Info
Warning
Danger

Study Resources (Accounting)

Objective 4 1) ISO 13000 is not the only internationally accepted enterprise risk management standard. 2) The risk time frame ________ relates to the organization's strategy, affecting three to five years or longer. 3) The risk time frame ________ related to tactics, such as new projects that initiate change. 4) The risk time frame.
6 Views
View Answer
Objective 7 1) ________ controls ensure that reports and messages reach intended recipients. 2) Operations security refers to A) Security for access to the enterprise system, including computers, networks, routers, and databases B) Security for telecommunications, networks, and the Internet C) The physical security of information technology components, such as hardware and software D) Activities.
6 Views
View Answer
11) The International Organization for Standardization framework for risk management is ________. 12) At the top management level, ________ IT controls provide IT governance that sets the tone from the top of the enterprise. 13) ________ are controls embedded in business processes where a majority of security breaches occur. 14) What percentage.
8 Views
View Answer
Objective 5 1) Telecommunications, networks, and the internet all relate to data transmission. 2) ________ is a network used by external customers and/or suppliers. 3) Network cyberattacks typically target ________ because they offer access to the network. 4) ________ firewall is a special type of firewall located on a server used to intercept and.
7 Views
View Answer
10) What is system development methodology (SDM)? 11) What type of IT professionals are involved in the design and development of the accounting system? 12) Why do accountants need to know about the processes IT professionals use for system development? 13) Why do accountants need to be included on the development team for.
10 Views
View Answer
Objective 2 1) The COSO Enterprise Risk Management framework replaces the COSO framework for internal control. 2) Given the impossibility of foreseeing every conceivable control to address all threats, risk management uses the approach of assessing risk to determine the probability of risk, its frequency, and its impact. 3) It is possible.
7 Views
View Answer
Match the ERM component name to the appropriate definition. A) This is comprised of policies and procedures established and implemented to ensure risk responses are effective. B) This involves identifying occurrences that affect an enterprise's ability to attain its objectives. C) This involves ensuring relevant data is captured and communicated effectively throughout the.
5 Views
View Answer
Match the SDLC phase to the appropriate definition. A) Deliver the new system, including hardware and software. B) Models for the current system, such as database models and business process models, are studied to determine modifications required. C) In this phase, the models are transformed into software programming code, which is then.
6 Views
View Answer
21) Which legislation requires organizations that handle credit and debit card data to meet cybersecurity requirements to safeguard data?              A) Computer Fraud and Abuse Act B) Federal Information Security Management Act of 2002 (FISMA) C) Economic Espionage Act of 1996 D) Payment Card Industries Data Security Standards (PCI-DDS) 22) It is the first day.
6 Views
View Answer
46) What are the advantages of using a baseline model? 47) List and define the categories in Weatherbe's PIECES framework for problem analysis. 48) After the system design phase is complete, the system proposal is submitted to the client for approval. What information is included in the system proposal? 49) You are a.
9 Views
View Answer
30) What is risk tolerance? Provide an example. 31) What are five external events that may pose a risk to an enterprise's ability to achieve objectives? Provide examples. 32) What are four internal events that may pose a risk to an enterprise's ability to achieve objectives? Provide examples. 33) Assessment techniques used to.
4 Views
View Answer
21) A ________ analysis identifies any difference between the specifications of the baseline accounting system and the enterprise-specific user requirements. 22) According to Weatherbe's PIECES framework for problem analysis, a problem that relates to system issues, such as system availability, is classified as a(n) ________ problem. Match the category in Weatherbe's.
8 Views
View Answer
11) Which principle in the Code of Ethics for internal auditors states that the are to make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments? A) Confidentiality B) Competency C) Objectivity D) Integrity 12) Which principle in the Code of.
11 Views
View Answer
Objective 1 1) Luckily, project management questions are not part of the CPA exam. 2) Project management uses techniques to organize and streamline the project. 3)  System development life cycle is the order and timing of when the SDLC phases are completed. 4) ________ design the system, specifying the components needed for the.
