PART 4D

INFORMATION SYSTEMS
264 QUESTIONS
[1] Source: CMA 0687 5-6
A checkpoint/restart procedure is primarily designed to
recover from
A. Programming errors.
B. Data input errors.
C. The failure to have all input data ready on time.
D. Hardware failures.

[2] Source: CMA 0687 5-9

Turnaround documents
A. Are generated by the computer and eventually
return to it.
B. Generally circulate only within the computer
center.
C. Are only used internally in an organization.
D. Are largely restricted to use in a manual system.

[3] Source: CMA 0687 5-10

A modem is a device that
A. Is used to aid in backup procedures.
B. Traces the execution of steps by a program.

[6] Source: CMA 1287 5-1

The primary functions of a computerized information
system include
A. Input, processing, and output.
B. Input, processing, output, and storage.
C. Input, processing, output, and control.
D. Input, processing, output, storage, and control.

[7] Source: CMA 0689 5-2

The graphic portrayal of the flow of data and the
information processing of a system, including computer
hardware, is best displayed in a
A. Data-flow diagram.
B. System flowchart.
C. Gantt chart.
D. Decision table.

[8] Source: CMA 0689 5-3

All of the following are included in the systems
implementation process except
A. Training.
B. Documentation.
C. Systems design.
D. Testing.

C. Packs data in a disk file.

D. Allows computer signals to be sent over a
telephone line.

[4] Source: CMA 0687 5-11

The throughput of a computer is not likely to be increased
by
A. Overlapping operations.
B. Use of exception reporting.

[9] Source: CMA 0689 5-9

The place in the central processing unit where data and
programs are temporarily stored during processing is called
the
A. Read-only memory (ROM).
B. Magnetic disk drive.
C. Random-access memory (RAM).
D. Magnetic tape drive.

C. Storing master files on direct access devices.

D. Punched card input to direct key entry input.

[5] Source: CMA 0687 5-12

An organization employs two central processors. The first
is considered the primary unit and is used for current
processing needs in a real-time mode. The second
processor takes over for the first during scheduled
maintenance or during equipment failure. The second is also
used for batch processing jobs when not substituting for the
first. The organization is employing a systems configuration
referred to as a
A. Simplex system.
B. Duplex system.
C. Distributed processing system.
D. Communications (front-end) processor system.

[10] Source: CMA 0689 5-11

All of the following are examples of computer software
except a(n)
A. Word processing package.
B. Language translator.
C. Telephone modem.
D. Database management system.

[11] Source: CMA 1289 5-10

Some of the more important controls that relate to
automated accounting information systems are validity
checks, limit checks, field checks, and sign tests. These are
classified as
A. Control total validation routines.

management information services.

B. Hash totaling.
C. Data access validation routines.
D. Input validation routines.

[12] Source: CMA 1289 5-9

Important types of control systems and procedures for
accounting information systems are feedback, feedforward,
and preventive. Which one of the following is in the correct
order of feedback, feedforward, and preventive control
systems?
A. Cost accounting variances, separation of duties,
and cash planning.
B. Cost accounting variances, cash budgeting, and
organizational independence.
C. Cash budgeting, cost accounting variances, and
separation of duties.
D. Inventory control, capital budgeting, and cash
budgeting.

[16] Source: CMA 1284 5-27

An advantage of having a computer maintain an automated
error log in conjunction with computer edit programs is that
A. Reports can be developed that summarize the
errors by type, cause, and person responsible.
B. Less manual work is required to determine how to
correct errors.
C. Better editing techniques will result.
D. The audit trail is maintained.

[17] Source: CMA 1284 5-34

The purpose of a software monitor is to
A. Test for controls in computer programs.
B. Determine whether computer programs contain
endless loops.
C. Collect data on the use of various hardware
components during a computer run.

[13] Source: CMA 1289 5-11

Most of today's computer systems have hardware controls
that are built in by the computer manufacturer. Common
hardware controls are
A. Duplicate circuitry, echo check, and internal
header labels.
B. Tape file protection, cryptographic protection, and
limit checks.

D. Help application programmers to write error-free

code.

[18] Source: CMA 0685 5-20

A systems analyst is responsible for
A. The development of information systems that use
systems technology to satisfy user information
requirements in an efficient manner.

C. Duplicate circuitry, echo check, and dual reading.

D. Duplicate circuitry, echo check, tape file
protection and internal header labels.

B. Programming internal controls into the

computerized accounting system.
C. Assuring the integrity and efficiency of the
operating system.

[14] Source: CMA 0693 4-7

An organization desiring to change its information system
generally goes through the phases of the systems
development life cycle. This cycle includes which set of
activities?
A. Planning, analysis, design, and follow-up.

D. Supervising the programmers in a data processing

area.

[19] Source: CMA 0685 5-21

A systems tool that depicts the flow of information relating
to a particular transaction through an organization is a

B. Planning, design, implementation, and follow-up.

A. Document flowchart.
C. Development, analysis, feasibility study, and
implementation.
D. Planning, analysis, design, implementation, and
follow-up.

B. Program flowchart.
C. Decision table.
D. Work distribution analysis.

[15] Source: CMA 0693 4-17

The technological elements of computer-based information
systems driving organizational and managerial change
include all of the following except
A. The availability of computing power to most
managers.

[20] Source: CMA 0685 5-22

A useful tool for formatting computer input and file records
is a
A. Document flowchart.
B. Printer layout chart.

B. Advances in personal computing, hardware, and

software.
C. Teleprocessing, database processing, and office
automation.
D. Information resource management and

C. Record layout sheet.

D. Work distribution analysis.

[21] Source: CMA 0685 5-23

A useful tool for designing the format of

computer-generated reports on preprinted forms is a

C. Language processors.
D. Service programs.

A. Document flowchart.
B. Printer layout chart.
C. Record layout sheet.
D. Work distribution analysis.

[27] Source: CMA 0686 5-9

Devices that are used only to perform sequential file
processing will not permit
A. The use of a database structure.
B. Data to be edited in an offline mode.

[22] Source: CMA 0686 5-1

Accounting systems are designed to
A. Analyze and interpret information.

