The implementation planning and conversion phase of the SDLC incorporates many
systems implementation elements. One such element is the development and testing
of software programs. One process used to uncover and eliminate program errors is
known as
a) black box testing.
b) debugging.
c) desk checking.
d) white box testing.
35. What is used as the basis for management to make a "go/no go" decision regarding
whether to proceed from the physical design phase to the implementation planning
and conversion phase of the SDLC?
a)
b)
c)
d)
a conceptual system design report
a physical systems design report
a systems design report
an implementation planning design report
36. An implementation plan consists of the various implementation tasks to be
accomplished along with a variety of other data and information, such as expected
completion dates, cost estimates, and identification of the individuals responsible for
each task. The plan should also address the area of risks to successful
implementation. Who is responsible for identifying such risk factors?
a)
b)
c)
d)
the implementation team
the steering committee
the systems analysis team
the systems development team
37. Within the implementation planning and conversion phase of the SDLC, analysts
must __________ before they can __________.
a)
b)
c)
d)
complete documentation; test software programs
install and test software; test software programs
test software programs; test the system
test the system; select and train personnel
38. A software program must be changed to accommodate new tax rate values. What is
the name of the process used to make such a change?
a)
b)
c)
d)
debugging
desk checking
program maintenance
programming
39. Several types of documentation must be prepared for a new system. The type of
documentation that includes operating schedules and file retention requirements is
called
a)
b)
c)
d)
development documentation.
operations documentation.
reference documentation.
user documentation.
40. Inadequate testing can lead to serious systems failures. Part of the SDLC process is
to adequately test the system being implemented. What is the type of test that
determines whether a program is operating as desired?
a)
b)
c)
d)
acceptance testing
debugging
processing of test transactions
program walk-through
41. What is the name for the type of testing where copies of real transaction and file
records are used rather than hypothetical ones?
a)
b)
c)
d)
acceptance testing
debugging
desk checking
program walk-through
42. In __________, old and new systems are operated simultaneously at different parts of
the organization.
a)
b)
c)
d)
direct conversion
parallel conversion
phase-in conversion
pilot conversion
43. A company wishes to introduce and test a new AIS at a branch location before
company-wide adoption. This approach is called
a)
b)
c)
d)
direct conversion.
parallel conversion.
phase-in conversion.
pilot conversion.
44. Which of the following activities does not pertain to the area of data conversion?
a)
b)
c)
d)
changing the data content
changing the database
changing the file format
moving files to a new medium
45. "Conversion" in the implementation planning and conversion phase of the SDLC is
the task of changing from an old system to a new system. What is the name for the
type of conversion where the old AIS is immediately terminated as the new AIS is
introduced?
a)
b)
c)
d)
direct conversion
parallel conversion
phase-in conversion
pilot conversion
46. What is a phase-in conversion?
a)
b)
c)
d)
both the old and new AIS are operated simultaneously
elements of the old AIS are replaced gradually with elements of the new AIS
the new AIS is introduced into one part of the organization, such as a branch
the old AIS is terminated as the new AIS is introduced
47. The data conversion process of the implementation planning and conversion phase of
the SDLC can be a tedious and time-consuming task. Data files may need to be
modified in any of several ways. What is an example of modifying the medium of
data files?
a) adding or deleting fields or records
b) changing from tapes to disks
c) changing the file format
d) changing the storage capacity of the file format
48. There are several steps in the data conversion process that must take place in a certain
sequence. What is the last step in this process?
a)
b)
c)
d)
actual data conversion
checking the files for completeness and removing any data inaccuracies or inconsistencies
documentation of conversion activities
monitoring of the system after the actual data conversion
49. Which factor is not investigated during the post-implementation review?
a)
b)
c)
d)
accuracy
benefits
completion
costs
50. The final step in the SDLC is that of the operation and maintenance of the new
system. What is the final activity in the systems development process?
a)
b)
c)
d)
monitoring of the system
ongoing maintenance activities
preparation of the post-implementation review report
user acceptance of the post-implementation review report
51. Some investigation must occur during the postimplementation review process to
prepare the report and wrap-up systems development activities. An analyst who asks
the question, "Does the system produce actual and complete data?" is investigating
what postimplementation factor?
a)
b)
c)
d)
accuracy
compatibility
goals and objectives
reliability
SHORT ANSWER
52. How can accountants help in the SDLC process?
53. What factors does a steering committee consider when evaluating different system
designs?
