12/27/2015 Wiley CMA Test Bank Part 1

Question 1:
(1E3-AT14)

Many organizations participating in e-commerce have serious concerns about security,

therefore a new subdiscipline, internet assurance services, has evolved. Its main
objective is to:
provide assurances that web sites are reliable and transaction security is
reasonable.
insure against fraud and hackers by charging a fee per transmitted transaction.
provide assurance that electronic data transmissions reach their destinations
and on time.
provide value to data being transmitted by making it secure.

Internet assurance is a service of providing a limited assurance to users of the

vendor's Web site that the site is reliable and event data security is reasonable.

Question 2:
(1E3-LS37)

When attempting to restore computing facilities at an alternate site following a

disaster, which one of the following should be restored first?

* Source: Retired ICMA CMA Exam Questions.

Online system.
Batch system.
Decision support system.
Operating system.

. The first step in restoring computing facilities at an alternative site following a

disaster should be restoring the operating system. The operating system will allow
all other computing operations to be restored subsequently.

Question 3:
(1E3-LS15)

Data encryption:
converts data from easily read local language into a secret code and helps
prevent unauthorized usage of sensitive information.
converts graphics into binary code that can be more easily transmitted over the
Internet.
is less necessary over the Internet than on a local area network (LAN) or wide
area network (WAN) because e-mail and FTP cannot be intercepted.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 1/19
12/27/2015 Wiley CMA Test Bank Part 1

is not necessary unless a business is working on government defense contracts.

Data encryption helps prevent unauthorized access to sensitive information and can
be used on data transmissions over the Internet and on a LAN/WAN as well as on files
stored on the LAN/WAN.

Question 4:
(1E3-AT15)

Which one of the following statements about an accounting information system (AIS)
is incorrect?
The information produced by AIS is made available to all levels of management
for use in planning and controlling an organization's activities.
AIS is a subsystem of the management information system.
AIS supports day-to-day operations by collecting and sorting data about an
organization's transactions.
AIS is best suited to solve problems where there is great uncertainty and ill-
defined reporting requirements.

A decision support system, not an AIS, is best suited to solve problems where there is
great uncertainty and ill-defined reporting requirements.

Question 5:
(1E3-LS27)

Disaster recovery policies and procedures are designed to enable a company to carry
on business in the event of an unplanned disaster where the business would not be
able to function normally. A company's disaster recovery plan should include all of the
following except:
specify backup sites for alternate computer processing.
define the roles of all members of the disaster recovery team.
document all processing and output controls.
appoint a primary leader for the process.

Disaster recovery policies and procedures—also called business continuance plans—

are designed to enable the firm to carry on business in the event that an emergency,
such as a natural disaster, disrupts normal function. A company's disaster recovery
plan should define the roles of all members of the disaster recovery team, appointing
both a primary leader and an alternate leader for the process. The plan should
specify backup sites for alternate computer processing.

Question 6:
(1E3-AT04)

In order to prevent, detect, and correct errors and unauthorized tampering, a payroll
system should have adequate controls. The best set of controls for a payroll system
includes:
passwords and user codes, batch totals, employee supervision, and record
counts of each run.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 2/19
12/27/2015 Wiley CMA Test Bank Part 1

batch and hash totals, record counts of each run, proper separation of duties,
passwords and user codes, and backup copies of activity and master files.
employee supervision, batch totals, record counts of each run, and payments by
check.
batch totals, record counts, user codes, proper separation of duties, and online
edit checks.

Transaction processing systems need controls to assure authorization,

completeness, accuracy, and timeliness. The four objectives, in processing payroll,
are accomplished by using batch and hash totals, record counts of each run, proper
separation of duties, passwords and user codes, and backup copies of activity and
master files.

Question 7:
(1E3-LS18)

Effective controls designed to catch errors and improve the accuracy of data
processing in batches before new information is written to the master file includes all
of the following except:
A control total.
A hash total.
A check digit.
A record count.

A check digit is an input control used during the data entry process of an individual
record. The other three items are all examples of batch input controls.