C. Batch processing to be initiated from a terminal.

D. Data to be edited on a real-time basis.

B. Allow managers to manage by exception.

C. Provide information required to support decisions.

[28] Source: CMA 0687 5-2

With respect to backup procedures for master files that are
on magnetic tape as opposed to master files on magnetic
disk,

D. Record and report business transactions.

A. No special procedure is required for either.
[23] Source: CMA 0686 5-2
The most important factor in planning for a system change
is
A. Having an auditor as a member of the design
team.
B. Using state-of-the-art techniques.

B. A separate backup run is required for both tape

and disk.
C. A separate backup run is required for disk while
the prior master on magnetic tape serves as a
backup.
D. The grandfather cycle is required in either filing
situation.

C. Concentrating on software rather than hardware.

D. Involving top management and people who use
the system.

[29] Source: CMA 0687 5-16

A systems program
A. Manipulates application programs.

[24] Source: CMA 0686 5-4

An integrated group of programs that supervises and
supports the operations of a computer system as it
executes users' application programs is called
A. An operating system.

B. Employs complex mathematical algorithms.

C. Is written in a high-level language.
D. Manipulates transaction data in one of many
applications.

B. A database management system.

C. A utility program.
D. A language processor.

[30] Source: CMA 1287 5-5

The process of learning how the current system functions,
determining the needs of users, and developing the logical
requirements of a proposed system is referred to as
A. Systems analysis.

[25] Source: CMA 0686 5-5

A program that converts a source program into instruction
codes that the central processing unit can execute is called

B. Systems feasibility study.

C. Systems maintenance.

A. An operating system.
D. Systems implementation.
B. A utility program.
C. A language processor.
D. An object program.

[31] Source: CMA 0689 5-4

The analysis tool for the systems analyst and steering
committee to use in selecting the best systems option is
A. Cost-benefit analysis.

[26] Source: CMA 0686 5-6

Specialized programs that are made available to users of
computer systems to perform routine and repetitive
functions are referred to as
A. Source programs.

B. Systems design.
C. Decision tree analysis.
D. User selection.

B. Compiler programs.
[32] Source: CMA 1290 4-20

A possible alternative to parallel operations when

converting to a new system is
A. To perform a walkthrough.
B. The involvement of auditors in systems design.
C. The use of embedded logic and other
self-checking features.
D. A pilot operation.

[37] Source: CIA 1191 III-29

To be more responsive to its customers, a bank wants a
system that will permit account representatives to
consolidate information about all the accounts belonging to
individual customers. Bank management is willing to
experiment with different approaches because the
requirements are evolving rapidly. The best development
approach for this system is
A. Prototyping.
B. System development life cycle model.

[33] Source: CMA 0691 4-27

The proper sequence of activities in the systems
development life cycle is

C. Structured analysis and design technique.

D. Pilot operation.

A. Design, analysis, implementation, and operation.

B. Design, implementation, analysis, and operation.
C. Analysis, design, implementation, and operation.
D. Programming, analysis, implementation, and
operation.

[38] Source: CIA 1191 III-31

A major disadvantage of the life cycle approach to system
development is that it is not well-suited for projects that are
A. Structured.
B. Large.

[34] Source: CIA 0592 III-24

A management information system provides the most
comprehensive support for decision making involving

C. Complex.
D. Unstructured.

A. Unstructured tasks applying a heuristic approach.

B. Programmable tasks using ad hoc analysis.
C. Nonrepetitive tasks using a trial and error
approach.
D. Structured tasks employing embedded decision
tables.

[35] Source: CIA 1192 III-21

Which of the following distinguishes a management
information system from a data processing system?
A. Maintenance of a structured database.
B. Capability to provide data for decision-making
support.
C. Automation of routine transaction processing.
D. Production of reports to support operations.

[36] Source: CIA 1193 III-22

Which of the following would best be considered an
example of the use of a decision support system (DSS)?
A. A manager uses a microcomputer-based
simulation model to determine whether one of the
company's ships would be able to satisfy a particular
delivery schedule.

[39] Source: CIA 1192 III-39

An insurance firm that follows the systems development life
cycle (SDLC) concept for all major information system
projects is preparing to start a feasibility study for a
proposed underwriting system. Some of the primary factors
the feasibility study should include are
A. Possible vendors for the system and their
reputation for quality.
B. Exposure to computer viruses.

C. Methods of implementation such as parallel or

cut-over.
D. Technology and related costs.

[40] Source: CIA 1192 III-87

Compared with prototyping, life cycle methodologies are
most appropriate for problems involving
A. High user understanding of tasks and large project
size.
B. High user understanding of tasks and small project
size.
C. Low user understanding of tasks and uncertainty
of requirements.
D. Uncertainty of requirements and large project size.

B. An auditor uses a generalized audit software

package to retrieve several purchase orders for
detailed vouching.

[41] Source: CIA 1192 III-94

The principal rationale for prototyping is that it is easier to

C. A manager uses the query language feature of a

database management system (DBMS) to compile a
report showing customers whose average purchase
exceeds $2,500.

A. Divide a project into manageable segments at the

beginning rather than to impose control after
development is under way.

D. Employees have access from remote terminals for

online processing.

B. React to an existing application system rather than

to specify desired features for a future system.

C. Anticipate and plan for resource use rather than to

acquire resources on short notice.
D. Convert data files once rather than to reformat
data continually with new project iterations.

[42] Source: CIA 1193 III-38

To automate production tracking, the production function
should be performed in the following order
A. Analysis, design, construction, and
implementation.

[46] Source: CIA 0594 III-34

(Refers to Fact Pattern #1)
Which of the following is the least risky method of
converting from the existing payroll system to the new
system?
A. Direct cut-over method.
B. Parallel method.
C. Prototyping method.
D. Modular/phased method.

B. Design, analysis, construction, and implementation.

C. Analysis, design, implementation, and
construction.
D. Design, analysis, implementation, and
construction.

[47] Source: CIA 1191 III-32

Which of the following measures would indicate the
computational power of a microprocessor?
A. Main memory storage capacity.
B. Number of bits processed per second.

[43] Source: CIA 0593 III-42

C. Read only memory.
The best plan for responding to quickly changing
information requirements is to foster

D. Type of processor.

A. Greater online access to information systems.

B. Competitive pressures for enhanced functions in
systems.

[48] Source: CIA 0593 III-45

The subsystem of a computer in which data are transferred
between storage and the arithmetic-logic unit and between
storage and input/output devices is part of the

C. Closer linkage between organizational strategy

and information.

