CHAPTER 1 a.

byte, bit, record, field, file, database

1 When a company receives returned b. bit, byte, record, field, file, database
goods from a customer, the business
c. bit, byte, field, record, file, database
process to accept the return would most
likely be a(n) d. bit, byte, field, record, database, file
a. administrative process 6 The process of searching for identifiable
patterns in data is called
b. conversion process
a. sequential processing
c. expenditure process
b. data warehousing
d. revenue process
c. data mining
2 Which of the following is least likely to
be an output of the accounting information d. real‐time processing
system?
7 An IT-enabled system for purchasing
a. check that is an “invoice‐less” system is called
a(n)
b. A report
a. automated matching system
c. An invoice
b. evaluated receipt settlement
d. A bar code
c. e‐payables
3 Which of the following is not true of the
supply chain? d. point of sale system
a. The supply chain includes vendors. 8 The COSO report written for the
purpose of assisting managers in the
b. The supply chain excludes customers.
challenge of managing risk in their
c. The supply chain includes information organizations is entitled
flows.
a. “Internal Controls—Integrated
d. The supply chain includes secondary Framework”
suppliers.
b. “Enterprise Risk Management—Integrated
4 Which of the following is not an objective
Framework”
of IT enablement?
c. “Corporate Governance Guidance”
a. Increased accuracy of data
d. “IT Governance Guidance”
b. Reduced cost
9 Accountants have some form of use of the
c. Reduced security problems
AIS in all but which role?
d. Increased efficiency
a. User
5 The correct order of the computer data
b. Programmer
hierarchy is
c. Auditor 3 Which of the following is not a
disadvantage of maintaining legacy
d. Designer
systems?
10 Which of the following is not true of
a. There are fewer programmers available to
unethical behavior?
support and maintain legacy systems.
a. The only category of unethical behavior for
b. They contain invaluable historical data that
accountants is inflating revenue.
may be difficult to integrate into newer
b. Accountants are often pressured to help systems.
commit or cover up unethical behavior.
c. Hardware or hardware parts may be
c. Hacking is an unethical behavior that unavailable for legacy systems.
accountants should be concerned about.
d. It can be difficult to integrate various
d. An accounting information system can be legacy systems into an integrated whole.
used to cover up unethical behavior
4 Which of the following is not an
CHAPTER 2 advantage of cloud computing when
compared to client–server computing?
1 Which of the following statements is not
true? a. It is more scalable.

a. Accounting information systems must b. It is less costly.

maintain both detail and summary
c. It increases the amount of computer
information.
infrastructure in a company.
b. Business processes may vary from
d. It has expanded availability.
company to company.
5 Which of the following is a disadvantage
c. Regardless of the extent of
of purchased accounting software,
computerization, all accounting information
compared with software developed in‐
systems must capture data from the
house?
transactions within business processes.
a. It is custom‐designed for that company.
d. Business processes categorized as
expenditure processes are not intended to be b. It is less costly.
processes that serve customers.
c. The implementation time is shorter.
2 In a manual system, an adjusting entry
d. There are fewer bugs.
would most likely be initially recorded in a
6 Which of the following is not a method of
a. special journal
updating legacy systems?
b. subsidiary ledger
a. Enterprise application integration
c. general journal
b. Back office ware
d. general ledger
c. Screen scraper
d. Complete replacement d. Supporting documents are prepared as
items are processed. Supporting documents
7 When categorizing the accounting
are prepared during scheduled runs.
software market, a company with revenue
of $8 million would most likely purchase 11 In documenting systems, which
software from which segment? pictorial method is described as a method
that diagrams the actual flow and
a. Small company
sequence of events?
b. Midmarket
a. System flowchart
c. Beginning ERP
b. Process map
d. Tier 1 ERP
c. Data flow diagram
8 An IT system that uses touch‐screen cash
d. Entity relationship diagram
registers as an input method is called
CHAPTER 3
a. electronic data interchange
1 The careful and responsible oversight
b. e‐business
and use of the assets entrusted to
c. point of sale system Management is called
d. source documents and keying a. the control environment