Question 8:
(1E3-LS10)

Sam needs to send a check to a contract worker. The check number is on the check,
and the computer program adds a second number while printing the check to aid in
tracking the transaction. This is an example of:
an input control.
a processing control.
a program access control.
an output control.

Output controls ensure accuracy and validity of information. They include controls
for validating processing results such as activity reports. Output controls regulate
the distribution and disposal of printed output, including pre-numbered checks.

Question 9:
(1E3-LS04)

Which of the following are examples of systems development controls?

I. Each systems programmer is responsible for only a portion of the total

program code.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 3/19
12/27/2015 Wiley CMA Test Bank Part 1

II. The systems development manager runs a program that checks for
unauthorized lines of code, such as Trojan horses.
III. The computer tracks how long each person is on the Internet.
IV. A pilot review is run when the system is completed, tracking data
results against results from the previous version of the system.

II and IV only.
I, II, III, and IV.
I and II only.
I, II, and IV only.

Tracking how long an employee is on the Internet is not an example of systems

development controls. It may be an example of internal controls to promote
efficiency.

Question 10:
(1E3-LS20)

Which controls provide reasonable assurance that data is complete, accurate, and
authorized?
Output controls.
Input controls.
Physical controls.
Processing controls.

Input controls help to provide reasonable assurance that data is complete, accurate,
and authorized.

Question 11:
(1E3-LS35)

All of the following are examples of encryption techniques used for computer security
except:

* Source: Retired ICMA CMA Exam Questions.

private key.
authentication key.
public key.
primary key.

Encryption techniques include a public key, a private key, and an authentication key.

Question 12:
(1E3-LS26)

A variety of controls can be implemented to limit unauthorized access to an

accounting information system by external users. All of the following are acceptable
access controls except:
encryption of data.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 4/19
12/27/2015 Wiley CMA Test Bank Part 1

user IDs and profiles.

segregation of duties.
passwords.

Companies must use a variety of controls to protect their systems and data from
unauthorized access, beginning, at the most basic, with passwords. Software-based
access controls such as user ID's and profiles allow the system administrators to
manage access privileges. An additional step many firms take is to encrypt data so
that unauthorized users who have been able to bypass first-level controls are not
able to read, change, add to, or remove the data.

Question 13:
(1E3-LS21)

Processing controls provide reasonable assurance that only approved data are
processed. Which of the following controls is not a processing control?
Run-to-run totals.
Sequence checks.
Completeness checks.
Error report.

Completeness checks, sequence checks, and run-to-totals are all processing

controls. Error reports are an output control.

Question 14:
(1E3-LS32)

In securing the client/server environment of an information system, a principal

disadvantage of using a single level sign-on password is the danger of creating a(n):

* Source: Retired ICMA CMA Exam Questions.

single point of failure.

trap door entry point.
lock-out of valid users.
administrative bottleneck.

Advantages of a securing a client/server environment of an information system using

a single level sign-on password is a trap door entry point, administrative bottleneck
and lock-out of valid users. A disadvantage of using such a system is a single-point of
failure.

Question 15:
(1E3-LS19)

Which input control would be most effective to mitigate risks related to paying large
dollar invoices without management approval?
Check digit.
Control total.
Passwords.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 5/19
12/27/2015 Wiley CMA Test Bank Part 1

A limit check.

A limit check can be set to restrict the maximum dollar amount of an invoice that can
be processed without specific authorization of management.

Question 16:
(1E3-LS17)

Flowcharts of activities are used to:

help detect intrusion past the firewall into the network.
visually inspect, observe, and document a process in order to assess
effectiveness of control procedures.
help ensure that data transmitted over the Internet is not intercepted by
unauthorized personnel.
ensure that data can be recovered if it is lost.

A flowchart is used by the internal auditor to review the information system and
related control procedures for adequacy as well as efficiency of operations.