A. Disk control unit.

D. More widespread use of automated controls.

B. Central processing unit (CPU).

C. Tape control unit.

[Fact Pattern #1]

A company has been working on the development of a
new payroll package. The company has hourly workers,
and overtime pay is a common occurrence in the busy
season. During the slow season, employees are allowed to
take leave without pay without losing employee benefits.
The company has a payroll deposit plan, and employees
may withhold contributions to various charitable
organizations.
[44] Source: CIA 0594 III-32
(Refers to Fact Pattern #1)
Program testing of this new payroll package should occur
within which phase of the systems development life cycle?

D. Multiplexor channel.

[49] Source: CIA 0593 III-52

The technique in which user-removable media are
read-only is
A. WORM.
B. RAM.
C. ROM.
D. CD-ROM.

A. Design stage.
B. Construction stage.
C. Analysis stage.

[50] Source: CIA 0591 III-86

The major justification for selecting a higher-level language
over a lower-level language in computerized application
programs is that higher-level languages

D. Implementation stage.
A. Are more machine and device independent and
more easily understood.
[45] Source: CIA 0594 III-33
(Refers to Fact Pattern #1)
Which of the following types of test transaction techniques
is most likely to be used during the development of this
payroll package?
A. Test data.

B. Use machine resources more efficiently.

C. Have extensive access to many operating-system
facilities.
D. Provide greater protection against unauthorized
access to data.

B. Integrated test facility (ITF).

C. Embedded audit modules.
D. System control audit review files (SCARF).

[51] Source: CIA 0591 III-84

COBOL, FORTRAN, and BASIC are commonly
classified as which type of computer language?

A. Assembler.

should be used to provide the ability to answer customer

inquiries as they are received?

B. Compiler.
A. Sequential storage and chains.
C. Procedure-oriented.
B. Sequential storage and indexes.
D. Machine.
C. Record keys, indexes, and pointers.
[52] Source: CIA 0592 III-36
One trend expected in information systems in the 1990s is
that end-users with minimal computer literacy will be able
to develop and use their own computer programs to solve
complex problems such as investment decisions. Which of
the following is a likely outcome associated with a
wide-spread increase in end-user programming?

D. Inverted file structure, indexes, and internal labels.

[57] Source: CIA 0593 III-57

Which of the following is the elementary unit of data
storage used to represent individual attributes of an entity?
A. Database.

A. Improved documentation of end-user programs.

B. Data field.
B. Unintentional errors because of inexperienced
programmers.
C. Increased demand on centralized MIS
departments to design end-user applications.
D. A decrease in the risk of fraud and irregularities.

[53] Source: CIA 1192 III-32

The software that can provide multiprogramming capability
is
A. Utility software.

C. File.
D. Record.

[58] Source: CIA 1191 III-25

Magnetic disk drive units are often used to store data files
in a computer system. Data are stored on rotating disks,
and reading or writing is accomplished with a movable
read-write head that moves back and forth across the
surface of a disk. Which of the following choices best
describes the total amount of time required to access any
particular location on a disk?

B. Operating system software.

A. Read-write time and rotational delay.

C. Database management system software.

B. Seek time.

D. Shareware.

C. Seek time and rotational delay.

D. Read-write time, seek time, and rotational delay.

[54] Source: CIA 0593 III-55

A function of the operating system is to
A. Inform the user of processor, input/output (I/O)
device, or program errors.
B. Supply pre-written programs for specific
applications.

[59] Source: CIA 0592 III-29

Turning a personal computer off will most probably cause
the total loss of the contents of the following:
A. Random access memory.
B. Read only memory.

C. Perform check-digit verification of account

numbers.
D. Perform such routine tasks as merging files or
sorting data.

[55] Source: CIA 0592 III-32

An inventory clerk, using a computer terminal, views the
following on screen: part number, part description, quantity
on-hand, quantity on-order, order quantity and reorder
point for a particular inventory item. Collectively, these data
make up a
A. Field.

C. Disk storage.
D. Hard drive memory.

[60] Source: CIA 1192 III-27

When operating with microcomputers that have both
flexible (floppy) and hard disks, a principal difference in the
operating concerns of the two disks is that
A. Sensitive data can be protected by encryption on
a hard disk only.
B. Backup procedures for data security are needed
only for flexible disks.

B. File.
C. Database.
D. Record.

[56] Source: CIA 1192 III-37

A business has decided to use magnetic disks to store
accounts receivable information. What data file concepts

C. Security cards provide protection only for data on

hard disks.
D. Data stored on flexible disks are more susceptible
to theft.

[61] Source: CIA 0594 III-17

A file-oriented approach to data storage requires a primary

record key for each file. Which of the following is a primary

record key?
A. The vendor number in an accounts payable master
file.
B. The vendor number in a closed purchase order
transaction file.
C. The vendor number in an open purchase order
master file.
D. All of the answers given.

[62] Source: CIA 0591 III-88

A company does business in seven states. Its offices
maintain regional databases on their own minicomputers,
which are linked to the mainframe computer at
headquarters. These minicomputers periodically relay
summarized data to the home-office mainframe computer,
where they are used to update a corporate database. This
company uses a system known as
A. Distributed data processing.

Information systems steering committees

A. Should consist of systems specialists and end
users that plan and direct projects through the
systems life cycle.
B. Should consist of systems management, the
controller, and other management personnel and
should establish policies with regard to an
organization's information system.
C. Are found in organizations that have had a history
of information system problems with the focus of the
committee being the overseeing of information
systems development.
D. Utilize a top-down approach to the solution of the
information system problems.

[67] Source: CMA 0695 4-29

In the computer program development process, a problem
will most likely result when
A. Programmers take a longer amount of time to
perform programming tasks than expected.

B. Parallel-systems method.
C. Strategic-planning system.
D. A local area network.

[63] Source: CMA 0694 4-6

Which one of the following is least likely to occur in the
analysis phase of a systems development project?
A. Identify systems benefits and objectives.
B. Develop program specifications.
C. Determine the information needs of end users.

B. Written specifications from the user are used to

develop detail program code.
C. Programmers use specialized application tools to
simulate the system being programmed.
D. User specifications are inadvertently
misunderstood.