9 When similar transactions are grouped b. stewardship

together for a specified time for
c. preventive controls
processing, it is called
d. security
a. online processing
2 Which of the following is not a condition
b. real‐time processing
in the fraud triangle?
c. batch processing
a. Rationalization
d. group processing
b. Incentive
10 Which of the following is not correct
c. Conversion
regarding the ways that real‐time systems
differ from batch systems? d. Opportunity
a. Real‐time Systems Batch Systems Must 3 There are many possible indirect
use direct access files. Can use simple benefits to management when
sequential files. management fraud occurs. Which of the
following is not an indirect benefit of
b. Processing occurs Processing on demand.
management fraud?
Must be scheduled.
a. Delayed exercise of stock options
c. Processing choices are menu‐driven.
Processing is interactive. b. Delayed cash flow problems
c. Enhanced promotion opportunities 8 The review of amounts charged to the
company from a seller that it purchased
d. Increased incentive‐based compensation
from is called a
4 Which of the following is not an example
a. vendor audit
of employee fraud?
b. seller review
a. Skimming
c. collusion
b. Larceny
d. customer review
c. Kickbacks
9 Which of the following is generally an
d. Earnings management
external computer fraud, rather than an
5 Which of the following is not a common internal computer fraud?
form of employee fraud?
a. Spoofing
a. Inventory theft
b. Input manipulation
b. Expense account fraud
c. Program manipulation
c. Payroll fraud
d. Output manipulation
d. Refund fraud
10 Which control activity is intended to
6 Segregation of duties is a fundamental serve as a method to confirm the accuracy
concept in an effective system of internal or completeness of data in the accounting
controls. Nevertheless, the effectiveness of system?
this control can be compromised through
a. Authorization
which situation?
b. Segregation of duties
a. A lack of employee training
c. Security of assets
b. Collusion among employees
d. Independent checks and reconciliations
c. Irregular employee reviews
11 COSO describes five components of
d. The absence of an internal audit function
internal control. Which of the following
7 The most difficult type of misstatement terms is best described as “policies and
to discover is fraud that is concealed by procedures that help ensure management
directives are carried out and
a. over‐recording the transactions
management objectives are achieved”?
b. nonrecorded transactions a. Risk assessment
c. recording the transactions in subsidiary b. Information and communication
records
c. Control activities
d. related parties
d. Control environment
12 Proper segregation of duties calls for 2 In entering client contact information In
separation of the functions of the computerized database of a
telemarketing business, a clerk
a. authorization, execution, and payment
erroneously entered nonexistent area
b. authorization, recording, and custody codes for a block of new clients. This error
rendered the block of contacts useless to
c. custody, execution, and reporting the company. Which of the following
d. authorization, payment, and recording would most likely have led to discovery of
this error at the time of entry into the
13 The AICPA Trust Services Principles company’s computerized system?
identify five categories of risks and
controls. Which category is best described a. Limit check
by the statement, “Information processes b. Validity check
could be inaccurate, incomplete, or not
properly authorized”? c. Sequence check

a. Security d. Record count

b. Availability 3 Which of the following is not a control

intended to authenticate users?
c. Processing integrity
a. User log‐in
d. Confidentiality
b. Security token
14 A company’s cash custody function
should be separated from the related cash c. Encryption
recordkeeping function in order to
d. Biometric devices
a. physically safeguard the cash
4 Management of an Internet retail
b. establish accountability for the cash company is concerned about the possibility
of computer data eavesdropping and
c. prevent the payment of cash disbursements
wiretapping, and wants to maintain the
from cash receipts
confidentiality of its information as it is
d. minimize opportunities for transmitted. The company should make
misappropriations of cash use of