16 Views
View Answer
Chapter 11 Extension 1) COBIT provides high-level strategic guidance for meeting overall internal control objectives. 2) COSO provides a code of practice for information security management. 3) In the COBIT framework, which IT resource category consists of manual and programmed procedures to process information? A) Infrastructure B) Applications C) People D) Information 4) Which IT process domain,.
15 Views
View Answer
Match the design feasibility name to the appropriate definition. A) Evaluates whether the new system deliverables can be delivered by the required due dates B) Assesses the probability of successful implementation and use of the new system, including any legal considerations C) Assesses whether the new system IT architecture can interact with the.
6 Views
View Answer
Objective 2 1) The SDLC provides a common language for communicating with programmers, system analysts, database administrators, and other IT professionals engaged in accounting system development. 2) The plan phase of a SDLC involves designing new system models to satisfy user requirements, either by creating a new model or by modifying.
10 Views
View Answer
Objective 6 1) A ________ is a hardware device containing a password generator protocol that creates a new password each time the token is used. 2) Which access control threat are programs or devices that examine traffic on the enterprise network? A) Password attack B) Network sniffer C) Identify theft D) Spoofing at log-on 3) Which.
6 Views
View Answer
Match the malware with the appropriate definition. A) Code is disguised as a legitimate program, that can be downloaded and installed by users without realizing it is malware B) A relatively small program that infects other application software by attaching to it and disrupting application function C) Tiny piece(s) of programming code that.
7 Views
View Answer
Objective 1 1) Cybersecurity combines people, processes, and technology to continually monitor vulnerabilities and respond proactively to secure the system. 2) Personal data, such as home address and credit card number, are stored on hotel card keys. 3) ________ developed the 10-domain Common Body of Knowledge (CBK) for IT security and controls. 4).
22 Views
View Answer
Objective 3 1) A well developed and articulated risk management philosophy can provide consistency in risk attitudes throughout the entire enterprise. 2) In ERM risk assessment, possibility may refer to assessing likelihood using a quantitative measure, such as percentages. 3) When risk responses are being considered, the costs and benefits of options may.
5 Views
View Answer
12) What is a microcomputer? A) A computer with moderate computing power B) A personal computer or laptop C) A smart phone D) A powerful, high-speed computer used for complex numerical calculations 13) Which of the following network hardware are typically personal computers and laptops connected to the network? A) Workstation computers B) Server computers C) Routing devices D).
7 Views
View Answer
19) What is the software development waterfall methodology? 20) What is the software development prototype methodology? 21) What is the software development ABC methodology? 22) You are a staff accountant at manufacturing firm. IT is creating an new accounting system and wants to use the ABC methodology. Your boss wants IT to use.
10 Views
View Answer
19) Which ERM component involves the risk management philosophy of the enterprise,including the tone set by top management? A) Control activities B) Information and communication C) Internal environment D) Event identification 20) Which ERM component is comprised of policies and procedures established and implemented to ensure risk responses are effective? A) Risk assessment B) Control activities C) Information.
4 Views
View Answer
19) Which phase of the SDLC involves users entering data into the new system? A) Design B) Deploy C) Install D) Build 20) The project schedule is defined in which phase of the SDLC? A) Analysis B) Build C) Plan D) Design 21) List and define the phases of the SDLC. 22) What is the system development life cycle (SDLC)? .
8 Views
View Answer
Objective 1 1) The largest provider of relational database tools is Sun Microsystems Inc. 2) Information assets are the new currency of business. 3) The database integrity rule Referential Integrity states that field values must be from a predefined domain. 4) The database integrity rule Primary Key Integrity states each record in the database.
19 Views
View Answer
21) Hiring competent employees who are provided ongoing training A) Can increase risks from accidents and errors B) Can increase the amount of fraud C) Can reduce risks from accidents and errors D) Can reduce an enterprise's risk tolerance 22) Which of the following is NOT an external factor that might affect an enterprise's ability.
4 Views
View Answer
11) Design feasibility includes operational, economic, technical, schedule, cultural, and risk feasibility of the proposed IT architecture for the new system. 12) Economic feasibility assesses the probability of successful implementation and use of the new system, including any legal considerations. 13) Risk feasibility assess the probability of successful implementation and use.