[68] Source: CMA 1295 4-27

Which one of the following best reflects the basic elements
of a data flow diagram?
A. Data sources, data flows, computer
configurations, flowchart, and data storage.

D. Define problems in the current system.

B. Data source, data destination, data flows,
transformation processes, and data storage.
[64] Source: CMA 0694 4-8
In a systems development life cycle, the process of learning
how a current system functions, determining the needs of
users, and developing the logical requirements of a
proposed system is referred to as systems

C. Data flows, data storage, and program flowchart.

D. Data flows, program flowchart, and data
destination.

A. Design.
B. Implementation.

[69] Source: CMA 1295 4-28

Which one of the following best depicts the path of data as
it moves through an information system?

C. Maintenance.
A. Program flowcharts.
D. Analysis.
B. Computer system flowcharts.
[65] Source: CMA 1294 4-11
A characteristic of a microcomputer system that displays
more than one program on the screen at the same time,
places each program is in its own area of the screen, but
permits only one program to be active, is
A. Windowing.

C. Decision table.
D. HIPO chart.

[70] Source: CMA 1295 4-29

All of the following are included in the systems
implementation process except

B. Distributed processing.
A. Training.
C. Context switching.
B. Documentation.
D. File extension.
C. Systems design.
[66] Source: CMA 0695 4-24

D. Testing.

[71] Source: CMA 1295 4-30

The analysis tool for the systems analyst and steering
committee to use in selecting the best systems alternative is
A. Cost-benefit analysis.
B. Systems design.
C. Decision tree analysis.

D. Was designed using CASE (Computer-Aided

Software Engineering) tools rather than traditional
methods.

[76] Source: CIA 1192 III-39

An insurance firm that follows the systems development life
cycle (SDLC) concept for all major information system
projects is preparing to start a feasibility study for a
proposed underwriting system. Some of the primary factors
the feasibility study should include are

D. User selection.
A. Possible vendors for the system and their
reputation for quality.
[72] Source: CIA 0592 III-23
Early decision models used with structured decisions, such
as inventory reordering and production scheduling,
emphasized finding the structure of the decision and
programming as much of it as possible. More recent
models have been developed to support unstructured
decision processes. Models of the latter type are called

B. Exposure to computer viruses and other intrusions.

C. Methods of implementation such as parallel or
cut-over.
D. Technology and related costs.

A. Decision support systems.

B. Management information systems.

[77] Source: CIA 1192 III-87

Compared with prototyping, life cycle methodologies are
appropriate for problems involving

C. Systems analysis techniques.

D. Rational decision models.

[73] Source: CIA 1192 III-21

Which of the following distinguishes a management
information system from a data processing system?

A. High user understanding of tasks and large project

size.
B. Low user understanding of tasks and small project
size.
C. Low user understanding of tasks and uncertainty
of requirements.

A. Maintenance of a structured database.

D. Uncertainty of requirements and large project size.
B. Capability to provide data for decision-making
support.
C. Automation of routine transaction processing.

[78] Source: CIA 1192 III-89

In addition to specifying requirements, user responsibilities
in prototyping are to

D. Production of reports to support operations.

A. Modify programs, refine requirements, and
evaluate iterations.
[74] Source: CIA 1192 III-24
The concept of a management information system (MIS)
continues to evolve over time. Which of the following is
generally understood to be a central element of an MIS?
A. Maintenance of a large collection of raw,
unorganized data to support a variety of information
needs.
B. Processing of data items is based on decision
models.
C. The user-machine nature of an MIS means that
users have to be skilled in the use of computers to
realize any benefits.
D. A single, highly integrated computer system that
combines processing for all organizational functions.

B. Create initial systems, communicate requirements,

and operate systems.
C. Evaluate iterations, refine requirements, and
communicate refined requirements.
D. Develop code and refine requirements.

[79] Source: CIA 1192 III-90

Advantages of life cycle methodologies are
A. Lower overall development costs when
requirements change frequently.
B. Ability to give users a functioning system quickly.
C. Reduced application development time to achieve
a functioning system.

[75] Source: CIA 0593 III-32

Management information systems represent a significant
investment by most businesses. A primary concern of
management is that the system
A. Meet the business needs of the organization.

D. Enhanced management and control of the

development process.

[80] Source: CIA 1192 III-88

The major phases in a life cycle methodology are

B. Employ the latest technology.

C. Might consume too much time and money during
testing.

A. Define requirements, design system, develop

code, test system, revise/enhance system, install
system, and operate system.

B. Define requirements, create initial system, develop

code, install system, and operate system.
C. Define requirements, create initial system, refine
requirements, and revise/enhance system.
D. Define requirements, design system, develop
code, test system, install system, and operate system.

[85] Source: CIA 0593 III-60

While the system development life cycle (SDLC) approach
to information system development has proven helpful, a
major disadvantage of SDLC is
A. There is no necessary link between organizational
strategy and system requirements.
B. Difficulty in managing the development process.

[81] Source: CIA 1192 III-91

Advantages of prototyping are
A. Ability to try out implementations without incurring
large development costs.
B. Early definition of complete requirements and
conceptual design.
C. Easy specification of control points and associated
control procedures.
D. Enhanced management and control of the
development process.

C. Inability to involve users in the process.

D. Lack of feasibility studies.

[86] Source: CMA 1292 4-26

A systems analyst is currently involved in the hiring and
training of new employees and the testing of new
procedures. In which stage of the systems development
cycle is the analyst?
A. Analysis.
B. Detailed design.

[82] Source: CIA 1192 III-93

A contingency approach to choosing an application
development strategy means that an organization adopts
A. A single requirements development assurance
method.
B. Multiple methods as appropriate for individual
projects.

C. Conceptual design.
D. Implementation.

[87] Source: CMA 0692 4-2

An Executive Information System (EIS) has all of the
following characteristics except
A. Focusing on obtaining strategic objectives.

C. Any one of several common life cycle

methodologies.
D. Prototyping for all projects with uncertain
requirements.

[83] Source: CIA 1192 III-94

The principal rationale for prototyping is that it is easier to
A. Divide a project into manageable segments at the
beginning rather than to impose control after
development is under way.
B. React to an existing application system rather than
to specify desired features for a future system.
C. Anticipate and plan for resource use rather than to
acquire resources on short notice.
D. Convert data files once rather than to reformat
data continually with new project iterations.