CHAPTER 4 a. data encryption

1 Internal controls that apply overall to the b. redundant servers

IT system are called c. input controls
a. overall controls d. password codes
b. technology controls
5 An IT governance committee has several
c. application controls
d. general controls
responsibilities. Which of the following is c. Wireless networks
least likely to be a responsibility of the IT
d. All of the above
governance committee?
9 Which programmed input validation
a. Develop and maintain the database and
check compares the value in a field with
ensure
related fields to determine whether the
adequate controls over the database. value is appropriate?
b. Develop, monitor, and review security a. Completeness check
policies.
b. Validity check
c. Oversee and prioritize changes to IT
c. Reasonableness check
systems.
d. Completeness check
d. Align IT investments to business strategy.
10 Which programmed input validation
6 AICPA Trust services Principles
check determines whether the appropriate
describe five categories of IT risks and
type of data, either alphabetic or numeric,
controls. Which of these five categories
was entered?
would best be described by the statement,
“The system is protected against a. Completeness check
unauthorized access”?
b. Validity check
a. Security
c. Reasonableness check
b. Confidentiality
d. Field check
c. Processing integrity
11 Which programmed input validation
d. Availability makes sure that a value was entered in all
of the critical fields?
7 The risk that an unauthorized user
would shut down systems within the IT a. Completeness check
system is a(n)
b. Validity check
a. security risk
c. Reasonableness check
b. availability risk
d. Field check
c. processing integrity risk
12 Which control total is the total of field
d. confidentiality risk values that are added for control purposes,
but not added for any other purpose?
8 The risk of an unauthorized user gaining
access is likely to be a risk for which of the a. Record count
following areas?
b. Hash total
a. Telecommuting workers
c. Batch total
b. Internet
d. Field total
13 A company has the following invoices in a. Conceptual design
a batch:Invoice no. Product I.D. Quantity
b. Evaluation and selection
Unit price
c. Parallel operation
401 H42 150 $30.00
d. Detailed design
402 K56 200 $25.00
4 Which of the following feasibility aspects
403 H42 250 $10.00
is an evaluation of whether the technology
404 L27 300 $5.00 exists to meet the needs identified in the
proposed change to the IT system?
Which of the following numbers
represents a valid record count? a. Technical feasibility
a. 1 b. Operational feasibility
b. 4 c. Economic feasibility
c. 70 d. Schedule feasibility
d. 900 5 The purpose of the feasibility study is to
assist in
CHAPTER5
a. selecting software
1 IT governance includes all but which of
the following responsibilities? b. designing internal controls
a. Aligning IT strategy with the business c. designing reports for the IT system
strategy
d. prioritizing IT requested changes
b. Writing programming code for IT systems
6 Within the systems analysis phase of the
c. Insisting that an IT control framework be SDLC, which of the following data
adopted and implemented collection methods does not involve any
feedback from users of the IT system?
d. Measuring IT’s performance
a. Documentation review
2 Which phase of the system development
life cycle includes determining user needs b. Interviews using structured questions
of the IT system?
c. Interviews using unstructured questions
a. Systems planning
d. Questionnaires
b. Systems analysis
7 A request for proposal (RFP) is used
c. Systems design during the
d. Systems implementation a. phase‐in period
3 Which of the following is not part of the b. purchase of software
system design phase of the SDLC?
c. feasibility study
d. in‐house design b. As part of the internal control structure of
the organization
8 Which of the following steps within the
systems implementation phase could not c. As part of the audit of an IT system
occur concurrently with other steps, but
d. As partial fulfillment of management’s
would occur at the end?
ethical obligations
a. Employee training
12 Confidentiality of information is an
b. Data conversion ethical consideration for which of the
following party or parties?
c. Software programming
a. Management
d. Post‐implementation review
b. Employees
9 Each of the following are methods for
implementing c. Consultants
a new application system except d. All of the above
a. direct cutover conversion CHAPTER 6
b. parallel conversion 1 Which of the following advantages is
least likely to be experienced by a company
c. pilot conversion
implementing an enterprise resource
d. test method conversion planning (ERP) system?