6 Views
View Answer
11) List three encryption methods. Briefly describe how they work. 12) List and describe three types of encryption keys. Objective 12 1) The IT used in an enterprise can actually create vulnerabilities to cyberattacks on its confidential accounting data. 2) New IT security technology A) Is usually worth the investment B) Is less vulnerable.
7 Views
View Answer
Objective 4 1) Most entrepreneurs need to hire custom programmers to write accounting programs. 2) For most enterprises it is more cost-effective to hire programmers to write custom software programs for all of their accounting functions. 3) Most accounting systems today are built using an ABC methodology. 4) The baseline stage of the.
8 Views
View Answer
Objective 5 1) Focusing on sustainable operations increases the risk of dependence on dwindling natural resources that may become cost prohibitive in the future. 2) Effective implementation of ERM requires a robust discussion of the potential impact of not mitigating risks and the likelihood that the risk will impact the organization. 3).
7 Views
View Answer
Match the legislation to the description. A) This legislation requires organizations that handle credit and debit card data to meet cybersecurity requirements to safeguard the data. B) Frank-Dodd Wall Street Reform and Consumer Protection Act C) This legislation requires each federal agency to develop, document, and implement an agency-wide information security program. D) This.
9 Views
View Answer
Objective 4 1) Wide area networks (WANs) cover a large geographic region, such as the lower Midwest. 2) The Internet is a collection of many networks of various types, connecting different LANs MANs, and WANs together. 3) Bridges connect LANs of similar or different types to create an intranet. 4) Enterprise security architecture.
5 Views
View Answer
Objective 2 1) Most data thieves are professional criminals deliberately trying to steal information they can turn into cash. 2) While dumpster diving is unethical, it may not be illegal. 3) Phishing involves attempts to obtain passwords by sniffing messages sent between computers on the network. 4) Laws related to cybersecurity originate from.
14 Views
View Answer
41) Which category in Weatherbe's PIECES framework affects revenues (benefits) or costs? A) Control problem B) Economic problem C) Service problem D) Performance problem 42) In the ABC methodology of software development, which stage of the customer stage involves reviewing and updating user requirements for the new accounting system? A) Plan B) Analyze C) Install D) Deploy 43) In the.
12 Views
View Answer
Objective 6 1) Spreadsheets introduce significant risks into the financial reporting process for organizations. 2) Storing the spreadsheet on the server increases the difficulty to track changes made by multiple users. 3) The use of access security controls on spreadsheets is not an effective method to improve spreadsheet risk management. 4) A.
8 Views
View Answer
Objective 1 1) The SEC requires company boards to report in-depth on how their enterprises identify risk, set risk tolerances, and manage risk/reward trade-offs. 2) Controls are not task driven. Understanding risk is not a prerequisite to the appreciation and application of control. 3) Enterprise risk management (ERM) goes beyond just security and.
18 Views
View Answer
Chapter Extension 10A 1) The ________ of internal auditors establishes trust and thus provides the basis for reliance on their judgment. 2) Internal auditors exhibit the highest level of professional ________ in gathering, evaluating, and communicating information about the activity or process being examined. Match the internal auditors code of ethics principle to.
8 Views
View Answer
Objective 3 1) The system development life cycle lists what steps to complete. 2) Many system development methodologies exist, which one is the best fit for the project depends on the nature of the project and the specific requirements. 3) The waterfall methodology of software development consists of two stages: Baseline and 4).
8 Views
View Answer
5) List and define the information sensitivity classifications for the private sector. 6) List and define information sensitivity classification for governmental sector. 7) Provide example of how security and controls measures can be included in the planning, design, installation, and deployment phases of the SDLC. 8) List and describe three frameworks that provide.
6 Views
View Answer
11) The ABC methodology A) Completes a phase before starting the next phase B) Creates a sample that is provided to the end users for feedback C) Always starts with a baseline system D) Is another name for spiral methodology 12) Which of the following is an advantage of the waterfall methodology of software development.
11 Views
View Answer