B. Giving immediate information about an

organization's critical success factors.
C. Providing information from nontraditional
computer sources.
D. Providing advice and answers to top management
from a knowledge-based system.

[88] Source: CMA 1292 4-25

How is an accounting information system (AIS)
distinguished from a management information system
(MIS)?
A. An AIS deals with financial information; an MIS
handles all other information.
B. An AIS may be either manual or computer-based;
an MIS is computer-based.
C. An AIS is a subsystem within an MIS.

[84] Source: CIA 1193 III-17

Which of the following most significantly encouraged the
development of electronic funds transfer systems?
1. Response to competition
2. Cost containment
3. Advances in information technology
4. Improvements in automated control techniques
5. The development of data encryption standards
A. 1, 2, and 4
B. 2, 4, and 5
C. 1, 2, and 3
D. 3, 4, and 5

D. An AIS is control-oriented; an MIS is used

exclusively for planning.

[89] Source: CMA 0693 4-5

Many organizations supplement feedback control systems
with feedforward control systems. The major goal of most
feedforward control systems is
A. The prediction of potential variations from plans
so that adjustments can be made to prevent problems
before they occur or become significant.
B. The prediction of potential variations from budgets
so that variance analysis can be performed on
problems that become significant.

C. To provide complete information by use of system

controls on computer input.
D. To make predictions about any future event in the
organization.

associated with outsourcing (the practice of hiring an

outside company to handle all or part of the data
processing)?
A. Inflexibility.
B. Loss of control.

[90] Source: CMA 0693 4-16

Which group of characteristics best describes decision
support systems?
A. Analytical models, specialized databases, and
interactive computer-based modeling processes.
B. Analytical models, specialized databases,
interactive computer-based modeling processes, and
the decision maker's own insights and judgments.
C. Analytical models, programming models,
application models, and interactive computer-based
modeling processes.
D. Expert systems, model-based information,
electronic data interchange, and the decision maker's
own insights and judgments.

[91] Source: CMA 1294 4-13

Which one of the following systems best characterizes a
decision support system (DSS)?

C. Loss of confidentiality.
D. Less availability of expertise.

[95] Source: CMA 1295 4-26

Which one of the following statements about an executive
information system (EIS) is incorrect? The EIS
A. Provides top executives with immediate and easy
access to information in a highly interactive format.
B. Helps executives monitor business conditions in
general and assists in strategic planning to control and
operate the company.
C. Is designed to accept data from many different
sources; to combine, integrate, and summarize the
data; and to display this data in a format that is easy
to understand and use.
D. Is likely to be one of the most widely used and the
largest of the information subsystems in a business
organization.

A. Transaction processing system (TPS).

B. Database management system (DBMS).
C. Spreadsheet system.
D. Interactive system.

[96] Source: CMA 1287 5-4

The process of monitoring, evaluating, and modifying a
system as needed is referred to as systems
A. Analysis.
B. Feasibility study.

[92] Source: CMA 1295 4-23

Which one of the following statements about an accounting
information system (AIS) is incorrect?

C. Maintenance.
D. Implementation.

A. AIS supports day-to-day operations by collecting

and sorting data about an organization's transactions.
B. The information produced by AIS is made
available to all levels of management for use in
planning and controlling an organization's activities.
C. AIS is best suited to solve problems where there
is great uncertainty and ill-defined reporting
requirements.

[97] Source: CMA 1287 5-6

The process of developing specifications for hardware,
software, manpower, data resources, and information
products required to develop a system is referred to as
systems
A. Analysis.
B. Feasibility study.

D. AIS is often referred to as a transaction

processing system.

C. Maintenance.
D. Design.

[93] Source: CMA 1295 4-24

Which one of the following features is least likely to apply
to the transaction processing cycle of an accounting
information system?
A. Data records are chiefly historical in nature.
B. Most of the sources of data are an organization's
recurring transactions.

[98] Source: CMA 1289 5-8

In determining the need for system changes, several types
of feasibility studies can be made. The most commonly
recognized feasibility studies are
A. Legal, environmental, and economic.
B. Environmental, operational, and economic.

C. Data are usually financial in nature.

C. Technical, economic, legal, and practical.
D. Data records are the basis of predictive systems.
D. Technical, operational, and economic.
[94] Source: CMA 1295 4-25
Which one of the following is not considered a typical risk

[99] Source: CMA 1290 4-19

Workwell Company operates in several regions, with each

region performing its data processing in a regional data
center. The corporate management information systems
(MIS) staff has developed a database management system
to handle customer service and billing. The director of MIS
recommended that the new system be implemented in the
Southwestern Region to ascertain if the system operates in
a satisfactory manner. This type of conversion is called a
A. Parallel conversion.

B. Preparation of specifications for computer

programming.
C. Developing, coding, and testing computer
programs.
D. Examining user information requirements.

[105] Source: CMA 0693 4-18

The three major activities of systems design are

B. Direct conversion.
C. Prototype conversion.

A. User interface design, data manipulation, and

output analysis.

D. Pilot conversion.

B. Process design, output design, and output analysis.

[100] Source: CMA 0691 4-28

Two phases of systems planning are project definition and
project initiation. All of the following are steps in the
project initiation phase except
A. Preparing the project proposal.
B. Informing managers and employees of the project.

C. User interface design, data design, and process

design.
D. Data design, input validation, and processing.

[106] Source: CMA 0694 4-9

Ordinarily, the analysis tool for the systems analyst and
steering committee to use in selecting the best system
alternative is

C. Assembling the project team.

A. Pilot testing.
D. Training selected personnel.
B. User selection.
[101] Source: CMA 0691 4-29
Errors are most costly to correct during

C. Decision tree analysis.

D. Cost-benefit analysis.

A. Programming.
B. Conceptual design.
C. Analysis.

[107] Source: CMA 1294 4-12

Which one of the following statements most accurately
represents the basic steps in designing a spreadsheet
model?

D. Implementation.

[102] Source: CMA 0691 4-30

The least risky strategy for converting from a manual to a
computerized accounts receivable system would be a
A. Direct conversion.
B. Parallel conversion.
C. Pilot conversion.
D. Database conversion.