10 A retail store chain is developing a new a. Reduced cost

integrated computer system for sales and
b. Improved efficiency
inventories in its store locations. Which of
the following implementation methods c. Broader access to information
would involve the most risk?
d. Reduced errors
a. Direct cutover
2 An ERP system is a software system that
b. Phased‐in implementation provides each of the following except
c. Parallel running a. collection, processing, storage, and
reporting of transactional data
d. Pilot testing
b. enhancement of e‐commerce and e‐
11 The use of the SDLC for IT system
business
changes is important for several reasons.
Which of the following is not a part of the c. coordination of multiple business
purposes of the SDLC processes? processes
a. As part of strategic management of the d. physical controls for the prevention of
inventory theft
organization
3 Which of the following is not a feature of
an ERP system’s database?
a. Increased efficiency d. a data warehouse
b. Increased need for data storage within 8 Which of the following is not one of the
functional areas reasons for increased spending on ERP
systems in recent years?
c. Increased customer service capability
a. The need for Sarbanes–Oxley compliance
d. Increased data sharing across functional
areas b. Globalization and increased competitive
pressures
4 Manufacturing companies implement
ERP systems for the primary purpose of c. The need for earnings management
a. increasing productivity d. The need for customer service
enhancements
b. reducing inventory quantities
9 Supply chain management (SCM) is a
c. sharing information
critical business activity that connects a
d. reducing investments company more closely with its

5 What company developed the first true a. customers

ERP systems?
b. suppliers
a. Microsoft
c. subsidiaries
b. PeopleSoft
d. customers and suppliers
c. SAP
10 The type of ERP system used by large,
d. IBM multinational corporations is known as

6 In the late 1990s, the Y2K compatibility a. big bang implementation

issue was concerned primarily with
b. modular implementation
computer systems’
c. tier one software
a. file retrieval capability
d. tier two software
b. data storage
11 Which of the following ERP approaches
c. human resource comparisons
accomplishes the ERP implementation
d. capital budgeting beginning with one department?
7 The primary difference between ERP a. The pilot method
and ERP II systems is that ERP II may
b. The modular implementation approach
include
c. The big bang approach
a. Internet EDI
d. The location‐wise implementation method
b. logistics modules
12 Which of the following statements best
c. reporting modules
describes the risks of ERP systems?
a. The risks of implementing and operating a. Management’s geographic location is far
ERP systems are nearly identical to the risks from the source of the information needed to
of implementing and operating IT systems. make effective decisions.
b. The risks of operating and implementing b. The information is collected and prepared
ERP systems are greater than the risks of by persons who use the information for very
implementing and operating IT systems, due different purposes.
to the scope, size, and complexity of ERP
c. The information relates to business
systems.
activities that are not well understood by
c. The risks of implementing ERP systems those who collect and summarize the
are greater than the risks of implementing IT information for decision makers.
systems, but the operating risks are nearly
d. The information has been tested by internal
identical.
auditors and a CPA firm.
d. The risks of operating ERP systems are
4 Which of the following is not a part of
greater than the risks of operating IT systems,
generally accepted auditing standards?
but the implementation risks are nearly
identical. a. General standards
CHAPTER 7 b. Standards of fieldwork
1 Which of the following types of audits is c. Standards of information systems
most likely to be conducted for the purpose
d. Standards of reporting
of identifying areas for cost savings?
a. Financial statement audits 5 Which of the following best describes
what is meant by the term “generally
b. Operational audits accepted auditing standards”?
c. Regulatory audits a. Procedures used to gather evidence to
support the accuracy of a client’s financial
d. Compliance audits
statements
2 Financial statement audits are required
b. Measures of the quality of an auditor’s
to be performed by
conduct in carrying out professional
a. government auditors responsibilities
b. CPAs c. Professional pronouncements issued by the
Auditing Standards Board
c. internal auditors
d. Rules acknowledged by the accounting
d. IT auditors
profession because of their widespread
3 Which of the following is not considered application
a cause of information risk?
6 In an audit of financial statements in
accordance with generally accepted
auditing standards, an auditor is required
to
a. document the auditor’s understanding of a. An audit program should be standardized
the client company’s internal controls so it may be used on any client engagement.
b. search for weaknesses in the operation of b. The audit program should be completed by
the client company’s internal controls the client company before the audit planning
stage begins.
c. perform tests of controls to evaluate the
c. An audit program should be developed by
effectiveness of the client company’s internal
the internal auditor during the audit’s
controls
completion/reporting phase.
d. determine whether controls are
d. An audit program establishes
appropriately operating to prevent or detect
responsibility for each audit test by requiring
material misstatements
the signature or initials of the auditor who
7 Auditors should develop a written audit performed the test.
program so that
10 Risk assessment is a process designed to
a. all material transactions will be included in
a. identify possible circumstances and events
substantive testing that may affect the business

