Chapter 9 23. Three objectives of a company's internal control system should be safeguarding assets, checking the accuracy and reliability of accounting data, and promoting operational efficiency. A fourth objective of a company's internal control system should be: a) Preventing embezzlement of assets b) Encouraging adherence to prescribed managerial policies c) Avoiding the payment of overtime to company employees d) Revising standards for production costs on a weekly basis 25. The preventative controls within a companys internal control system: e) Form the foundation for all of a company's other internal control components f) Focus on managements philosophy and operating style g) Ignore the risk factor associated with a company's control procedures h) Relate to safeguarding a company's assets and checking the accuracy and reliability of the company's accounting data 27. Assume that a company designs and implements a control procedure whereby the accountant who is responsible for recording cash receipts transactions does not have access to the cash itself. This control procedure is an example of a: a) Detective control b) Preventive control c) Corrective control d) Feedback control 33. Which of the following statements is true? a) The COSO report failed to define internal control b) The COSO report emphasized that an internal control system is a tool of management c) SAS 78 rejected the definition of internal control provided in the COSO report d) COBIT concluded that a company's management is not responsible for establishing and monitoring a company's internal control system 34. Regarding the cost-benefit concept, which of the following statements is true? a) Every control procedure that offers benefits to a company should be implemented into the company's system b) An optimal internal control package is developed for a company's system by implementing a standardized package of control procedures c) A control procedure is considered cost effective if it can be determined that the cost of operating the procedure will be lower in the current period than in the previous period d) A control procedure is considered cost effective when its anticipated benefits exceed its anticipated costs 35. An ideal control is: i) A control procedure that reduces to practically zero the risk of an error or an irregularity taking place and not being detected j) A control procedure that is anticipated to have the lowest possible cost in relation to its benefits k) A control procedure that should always be implemented into a company's system due to the efficiency and effectiveness that will result from its implementation l) A control procedure that is always cost effective 38. Which of the following fundamental concepts is stressed by the COSO report? a) Internal control is not affected by people b) Internal control is geared to the achievement of a company's objectives in the financial reporting area only c) Internal control is designed to detect all errors and irregularities that occur within a company's system d) Internal control is a process 39. A periodic review by internal auditors that stresses the evaluation of the efficiency and effectiveness of a department's procedures is called a (an): m) Operational audit n) Financial audit o) Management-by-exception audit p) Audit by exception 55 Regarding COBIT, which of the following statements is true? a) COBIT means Cost Objectives for Information and Related Technology b) COBIT rejects the definition of internal control from the COSO report c) COBIT states that a companys management should play a minor role in establishing an internal control system d) COBIT classifies people as one of the primary resources managed by various IT processes 56 The component of an internal control system that concerns itself with the way a companys management assigns authority and responsibility is called: q) Monitoring r) Control environment s) Risk assessment t) Information Chapter 10 27. The principal function of an accounting system's computerized controls is: a) Detecting computer frauds b) Preventing computer frauds c) Encouraging programmer honesty d) none of the above 30 A very effective ID approach for safeguarding logical computer access bases user recognition on: a) IDA b) Biometric identifications c) Message acknowledgment procedures d) Routing verification procedures 28. Which of the following is not a major reason for controls in a computerized accounting information system? a) More data are processed b) Often, computerized data are unreadable to the human eye c) With computerized data, there is a higher possibility of computer crime d) all of the above are reasons for controls 32. Which of the following is not a subcategory of input controls? a) Observation, recording and transcription of data b) Edit tests c) Additional input controls d) Data processing 29. 37 Which of the following is not a processing control? a) Record counts b) Control totals c) Hash totals d) Check digits 38 Edit checks performed "in tandem" would be defined as: a) Tests of alphanumeric field content b) Tests for valid codes c) Redundant data checks d) Tests of reasonableness 39 A data field could pass all edit tests and still be invalid. Additional controls to cope with this would include: a) Check digit b) Unfound record test c) Valid code test d) a and b 40 Check digit control procedure have which of the following attributes? a) Guarantees data validity b) Detects fraudulent data c) Always recommended for accounting information systems d) none of the above 30. 41 Which of the following types of errors will check digits usually detect? a) Transposition of two digits b) Inaccuracy of one digit c) Double mistakes canceling out each other d) Fraudulent data . 31. 47 The least effective physical security control for a computer center is: a) Limited employee access b) Color-coded identification badges c) Insurance d) Strategic placement of computer center equipment Chapter 11 44. Which of these would be an example of denial-of-service computer abuse? a) Social engineering b) Salami technique c) Trojan horse computer program d) Embezzlement using computerized data e) none of these 1. 45. A logic bomb is a computer program that: 1) a) Rewrites the instructions of a particular computer program b) Remains dormant until an event triggers it c) Contains an error in it d) Blows away (impresses) the boss when he or she sees it 46. Which of the following statements is true? a) Most states lack specific computer crime laws b) Most computer crime laws define their terms c) All computer crime laws have only felony provisions d) none of the above statements is true 47. Which of these terms describes a computer program that remains dormant until triggered by some specific circumstance or date? a) Trojan horse program b) DDoS program c) Logic bomb d) Dial back system 48. Much of what has been termed computer crime has merely involved the computer but probably would be more accurately classified as other types of crimes. A notable exception to this involves: a) Raiding dormant bank accounts b) Inventory misappropriation b) Embezzlement c) Theft of computer time 51. Which of the following best explains why we have incomplete information on computer crime? a) Most companies handle abuse as an internal matter b) Most newspapers no longer have any interest in reporting computer crime c) Documentation of abuses is usually poor d) We believe that most computer crime is not caught 52. At present, we think that computer crime is: a) Falling b) Random c) Rising d) Flat 61. Computer programs that can scan computer disks for virus-like coding are called: a) Antivirus software b) Virus software c) Detection software d) Friendly applets 62. All of the following are ways to thwart computer viruses except: a) Acquiring a vaccine or anti virus program b) Avoiding downloading computer games from questionable sources c) Opening suspicious emails and attachments d) Buying shrink wrapped software from reputable sources 63. A small computer program that is stored on a web server and designed to run in conjunction with browser software is called a(n a) Applet b) Logic bomb c) Worm d) Boot sector 49. These allow a user to access alternate web pages from an existing page: a) Hyperlinks b) Golf links c) html titles d) The XBRL tag 50. 65. This language allows its users to create web pages on the Internet: a) HTTP b) HTML c) URL d) COBOL 51. 66. The X in the term XBRL stands for: a) Extra b) Extensible c) X-rated d) Exante 67. Which of the following is true about XBRL? a) It is a business application of XML b) It uses tags such as like HTML c) It is used by the SEC to collect and store financial information about companies d) all of the above are true about XBRL 52. One advantage of XBRL tags is that: a) They always contain links to other web pages b) Optional entries allow users to specify units of currency, such as Euros c) They are now unchanging standards d) They cannot be used by hackers 70. All of the following are true about XBRL tags except: a) Tags are extensible b) Tags describe the data c) Tags tell how to display data d) Tags are now permanently standardized across industries