A. Define the problem, identify inputs and outputs,

develop assumptions and decision criteria, and
document formulas.
B. Identify inputs and outputs, develop assumptions
and decision criteria, document formulas, and build
macros.
C. Define the problem, develop assumptions and
decision criteria, develop test cases, and build
macros.
D. Develop assumptions and decision criteria,
document formulas, develop test cases, and run test
cases.

[103] Source: CMA 1292 4-30

In the systems development cycle, coding is
A. A form of testing and debugging.
B. Part of the detailed design phase.

[108] Source: CMA 1287 5-2

Microcomputer systems have enhanced use with systems
software and applications software. Which one of the
following statements concerning microcomputer systems is
false?

C. Part of the data flow diagram.

D. A form of program maintenance.

[104] Source: CMA 0693 4-14

Systems analysts are the personnel within an organization
who are responsible for the development of the company's
information system. Which one of the following functions
are least likely to be performed by a systems analyst?
A. Design of computer applications.

A. Database management systems are available for

microcomputer systems.
B. An operating system program is a critical software
package for microcomputers.
C. Electronic spreadsheet packages are types of
applications software for microcomputers.
D. Integrated packages are examples of operating
systems for microcomputers.

[109] Source: CMA 0689 5-10

In a microcomputer system, the place where parts of the
operating system program and language translator program
are permanently stored is

Computer manufacturers are now installing software

programs permanently inside the computer as part of its
main memory to provide protection from erasure or loss if
there is interrupted electrical power. This concept is known
as
A. File integrity.

A. Read-only memory (ROM).

B. Software control.
B. Magnetic disk drive.
C. Firmware.
C. Random-access memory (RAM).
D. Random access memory (RAM).
D. Magnetic tape drive.

[110] Source: CMA 0694 4-5

The location in the central processing unit (CPU) where
data and programs are temporarily stored during
processing is the

[115] Source: CMA 0689 5-12

All of the following are characteristic of computer machine
language except
A. Internal binary code.

A. Magnetic tape drive.

B. Hexadecimal code.

B. Random-access memory (RAM).

C. Assembly language.

C. Magnetic disk drive.

D. On/off electrical switches.

D. Floppy disk drive.

[111] Source: CMA 0695 4-16

The main components of the central processing unit (CPU)
of a computer are

[116] Source: CMA 1289 5-5

Mainframe computer systems include several advanced
processing procedures. Two of the most common
processing procedures are multiprocessing and
multiprogramming. Which one of the following statements
about these processing procedures is false?

A. Semiconductors, online devices, and memory.

B. Arithmetic-logic unit, control unit, and primary
memory.
C. Random access memory, read only memory, and
auxiliary storage.
D. Primary storage, input-output devices, and
arithmetic-logic unit.

A. Multiprocessing usually involves two or more

computers functioning simultaneously.
B. Multiprogramming allows multiple programs to be
executed at exactly the same time.
C. Multiprogramming switches back and forth
between programs during processing.
D. Multiprocessing allows the sharing of a central
memory during processing.

[112] Source: CMA 0695 4-17

Access time in relation to computer processing is the
amount of time it takes to
A. Transmit data from a remote terminal to a central
computer.

[117] Source: CMA 0695 4-15

Block codes
A. Are generally used to identify missing items from a
set of documents or records.

B. Complete a transaction from initial input to output.

B. Allow a user to number items sequentially.
C. Perform a computer instruction.
D. Retrieve data from memory.

[113] Source: CMA 0695 4-18

Banks are required to process many transactions from
paper documents (e.g., checks, deposit slips) during the
course of an average business day. This requires a reliable,
yet economical form of input. The most common source
automation device used by banks is

C. Allow a user to assign meaning to particular

segments of a coding scheme.
D. Are randomly calculated groups of numbers used
as a control check.

[118] Source: CMA 1292 4-27

A commonly used measure of the relative frequency of
adds, deletes, and changes to a master file during a
specified time period is

A. A disk pack.
A. Volatility.
B. Magnetic tape.
B. The index ratio.
C. Bar coding.
C. The frequency ratio.
D. Magnetic ink character recognition.
D. The volume ratio.
[114] Source: CMA 1287 5-13

[119] Source: CMA 0694 4-7

All of the following are examples of computer software
except a(n)
A. Database management system.

An information system (IS) project manager is currently in

the process of adding a systems analyst to the IS staff. The
new systems analyst will be involved with testing the new
computerized system. At which stage of the systems
development life cycle will the analyst be primarily used?

B. Telephone modem.

A. Cost-benefit analysis.

C. Language translator.

B. Requirements definition.

D. Word processing package.

C. Flowcharting.
D. Implementation.

[120] Source: CMA 0695 4-14

The indexed-sequential-access method (ISAM) is an
approach to file organization
A. In which each data record has a pointer field
containing the address of the next record in the list.
B. In which an index of record pointers of some of
the file attributes are maintained in a list.
C. Uses an algorithm to convert a record key into a
storage address to assist with later retrieval.
D. In which records are stored sequentially in a direct
access file and organized by a primary key stored in
an index record.

[125] Source: CMA 1296 4-21

Which one of the following technological elements of
computer-based information systems has the least effect in
driving the changes that are currently occurring in the
workplace?
A. Advances in microcomputer hardware and
software.
B. Office automation and teleprocessing.
C. Decision support systems and artificial intelligence
(AI).
D. Advances in disaster recovery systems.

[121] Source: CMA 0696 4-6

The current trend in systems environments is to replace
large mainframe computers with multiprocessor computer
systems. All of the following are reasons this trend is
occurring except that multiprocessor computer systems
A. Are generally more flexible than mainframe
computer systems.
B. Are most applicable in installations having a large
number of small application programs.
C. Are more effective at handling high-volume, online
transaction processing.
D. Applications are generally easier to program than
mainframe applications.

[126] Source: CMA 1296 4-26

Feedback, feedforward, and preventive controls are
important types of control systems and procedures for an
accounting information system. Which one of the following
is in the correct order of feedback, feedforward, and
preventive control systems?
A. Cash budgeting, capital budgeting, and hiring
qualified employees.
B. Cash budgeting, cost accounting variances, and
separation of duties.
C. Cost accounting variances, separation of duties,
and cash planning.
D. Cost accounting variances, cash budgeting, and
organizational independence.