Question 17:
(1E3-LS29)

In situations where it is crucial that data be entered correctly into an accounting

information system, the best method of data control would be to use:

* Source: Retired ICMA CMA Exam Questions.

compatibility tests.
limit checks.
reasonableness tests.
key verification.

The best method of data control in situations where it is crucial that data be entered
correctly into an accounting information system is through the use of key
verification.

Question 18:
(1E3-AT05)

A critical aspect of a disaster recovery plan is to be able to regain operational

capability as soon as possible. In order to accomplish this, an organization can have an
arrangement with its computer hardware vendor to have a fully operational facility
available that is configured to the user's specific needs. This is best known as a(n):
hot site.
uninterruptible power system.
parallel system.
cold site.

A hot site is a back-up site in another location, that has the company's hardware and
software and is ready to run on a moment's notice.
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 6/19
12/27/2015 Wiley CMA Test Bank Part 1

Question 19:
(1E3-LS16)

Company ABC has installed a software/hardware system that restricts access by

outsiders to the firm's network. This is called:
a firewall.
data encryption.
a disaster recovery procedure.
an intrusion detection system.

A firewall restricts access to a network from outside the company but does not
guarantee security. An intrusion detection system alerts the system administrator to
unusual activity or attempts at breaking past the firewall. Data encryption can
minimize the risk of unauthorized access to data but does not restrict access to a
network. A disaster recovery procedure is instituted when the network has been
destroyed due to a natural disaster or purposeful destruction.

Question 20:
(1E3-LS34)

Confidential data can be securely transmitted over the internet by using:

* Source: Retired ICMA CMA Exam Questions.

firewalls.
single-use passwords.
encryption.
digital signatures.

Encryption allows confidential data to be transmitted securely over the internet.

Question 21:
(1E3-AT12)

In entering the billing address for a new client in Emil Company's computerized
database, a clerk erroneously entered a nonexistent zip code. As a result, the first
month's bill mailed to the new client was returned to Emil Company. Which one of the
following would most likely have led to discovery of the error at the time of entry into
Emil Company's computerized database?
Limit test.
Validity text.
Parity test.
Record count test.

A validity test compares data against a master file for accuracy. Data that cannot
possibly be correct (e.g., a nonexistent zip code) would be discovered at that time.

Question 22:
(1E3-LS30)

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 7/19
12/27/2015 Wiley CMA Test Bank Part 1

Consider the following types of controls.

I. Preventive
II. Corrective
III. Feedback
IV. Feedforward
V. Detective

Which one of the following groups of controls are generally considered the most cost-
effective controls?

* Source: Retired ICMA CMA Exam Questions.

I, II, and III.

I, II, and V.
I, III, and V.
III, IV, and V.

The most cost-effective controls to implement in an accounting information system

is preventative, corrective, and detective controls.

Question 23:
(1E3-AT08)

The most critical aspect of the separation of duties within a mainframe information
systems environment is between:
programmers and users.
programmers and project leaders.
programmers and systems analysts.
programmers and computer operators.

The information technology (IT) function should be separate from the other
functional areas in the organization. In addition, within IT, there should be a
separation between programmers/analysts, operations, and technical support.
Separation of programmers from computer operators is critical.

Question 24:
(1E3-LS33)

Which one of the following represents a weakness in the internal control system of an
electronic data processing system?

* Source: Retired ICMA CMA Exam Questions.

The systems analyst designs new systems and supervises testing of the system.
The accounts receivable clerk prepares and enters data into the computer
system and reviews the output for errors.
The data control group reviews and tests procedures and handles the
reprocessing of errors detected by the computer.
The computer operator executes programs according to operating instructions

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 8/19
12/27/2015 Wiley CMA Test Bank Part 1

and maintains custody of programs and data files.

A weakness in the internal control system of an electronic data processing system is

a computer operator executing programs according to operating instructions and
maintains custody of programs and data files.

Question 25:
(1E3-LS25)

An inherent risk specifically related to conducting business over the internet includes:
website denial of service attack.
exposure to viruses.
unauthorized access by hackers, exposure to viruses, and website denial of
service attacks.
unauthorized access by hackers.