54. What is the purpose of a conceptual systems design report?
55. What are the controls design considerations in a new AIS?
56. What is systems implementation? How do you plan for it?
57. What are the different types of documentation that should be prepared for a new
system?
58. What are the different methods of testing a system?
59. What is a post-implementation review? What are the activities involved in a postimplementation review?
60. What output design considerations should be analyzed as part of the physical system
design phase?
61. Briefly discuss structured programming.
ESSAY
62. What is the conceptual systems design phase? What are the elements of conceptual
design specifications?
63. What is the objective of output design? What are the output design considerations?
What are the various categories of outputs?
64. What are the different approaches to system conversion?
65. Discuss controls design considerations in the physical systems design phase of the
SDLC.
66. What are the eight basic steps used to develop and test software programs?
ANSWER KEY
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
C
A
A
C
C
B
A
B
C
C
C
C
D
C
A
C
D
C
D
A
B
D
D
C
D
B&C
C
D
A
A
B
D
D
B
B
A
C
C
B
C
A
B
D
B
A
B
B
C
C
D
A
Accountants must first understand the development process, and then realize that they can make a
valuable contribution to the development process in several ways. As users, accountants can
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
specify their needs and help explain such needs to the development team. As members of the
development team, they can provide valuable input throughout the design and development
process. As auditors, they can perform attest functions with a greater working knowledge and
enhanced skill sets. Accountants should keep the project on track by evaluating and measuring
benefits, monitoring costs, and helping to maintain the timetable.
How well does the design meet organizational and systems objectives? How well does the design
meet users' needs? How economically feasible is the design in terms of costs versus benefit? What
are the advantages and disadvantages of the design? Do the advantages outweigh the
disadvantages?
The purpose of this report is to a) guide physical systems design activities, b) communicate how
management and user information needs will be met, and c) help the steering committee assess
system feasibility.
Controls design ensures the effectiveness, efficiency, and accuracy of the AIS. Accountants have
a vital role in this area. The important concerns to be addressed are: validity of transactionsauthorization of input, storage, and output activities- accuracy of input and processing activitiessecurity access to system numerical control pre-numbering and accounting of all documents.
Audit trail - tracing of transactions from source documents to final output and vice versa
Systems implementation is the process of installing hardware and software and getting the AIS in
place and in use. Systems planning consists of: Implementation tasks and person(s) responsible
for tasks. Setting expected completion dates. Cost estimates and variances. Identify risk factors
that decrease likelihood of successful implementation. Strategies for coping with risk factors.
Complete documentation - three types of documentation must be prepared: Development
documentation which includes: System description. Copies of output, input, and file and database
layouts. Program Flowcharts. Test results. User acceptance forms. Operations documentation
includes: Operating schedules. Files and databases accessed. Equipment security and file retention
requirements. User documentation includes: Procedures manual(s). Training materials.
There are three methods: walkthroughs, which involve systematic reviews of procedures or
program logic at different phases during the SDLC. In the early stages of the design process, the
focus is inputs, outputs, and files. In the later stages, the focus is on program logic and structure.
Processing test transactions to determine whether a program operates as designed. Different types
of hypothetical transactions are processed to see if the controls catch various types of errors.
Acceptance tests, which use real transactions and file records. Users develop the acceptance
criteria and make the final acceptance or rejection decision.
A post-implementation review ensures that the new AIS meets planned objectives. Any problems
uncovered during the review are brought to the attention of the management and the necessary
adjustments are made. When review is complete, prepare a report. The acceptance of the postimplementation review report by users concludes the systems development process. Control of the
AIS now passes on to the data processing department.
Two things must be considered regarding system output. First, who will use the output? Why do
users need this type of output, and what decisions will be made based on such output? Second, the
medium of the output must be addressed. What medium should be used? Should the output be on
paper, computer screen, stored as a voice response file, placed on diskette, microfilm, or some
possible combinations of these mediums? These are two important considerations that can either
"make or break" a system in terms of its successful use. Other considerations are: What format
(tale, graph, etc)? Should preprinted forms be used? Where should the output be sent? Who
should have access to the output? How often should the output be produced? Lengthy output
should be preceded by an executive summary and a table of contents.