[122] Source: CMA 0696 4-12

The input device used in a department store that allows a
sales clerk to pass a light pen over the price tag to record
the purchase is a(n)

[127] Source: CMA 1296 4-27

Which one of the following terms best describes a decision
support system (DSS)?

A. Mark-sense reader.
A. Management reporting system.
B. Optical scanner.
B. Formalized system.
C. Touch-tone device.
C. Interactive system.
D. Laser bar code scanner.
D. Accounting information system.
[123] Source: CMA 0696 4-13
All of the following are computer input devices except a(n)
A. Plotter.

[128] Source: CMA 1296 4-28

The process of learning how the current system functions,
determining the needs of users, and developing the logical
requirements of a proposed system is referred to as

B. Mouse.
A. Systems maintenance.
C. Magnetic ink character recognition device.
B. Systems analysis.
D. Light pen.
C. Systems feasibility study.
[124] Source: CMA 1296 4-19

D. Systems design.

[129] Source: CMA 1296 4-30

An accounting information system (AIS) must include
certain source documents in order to control purchasing
and accounts payable. For a manufacturing organization,
the best set of documents should include

[134] Source: CMA 1289 5-3

Coding in data processing assigns a unique identification
number or key to each data record. Which one of the
following statements about coding is incorrect?
A. A primary key is the main code used to store and
locate records within a file.

A. Purchase requisitions, purchase orders, inventory

reports of goods needed, and vendor invoices.

B. Records can be sorted, and temporary files

created, using codes other than their primary keys.

B. Purchase orders, receiving reports, and inventory

reports of goods needed.

C. Secondary keys are used when the primary keys

cannot be found.

C. Purchase orders, receiving reports, and vendor

invoices.

D. Secondary keys are used for alternative purposes

including inverted files.

D. Purchase requisitions, purchase orders, receiving

reports, and vendor invoices.

[130] Source: CMA 1292 4-29

A software tool infrequently used to select or access items
in the database is most likely a(n)

[135] Source: CMA Samp Q4-9

In an information system environment, many organizations
combine key data processing cycles related to accounting
and finance. Traditionally, these cycles are
A. Cash receipts, cash disbursements, and capital
budgeting.

A. Report generator.
B. Capital budgeting and financial reporting.
B. Program generator.
C. Cash receipts and cash disbursements.
C. Application generator.
D. Query utility program.

[131] Source: Publisher

Object oriented programming is characterized by an
emphasis on objects and the procedures performed upon
them. Which of the following programming languages is
most closely associated with object oriented programming?

D. Cash receipts, cash disbursements, capital

budgeting, and financial reporting.

[136] Source: CMA 0687 5-4

Which one of the following input validation routines is not
likely to be appropriate in a real-time operation?
A. Sign check.

A. Basic.

B. Reasonableness check.

B. Fortran.

C. Sequence check.

C. C.

D. Redundant data check.

D. C++.
[137] Source: CMA 0687 5-5
The online data entry control called preformatting is
[132] Source: Publisher
Computers containing more than one central processing
unit (CPU) are increasingly common. This feature enables a
computer to execute multiple instructions from multiple
programs simultaneously. This process is
A. Time sharing.

A. A program initiated prior to regular input to

discover errors in data before entry so that the errors
can be corrected.
B. A check to determine if all data items for a
transaction have been entered by the terminal
operator.

B. Multitasking.
C. Multiprocessing.

C. A series of requests for required input data that

requires an acceptable response to each request
before a subsequent request is made.

D. Batch processing.
D. The display of a document with blanks for data
items to be entered by the terminal operator.
[133] Source: Publisher
Software offered to users on a "try before you buy" basis is
called
A. Shareware.

[138] Source: CMA 0687 5-8

In a manual system, records of current activity are posted
from a journal to a ledger. In a computer system, current
records from a(n)

B. Firmware.
A. Table file are updated to a transaction file.
C. Middleware.
B. Index file are updated to a master file.
D. Freeware.
C. Transaction file are updated to a master file.

D. Master file are updated to a year-to-date file.

[139] Source: CMA 0687 5-15

A major disadvantage of distributed data processing is

B. Records can be sorted, and temporary files

created, using codes other than their primary keys.
C. Secondary keys are used when the primary keys
cannot be found.

A. The increased time between job request and job

completion.

D. Secondary keys are used for alternative purposes

including inverted files.

B. That small jobs cannot be processed efficiently.

C. The disruption caused when the mainframe goes
down.
D. That data processing professionals may not be
properly involved.

[140] Source: CMA 1287 5-15

In an automated payroll processing environment, a
department manager substituted the time card for a
terminated employee with a time card for a fictitious
employee. The fictitious employee had the same pay rate
and hours worked as the terminated employee. The best
control technique to detect this action using employee
identification numbers would be a

[144] Source: CMA 1290 4-21

Which one of the following represents a lack of internal
control in a computer-based system?
A. Any and all changes in applications programs have
the authorization and approval of management.
B. Provisions exist to ensure the accuracy and
integrity of computer processing of all files and
reports.
C. Provisions exist to protect data files from
unauthorized access, modification, or destruction.
D. Programmers have access to change programs
and data files when an error is detected.

A. Batch total.
B. Record count.
C. Hash total.
D. Subsequent check.

[145] Source: CMA 1290 4-22

The most critical aspect of separation of duties within
information systems is between
A. Project leaders and programmers.
B. Programmers and computer operators.

[141] Source: CMA 0689 5-8

A disk storage unit may be preferred over a magnetic tape
drive system because the disk storage unit

C. Management and users.

D. Programmers and systems analysts.

A. Is a cheaper medium for data storage.

B. Offers random access to data files.
C. Offers sequential access to data files.
D. Can be measured in bytes per inch.

[146] Source: CMA 1290 4-24

Information processing made possible by a network of
computers dispersed throughout an organization is called
A. Online processing.
B. Interactive processing.

[142] Source: CMA 1289 5-2

Payroll systems should have elaborate controls to prevent,
detect, and correct errors and unauthorized tampering. The
best set of controls for a payroll system includes
A. Batch and hash totals, record counts of each run,
proper separation of duties, special control over
unclaimed checks, and backup copies of activity and
master files.
B. Employee supervision, batch totals, record counts
of each run, and payments by check.