The Internet has introduced risks to computer systems that do not exist on private
networks. Among the threats is a greatly increased risk of unauthorized access, as
hackers have grown both numerous and more sophisticated in their attacks. Internet
presence also exposes systems to "malware"—including viruses, worms, spyware,
spam, and Trojan horses.

Question 26:
(1E3-AT11)

Which one of the following would most compromise the use of the grandfather-father-
son principle of file retention as protection against loss or damage of master files?
Inadequate ventilation.
Failure to encrypt data.
Storing of all files in one location.
Use of magnetic tape.

Storing all files in one location undermines the concept of multiple backups inherent
in the grandfather-father-son principle.

Question 27:
(1E3-AT06)

All of the following are included in the systems implementation process except:
training.
systems design.
conversion.
testing.

The steps in systems development are analysis, design, implementation, follow-up,

operations, and maintenance. Implementation consist of training , testing,
conversion, and documentation.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 9/19
12/27/2015 Wiley CMA Test Bank Part 1

Question 28:
(1E3-LS12)

A data backup:
helps recover data after data loss due to viruses, natural disasters, and hardware
failures and should be run on a daily basis.
should be run every day but is not helpful in the event of a data loss due to a
computer virus.
helps prevent hacking and should be run on a daily basis.
helps recover data after data losses but is done only if a company has a very large
database of information to recover.

A data backup should be run on a daily basis. It is necessary for any business with
stored data and helps with recovery regardless of how data is lost. A data backup
does not prevent hacking.

Question 29:
(1E3-LS01)

Which of the following are potential threats to an information system?

I. Trojan horses
II. Manipulation of input data
III. Computer viruses
IV. Data theft

I, II, III, and IV.

III and IV only.
I, II, and III only.
I and II only.

There are many threats to information systems, including input manipulation,

program alteration, data theft, sabotage, viruses, Trojan horses, and theft.

Question 30:
(1E3-LS09)

Lynn is entering a transaction on the screen and receives an error message telling her
the account number does not match the customer name. This is an example of:
a program access control.
an output control.
an input control.
a processing control.

This is an example of an input control, which processes validity checks to help avoid
input of transactions with inaccurate information.

Question 31:
(1E3-AT13)

Data processed by a computer system are usually transferred to some form of output

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 10/19
12/27/2015 Wiley CMA Test Bank Part 1

medium for storage. However, the presence of computerized output does not, in and
of itself, ensure the output's accuracy, completeness, or authenticity. For this
assurance, various controls are needed. The major types of controls for this area
include:
input controls, tape and disk output controls, and printed output controls.
hash totals, tape and disk output controls, and printed output controls.
tape and disk output controls and printed output controls.
transaction controls, general controls, and printout controls.

Controls necessary to assure the accuracy of system output are called application
controls. Application controls consist of controls over input, processing, and output.

Question 32:
(1E3-AT02)

Online access controls are critical for the successful operation of today's computer
systems. To assist in maintaining control over such access, many systems use tests
that are maintained through an internal access control matrix which consists of:
a list of controls in the online system and a list of those individuals authorized to
change and adjust these controls along with a complete list of files in the system.
authorized user code numbers, passwords, lists of all files and programs, and a
record of the type of access each user is entitled to have to each file and
program.
authorized user code numbers and passwords.
a complete listing of system tests and the applicable programs.

An access control mechanism defines object and action privileges for a user. Object
privileges define the resources the user may access. Action privileges define what the
user may do with a resource. Access controls often employ user ID codes and
passwords.

Question 33:
(1E3-LS31)

The most appropriate control to verify that a user is authorized to execute a particular
on-line transaction is a:

* Source: Retired ICMA CMA Exam Questions.

password.
challenge/response system.
closed-loop verification.
compatibility check.

The most appropriate control to verify that a user is authorized to execute a

particular online transaction is through the use of a compatibility check.

