Question 1

A process,effected by an entity's board of directors,management and other personnel,applied in strategy settings and across the enterprise,designed to identify potential events that may effect the entity,and manage risk to be within its risk appetite,to provide reasonable assurance regarding the achievement of entity objectives is:
A) enterprise risk management
B) internal control
C) organizational governance
D) risk assessment

Accepted Answer

The given definition describes the process of enterprise risk management which involves identifying potential events that may affect the entity and managing risks within its risk appetite to achieve its objectives. Internal control refers to the policies and procedures implemented by an entity to ensure the reliability of financial reporting, compliance with laws and regulations, and effectiveness and efficiency of operations. Organizational governance refers to the system of rules, practices, and processes by which a company is directed and controlled. Risk assessment is a component of enterprise risk management that involves evaluating the likelihood and impact of potential events on the entity. Therefore, the best choice is A) enterprise risk management.

Question 2

A computer crime technique called worm involves the systematic theft of very small amounts from a number of bank or other financial accounts.

Accepted Answer

A worm is a type of malicious software that can replicate itself and spread to other systems. While it may be used to steal information, it is not specifically designed for systematic theft of small amounts from multiple financial accounts.

Question 3

Ensuring the security of resources is the control goal that seeks to provide protection of organization's resources from loss,destruction,disclosure,copying,sale,or other misuse of an organization's resources.

Accepted Answer

Ensuring security of resources is one of the primary goals of any organization's security program, as it helps to protect against various forms of loss or damage to valuable resources. This can involve implementing various controls, such as access controls, data encryption, and physical security measures, among others, to help safeguard resources against theft, destruction, or other forms of misuse. Ultimately, the goal of resource security is to help ensure that an organization can operate effectively and minimize risks associated with potential security breaches or other forms of harm.

Question 4

The control goal of ensuring input materiality strives to prevent fictitious items from entering an information system.

Accepted Answer

The answer of The control goal of ensuring input materiality...

Question 5

A process by which organizations select objectives,establish processes to achieve objectives,and monitor performance is:
A) enterprise risk management
B) internal control
C) organizational governance
D) risk assessment

Accepted Answer

Organizational governance involves the selection of objectives, establishment of processes to achieve those objectives, and monitoring of performance. Enterprise risk management and risk assessment are subsets of organizational governance, while internal control specifically refers to the policies and procedures put in place to ensure the achievement of objectives and manage risks.

Question 6

Valid input data are appropriately authorized and represent actual economic events and objects.

Accepted Answer

Valid input data must be authorized and represent real economic events and objects. This is important for accurate financial reporting and decision making.

Question 7

The control goal of input accuracy is concerned with the correctness of the transaction data that are entered into a system.

Accepted Answer

The statement is true. The control goal of input accuracy is focused on ensuring that data entered into a system is correct and error-free. This is an important control goal to prevent mistakes or fraudulent activities.

Question 8

Salami slicing is program code that can attach itself to other programs (i.e. ,"infect" those programs),that can reproduce itself,and that operates to alter the programs or to destroy data.

Accepted Answer

Salami slicing refers to a series of minor actions, often illegal or unethical, that together result in a larger action that would be illegal or unethical if carried out all at once. It does not refer to a type of program code or malware.

Question 9

Business process control plans relate to those controls particular to a specific process or subsystem,such as billing or cash receipts.

Accepted Answer

Business process control plans are designed to address specific processes or subsystems, such as billing or cash receipts. Therefore, the statement is true.

Question 10

A sale to a customer is entered into the system properly,but the event does not accurately update the customer's outstanding balance.This type of processing error would be classified as a user error.

Accepted Answer

This type of processing error would not be classified as a user error, as the user entered the sale properly into the system. Instead, it would be classified as a system processing error.

Question 11

A computer abuse technique called a back door involves a programmer's inserting special code or passwords in a computer program that will allow the programmer to bypass the security features of the program.

Accepted Answer

This statement is true.

Question 12

According to the 2012 Report to the Nation on Occupational Fraud and Abuse,frauds are more likely to be detected by audits or internal controls than through tips.

Accepted Answer

The 2012 Report to the Nation on Occupational Fraud and Abuse actually states that tips are the most common way that fraud is detected, accounting for 40% of cases. Audits and internal controls detect only 15% of cases.

Question 13

A logic bomb is a computer abuse technique in which unauthorized code is inserted in a program,which,when activated,may cause a disaster such as shutting down a system or destroying data.

Accepted Answer

This is the correct definition of a logic bomb.

Question 14

The control goal called efficiency of operations strives to assure that a given operations system is fulfilling the purpose(s)for which it was intended.

Accepted Answer

The control goal called efficiency of operations focuses on ensuring that operations are conducted in an efficient manner, utilizing resources effectively and minimizing waste, rather than solely on fulfilling the purposes for which the system was intended.

Question 15

The ERM framework addresses four categories of management objectives.Which category concerns high-level goals,aligned with and supporting its mission?
A) compliance
B) operations
C) reporting
D) strategic

Accepted Answer

Strategic objectives concern high-level goals that are aligned with and support an organization's mission. The other categories (compliance, operations, and reporting) address specific areas of risk management within an organization, but do not necessarily focus on overall mission alignment.

Question 16

The control matrix is a computer virus that takes control of the computer's operating system for malicious purposes.

Accepted Answer

The control matrix is not a computer virus; it is a conceptual framework or tool used in various fields such as management, auditing, and information systems to ensure that internal controls are effectively implemented to manage risks.

Question 17

Ethical behavior and management integrity are products of the "corporate culture".

Accepted Answer

Corporate culture shapes the values, norms and behaviors within an organization, which in turn influence the ethical behavior and management integrity of its employees. Therefore, ethical behavior and management integrity are products of the corporate culture.

Question 18

A corrective control plan is designed to discover problems that have occurred.

Accepted Answer

A corrective control plan is designed to correct or remediate problems that have already occurred, not to discover them. A detective control plan, on the other hand, is designed to discover problems or issues as they arise.

Question 19

A manager of a manufacturing plant alters production reports to provide the corporate office with an inflated perception of the plant's cost effectiveness in an effort to keep the inefficient plant from being closed.This action would be classified as a(n):
A) risk
B) hazard
C) fraud
D) exposure

Accepted Answer

This action is a clear case of fraud. The manager is intentionally manipulating data to deceive the corporate office for personal gain, which violates ethical and legal standards. It can potentially harm the organization's reputation and lead to financial losses, making it a serious offence. It is important to report such cases of fraud to maintain transparency and integrity in the organization.

Question 20

A batch of business events is accurately entered into a business event data store,but the computer operator fails to use the data to update master data.This type of processing error would be classified as an operational error.

Accepted Answer

An operational error refers to an error in the day-to-day operation of a system, including errors made by individuals during data entry, processing, or use. In this scenario, the failure of the computer operator to use the data to update the master data is a processing error that could result in operational inefficiencies.

Quiz 7: Controlling Information Systems: Introduction to Enterprise Risk Management and Internal Control