Structured programming refers to programs that are subdivided into small, well-defined modules
with the goal of reducing complexity and enhancing reliability and modifiability. Each module
should interact with a control module rather then with each other. Proper structured programming
dictates that each module should have only one entry and exit point to facilitate testing and
modification.
The conceptual systems design phase involves the development of the general framework for
implementing user requirements and solving problems identified in the analysis phase. Conceptual
design elements include the following elements: Output specifications to meet users' information
needs. Data storage specifications based on reports that need to be produced, the manner in which
63.
64.
65.
66.
data are stored (sequential, random, etc.), the type of database to use, and appropriate field sizes.
Input specification after output is identified so that the "when, where, and how" of data input are
appropriate for the types of output needed. Processing procedures and operations specifications are
determined after the sequencing and processes for input and data storage are known.
Output design: The objective is to determine the nature, format, content, and timing of printed
reports, documents, and screen displays. Design considerations: Use - who will use, why is it
needed, what is needed for use. Medium - paper, screen, diskette. Format - tables, graphs,
narratives. Preprinted - e.g., purchase orders, checks. Location - where sent. Access - by whom
and to what. Detail - summary, table of contents, headings. Timeliness - how often. Categories of
output are: Scheduled reports are prespecified and formatted and prepared regularly. Specialpurpose analyses are not prespecified or formatted, but are prepared when management requests
data to evaluate an issue. Triggered exception reports are prespecified and formatted and prepared
in event of abnormal conditions. Demand reports are prespecified and formatted and prepared
when requested.
Direct conversion is used when the old system is of no value or is not comparable to the new
system. This type of conversion carries a high risk of failure. Parallel conversion protects the
company from error, but it is costly and stressful to process transactions twice. Phase-in
conversion results in gradual changes over time that also allows resources to be acquired over
time. However, creating temporary interfaces is costly and gradual changes take time and come at
greater expense. Pilot conversion implements the system in just one part of the organization that
allows problems to be corrected before the system is completely adopted. However, the costs of
interfaces and running both systems are a disadvantage.
There are several controls design considerations to be addressed in this phase of the SDLC.
Validity, authorization, accuracy, access, numerical control, and providing an audit trail are the
major items, which must be taken into account in physical design. Validity would address a
question such as, "Are all system interactions valid?" Authorization could be examined by asking,
"Are input, processing, storage, and output activities authorized by the appropriate managers?"
Accuracy can be analyzed by asking, "Is input verified to ensure accuracy and what controls are in
place to ensure that data passed between processing activities is not lost?" When dealing with
access issues, the analyst should ask if there is adequate control over accessing data, and ask the
important question, "How is a hacker denied access to a data file?" Asking the question, "Are
documents pre-numbered to prevent errors or intentional abuse?" can provide insight about
numerical controls. Finally, to provide appropriate audit trails, the analyst should ask the
question, "Can transaction data be traced from source documents to final output, and vice versa?"
It is imperative that controls design be properly implemented in this phase of the SDLC to ensure
the success of launching the system and its ongoing use. Also , availability and integrity.
Generally speaking, developers use an eight-step method to develop and test software programs.
As part of the systems implementation phase of the SDLC, it is important that these steps
faithfully are followed by the development team. 1) The team should consult with users and write
an agreement about software requirements as a way to determine user needs. 2) Next, a
development plan should be created and documented. 3) The overall approach and major
processing tasks should be identified on a high level before proceeding to levels of greater detail.
At that point the activity of writing program instructions can begin. 4) After program code has
been written, the next step is to test the program. This can be achieved in part through debugging
and desk checking, along with other types of testing. 5) The next thing to be done is to document
the program, since this will explain how the program works and assist analysts in correcting and
resolving errors. 6) Training program users is the beginning of the end of the test phase. Program
documentation developed in step five will be used at this time. 7) The seventh step is to install and
use the system. At this point the program can be used and program maintenance can take place as
needed. 8) Use and modify the system. Revise existing programs (called program maintenance).