b. substantive testing performed prior to year b. establish policies and procedures to

end will be minimized carryout internal controls

c. the procedures will achieve specific audit c. identify and capture information in a
objectives related to specific management timely manner
assertions
d. test the internal controls throughout the
d. each account balance will be tested under year
either a substantive test or a test of controls
11 Which of the following audit
8 Which of the following audit objectives procedures is most likely to be performed
relates to the management assertion of during the planning phase of the audit?
existence?
a. Obtain an understanding of the client’s risk
a. A transaction is recorded in the proper assessment process.
period.
b. Identify specific internal control activities
b. A transaction actually occurred (i.e., it is that are designed to prevent fraud.
real).
c. Evaluate the reasonableness of the client’s
c. A transaction is properly presented in the accounting estimates.
financial statements.
d. Test the timely cutoff of cash payments
d. A transaction is supported by detailed and collections.
evidence.
12 Which of the following is the most
9 Which of the following statements significant disadvantage of auditing
regarding an audit program is true? around the computer rather than through
the computer?
a. The time involved in testing processing c. Integrated test facility
controls is significant.
d. Parallel simulation
b. The cost involved in testing processing
16 Which of the following is a general
controls is significant.
control to test for external access to a
c. A portion of the audit trail is not tested. client’s computerized systems?
d. The technical expertise required to test a. Penetration tests
processing controls is extensive.
b. Hash totals
13 The primary objective of compliance
c. Field checks
testing in a financial statement audit is to
determine whether d. Program tracing
a. procedures have been updated regularly 17 Suppose that during the planning phase
of an audit, the auditor determines that
b. financial statement amounts are accurately
weaknesses exist in the client’s
stated
computerized systems. These weaknesses
c. internal controls are functioning as make the client company susceptible to the
designed risk of an unauthorized break‐in. Which
type of audit procedures should be
d. collusion is taking place
emphasized in the remaining phases of this
14 Which of the following computer audit?
assisted auditing techniques processes
a. Tests of controls
actual client input data (or a copy of the
real data) on a controlled program under b. Penetration tests
the auditor’s control to periodically test
c. Substantive tests
controls in the client’s computer system?
d. Rounding errors tests
a. Test data method
18 Generalized audit software can be used
b. Embedded audit module
to
c. Integrated test facility
a. examine the consistency of data
d. Parallel simulation maintained on computer files
15 Which of the following computer b. perform audit tests of multiple computer
assisted auditing techniques allows files concurrently
fictitious and real transactions to be
c. verify the processing logic of operating
processed together without client
system software
personnel being aware of the testing
process? d. process test data against master files that
contain both real and fictitious data
a. Test data method
b. Embedded audit module
19 Independent auditors are generally
actively involved in each of the following
tasks except
a. preparation of a client’s financial
statements and accompanying notes
b. advising client management as to the
applicability of a new accounting standard
c. proposing adjustments to a client’s
financial statements
d. advising client management about the
presentation of the financial statements
20 Which of the following is most likely to
be an attribute unique to the financial
statement audit work of CPAs, compared
with work performed by attorneys or
practitioners of other business
professions?
a. Due professional care
b. Competence
c. Independence
d. A complex underlying body of
professional knowledge
21 Which of the following terms is not
associated with a financial statement
auditor’s requirement to maintain
independence?
a. Objectivity
b. Neutrality
c. Professional skepticism
d. Competence