Question 34:
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 11/19
12/27/2015 Wiley CMA Test Bank Part 1
(1E3-LS28)

A computer virus is different from a "Trojan Horse" because the virus can:

* Source: Retired ICMA CMA Exam Questions.

replicate itself.
erase executable files.
alter programming instructions.
corrupt data.

A virus is different from a "Trojan Horse" in the way it can replicate itself.

Question 35:
(1E3-LS02)

Alex is an unhappy employee, and he writes a line of code into the company's software
system that will erase every tenth transaction entered into the system. Which of the
following is this called?
Trojan horse.
Virus.
Revenge line.
Saboteur.

A Trojan horse is a computer program containing an intentional line of code created

by a programmer for personal gain (transferring funds without the company
knowing) or revenge.

Question 36:
(1E3-LS36)

The data entry staff of National Manufacturing Inc. has responsibility for converting all
of the plant's shipping information to computerized records. The information flow
begins when the shipping department sends a copy of a shipping order to the data
entry staff. A data entry operator scans the shipping order information onto a hand-
held data storage device. Verification clerks then check the computerized record with
the original shipping orders. When a given batch of files has been reviewed and
corrected, as necessary, the information is uploaded to the company's mainframe
system at the home office.

The most effective way to visualize and understand this set of activities would be
through the use of a

* Source: Retired ICMA CMA Exam Questions.

program flowchart.
Gantt chart.
decision table.
document flowchart.

The most effective way to visualize and understand a set of activities or process is
through the use of a document flowchart.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 12/19
12/27/2015 Wiley CMA Test Bank Part 1

Question 37:
(1E3-AT10)

Increasing complexity of the information technology systems often blurs the

boundaries that separate the authorization, record keeping, and custody functions
performed by the information technology (IT) department and the system users. For
example, when a sales agent enters a customer's order online, the computer plays a
significant role in authorizing the sales transaction based on its comparison of pre-set
customer credit limits in the master file and consequently posting all approved sales
transactions in the sales journals and related sub-ledgers. In this scenario, what would
be an example of the control that would best minimize the lack of segregation of
duties on the part of the computer system?
Responsibility for designing and controlling accounting software programs that
contain the sales authorization and posting controls should be under the
authority of the credit approval department; and the ability to update all the
information in the master file of customer credit limits should be under the
authority of the IT department.
In such situations, it is best to outsource such tasks to eliminate risking the lack
of segregation of duties.
Since the transaction is processed in an automated fashion, it really does not
matter which department performs a particular function.
Responsibility for designing and controlling accounting software programs that
contain the sales authorization and posting controls should be under the
authority of the IT department; and the ability to update all the information in
the master file of customer credit limits should be under the authority of the
credit approval department.

Proper segregation of duties requires that the IT be entirely separated from users of
IT. The IT function is responsible for recording transactions, only. The authorization
for and execution of transactions as well as the custody of assets related to the
transactions belongs to the user.

Question 38:
(1E3-LS06)

Systems security controls:

are not required in a small company.
require only that the computer is in a climate-controlled room and behind a
locked door.
are not necessary if proper software controls are maintained.
include blocking physical access to computers, protecting computer systems
from environmental effects (cold, floods), and logical controls that block
unauthorized access.

Systems security controls encompass both the physical access to the hardware and
the logical (ability to use) access to the hardware.

Question 39:
(1E3-LS07)

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 13/19
12/27/2015 Wiley CMA Test Bank Part 1

Which of the following are controls that would limit access to physical hardware?

I. The data center is placed in a location away from easy public access.
II. An alarm system is set up in the computer room, including motion
detectors.
III. The data center is located on the third floor of the office building.
IV. All computer equipment is attached to surge protectors.

II, III, and IV only.

I and II only.
I and III only.
I, II, III, and IV.

Locating the data center on the third floor of the building does not necessarily limit
access to physical hardware. However, it does protect the system in case of a flood.
Also, surge protectors protect computer equipment but do not limit physical access
to the hardware.

Question 40:
(1E3-LS14)

Which of the following is a risk of using the Internet to transmit data?

Encrypted files cannot be sent via the Internet.
Data is easily intercepted and can be stolen or altered when being sent on an
unsecured line.
Telecommunication lines connecting a wide area network (WAN) may corrupt
data due to the long distances between computers.
Data wires connecting a local area network (LAN) can easily be breached by
hackers.

Data transmitted via the Internet generally is considered to have a low level of
integrity due to the possibility of interception or data scrambling. Encrypted files can
be sent via the Internet and are better protected from interception. Wired LANs and
WANs do not rely on Internet technology to connect computers and are therefore not
open to the same risks for data transmission.

Question 41:
(1E3-LS08)

Which of the following provides protection from unauthorized use of databases?

Storing the data center in a secured area.
Data encryption.
Input entry screens with validity checks.
File transfer protocol.

Data encryption protects data while it is stored and while it is being transmitted.
Locating the data center in a secured area protects hardware, not access to
programs and data. File transfer protocol is a standard method of transferring files
over the Internet, and it does not protect data from unauthorized use unless
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 14/19
12/27/2015 Wiley CMA Test Bank Part 1

transmitted data is encrypted. Input entry screens with validity checks are effective
controls for accuracy of input but do not protect programs or the system from
unauthorized use.

Question 42:
(1E3-LS11)

Ellen is processing a group of transactions and indicates as she begins running the
program that there are 15 transactions in the batch, totaling $150,000 in orders. This
batch control is related to all of the following except:
a processing control.
an output control.
an input control.
a program access control.

Processing controls are often interdependent with input and output controls.
Processing controls are checks that are run by the computer program while it
processes the data to verify that the information is accurate. In this example, the
computer system will re-verify that the batch was inputted properly. The output
controls would tie the batch back to the input.
Time Spent: 3:14 53 Answered Score 18% Restart End
0
Question 43: Unanswered
(1E3-LS23)

Audit procedures may include a variety of computerized programs and accuracy tests
to confirm that the data processed by computer applications post to the correct
general ledger accounts. These procedures are referred to as:
Input controls.
Processing controls.
Output controls.
Security controls.

Computerized programs and accuracy tests to confirm that data is processed by

computer applications correctly are called processing controls.

Question 44:
(1E3-AT16)

There are many ways that realtime accounts receivable systems differ from batch
accounts receivable systems. Which one of the following is not correct?
Realtime systems: Processing is done on demand; Batch systems: Processing is
done during scheduled computer runs.
Realtime systems: Must use direct-access files; Batch systems: Can use simple
sequential files.
Realtime systems: Processing choices are menu-driven; Batch systems:
Processing is interactive.
Realtime systems: Invoicing is performed as goods are shipped; Batch systems:
Invoicing is performed through scheduled billing runs.

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 15/19
12/27/2015 Wiley CMA Test Bank Part 1

Real-time processing is menu driven, but the batch system processing is not
interactive. Batch processing is the aggregation of several transactions over a period
of time with the subsequent processing of these data as a group. The system
feedback in batch processing can be received only after such processing with a
substantial delay.

Question 45:
(1E3-AT01)

Accounting controls are concerned with the safeguarding of assets and the reliability
of financial records. Consequently, these controls are designed to provide reasonable
assurance that all of the following take place except:
comparing recorded assets with existing assets at periodic intervals and taking
appropriate action with respect to differences.
recording transactions as necessary to permit preparation of financial
statements in conformity with generally accepted accounting principles and
maintaining accountability for assets.
executing transactions in accordance with management's general or specific
authorization.
compliance with methods and procedures ensuring operational efficiency and
adherence to managerial policies.

An internal control system is concerned with safeguarding assets, accuracy and

reliability of records, operational efficiency, adherence to policy, and compliance
with laws and regulations. The first two are called accounting controls. The latter
three are referred to as administrative controls.

Question 46:
(1E3-AT07)

In the organization of the information systems function, the most important

separation of duties is:
using different programming personnel to maintain utility programs from those
who maintain the application programs.
having a separate department that prepares the transactions for processing and
verifies the correct entry of the transactions.
assuring that those responsible for programming the system do not have access
to data processing operations.
not allowing the data librarian to assist in data processing operations.

The information technology (IT) function should be separate from the other
functional areas in the organization. In addition, within IT, there should be a
separation between programmers/analysts, operations, and technical support.

Question 47:
(1E3-LS05)

The objective of a disaster recovery plan is to:

set forth procedures to follow if the building needs to be evacuated in the event
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 16/19
12/27/2015 Wiley CMA Test Bank Part 1

of a disaster.
provide protection against losses during times of severe recession.
provide for continuing business in the event of an emergency that results in the
inability to use the facility or the data center.
provide a plan in the event of a union strike when there are no operators for the
data and processing systems.

The objective of a disaster recovery plan is to provide for continuing business in the
event of an emergency that results in the inability to use the facility or the data
center.

Question 48:
(1E3-AT09)

Which one of the following represents a lack of internal control in a computer-based

system?
Any and all changes in applications programs have the authorization and
approval of management.
The design and implementation is performed in accordance with management's
specific authorization.
Provisions exist to protect data files from unauthorized access, modification, or
destruction.
Programmers have access to change programs and data files when an error is
detected.

The information technology (IT) function should be separate from the other
functional areas in the organization. In addition, within IT, there should be a
separation between programmers/analysts, operations, and technical support.
Change programs and data files belong to IT operations. Error correction and reentry
belongs to the system user.

Question 49:
(1E3-LS03)

Sandy opens an e-mail that she doesn't realize contains a line of code that enters the
company local area network (LAN) via her computer. Three days later, all the data files
on the LAN and everybody's computers are erased. This is an example of:
a computer spam.
a computer virus.
a Trojan horse.
a prototype.

A computer virus can move through a network deleting or altering files before it is
even detected. Computer viruses have become a concern to companies.

Question 50:
(1E3-AT03)

Edit checks in a computerized accounting system:

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 17/19
12/27/2015 Wiley CMA Test Bank Part 1

are easier to install after a system is operational.

should be performed immediately prior to output distribution.
should be performed on transactions prior to updating a master file.
are preventive controls.

Edit checks are executed upon data entry. Their purpose is to detect and correct
problems in data input. They are performed upon data entry prior to updating a file
to assure accuracy of the update. The edit checks prevent the phenomenon of
"garbage in, garbage out."

Question 51:
(1E3-LS22)

Output controls provide assurance that processing is complete and accurate. Which of
the following controls is not an output control?
Password protection of document.
Reasonableness check.
Error listing.
Audit trail.

A reasonableness check is an input control. The other three items are examples of
output controls.

Question 52:
(1E3-LS24)

Procedures to limit the physical access to information systems hardware include all of
the following except:
requiring swipe card assess to restricted areas.
requiring dual control of valuable assets
employing security guards
sending confirmations to satellite offices.

Internal controls designed to protect the firm's physical assets are often the most
visible safeguarding controls. Such controls include door locks, security systems,
computer passwords, and requirements for dual control of valuable assets.

Question 53:
(1E3-LS13)

Which of the following is true?

A firewall system guarantees that unauthorized users will not be able to access
the backup data.
Data backups should be regularly stored off site for recovery in the event of the
loss of the facility in which the data resides.
Disaster recovery will be effective only for firms with subsidiaries in a different
region.
Automated backup systems are often ineffective; backups should be instituted
http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 18/19
12/27/2015 Wiley CMA Test Bank Part 1

every day by an authorized computer manager.

Data backup tapes should be regularly transferred to off-site storage so that recovery
procedures can be instituted in case a disaster destroys the data center. Automated
backup systems work fine. Nothing guarantees that hackers will not be able to
access the system. Disaster recovery can be effective for many types and sizes of
businesses.

Back to Top Restart Study Session End Study Session

http://app.efficientlearning.com/pv5/v8/cmatb2015p1.html?u=bbde91ad­06e8­409c­b57a­2650e3c520ef#_assess_studyquestions 19/19