C. Time sharing.
D. Distributed data processing.

[147] Source: CMA 0692 4-3

Block codes in a coding system
A. Provide listings of balance sheet and income
statement accounts.
B. Require the use of numeric codes only.

C. Passwords and user codes, batch totals,

employee supervision, and record counts of each run.
D. Sign tests, limit tests, passwords and user codes,
online edit checks, and payments by check.

[143] Source: CMA 1289 5-3

Coding in data processing assigns a unique identification
number or key to each data record. Which one of the
following statements about coding is incorrect?
A. A primary key is the main code used to store and
locate records within a file.

C. Reserve numbers in a numerical sequence that

correspond to categories significant to the user.
D. Preclude the sorting of data on different keys.

[148] Source: CMA 0693 4-4

Accounting controls are concerned with the safeguarding of
assets and the reliability of financial records. Consequently,
these controls are designed to provide reasonable
assurance that all of the following take place except
A. Permitting access to assets in accordance with
management's authorization.

outputs for specific applications.

B. Executing transactions in accordance with
management's general or specific authorization.
C. Compliance with methods and procedures
ensuring operational efficiency and adherence to
managerial policies.
D. Comparing recorded assets with existing assets at
periodic intervals and taking appropriate action with
respect to differences.

[149] Source: CMA 0695 4-13

In distributed data processing, a ring network
A. Has all computers linked to a host computer, and
each linked computer routes all data through the host
computer.
B. Links all communication channels to form a loop,
and each link passes communications through its
neighbor to the appropriate location.
C. Attaches all channel messages along one common
line with communication to the appropriate location
via direct access.

B. Ensure the separation of incompatible functions in

the data processing departments.
C. Provide controls over the electronic functioning of
the hardware.
D. Plan for the protection of the facilities and backup
for the systems.

[153] Source: CMA 0685 5-25

Which one of the following is the best reason for
developing a computer security plan?
A. All possible threats associated with the data
processing equipment are identified.
B. Recovery from the damage associated with any
identified threats can be assured.
C. A company can select the set of control policies
and procedures that optimize computer security
relative to cost.
D. The user departments can be assured that control
policies are in place and their data files are secure.

D. Organizes itself along hierarchical lines of

communication usually to a central host computer.

[150] Source: CMA 0693 4-12

The financial accounting database has several critical
relationships that must be properly maintained if the system
is to function in an orderly manner. Which one of the
following statements about the financial accounting
database is incorrect?
A. The general ledger is a master file in which a
record is maintained for each and every account in
the organization's accounting system.

[154] Source: CMA 0685 5-26

A company employing an online computer system has CRT
terminals located in all operating departments for inquiry
and updating purposes. Many of the company's employees
have access to and are required to use the CRT terminals.
A control the company would incorporate to prevent an
employee from making an unauthorized change to
computer records unrelated to that employee's job would
be to
A. Restrict the physical access to terminals.
B. Establish user codes and passwords.

B. Subsidiary ledgers are master files containing

accounting records by specific account categories.

C. Use validity checks.

C. Cash disbursements journals are complete records

of each transaction that reduces cash.

D. Apply a compatibility test to transactions or

inquiries entered by the user.

D. Transaction records include cross-reference

between general ledger files, subsidiary account
numbers, and source document numbers.

[151] Source: CMA 1284 5-28

The use of a generalized audit software package

[155] Source: CMA 0685 5-27

An online data entry technique that can be employed when
inexperienced personnel enter data is the use of
A. Overflow procedures.
B. Prompting.

A. Relieves an auditor of the typical tasks of

investigating exceptions, verifying sources of
information, and evaluating reports.

C. Compatibility tests.
D. Checkpoints.

B. Is a major aid in retrieving information from

computerized files.
C. Overcomes the need for an auditor to learn much
about computers.

[156] Source: CMA 0685 5-29

A database is
A. Essential for the storage of large data sets.

D. Is a form of auditing around the computer.

B. A collection of related files.
[152] Source: CMA 0685 5-24
EDP accounting control procedures are referred to as
general controls or application controls. The primary
objective of application controls in a computer environment
is to
A. Maintain the accuracy of the inputs, files, and

C. A real-time system.
D. A network of computer terminals.

[157] Source: CMA 0685 5-28

Routines that use the computer to check the validity and

accuracy of transaction data during input are called

D. Input controls at each user location.

A. Operating systems.
B. Edit programs.

[163] Source: CMA 0686 5-10

An edit of individual transactions in a direct access file
processing system usually

C. Compiler programs.
A. Takes place in a separate computer run.
D. Integrated test facilities.
B. Takes place in an online mode as transactions are
entered.
[158] Source: CMA 0685 5-30
One of the first steps in the creation of a database is to
A. Define common variables and fields used
throughout the firm.
B. Increase the secondary storage capacity.

C. Takes place during a backup procedure.

D. Is not performed due to time constraints.

[164] Source: CMA 0686 5-13

An example of an internal check is

C. Obtain software that will facilitate data retrieval.

D. Integrate the accounting system into the database.

A. Making sure that output is distributed to the

proper people.
B. Monitoring the work of programmers.

[159] Source: CMA 0685 5-31

The identification of users who have permission to access
data elements in a database is found in the
A. Operating system.

C. Collecting accurate statistics of historical

transactions while gathering data.
D. Recalculating an amount to assure its accuracy.

B. Systems manual.
C. Database schema.

[165] Source: CMA 0686 5-12

A control designed to catch errors at the point of data entry
is

D. Database file definition.

A. A batch total.
[160] Source: CMA 0685 5-33
If a database has integrity, the

B. A record count.
C. A self-checking digit.

A. Software was implemented after extensive

acceptance testing.

D. Checkpoints.

B. Database has only consistent data.

[166] Source: CMA 0686 5-14
C. Database is secure from accidental entry.
D. Database and the system have been reviewed by
an external auditor.

[161] Source: CMA 0685 5-32

In a large database system maintained on a mainframe
computer, the most common medium for data files for the
database is
A. Magnetic tape.

Program documentation is a control designed primarily to

ensure that
A. Programmers have access to the tape library or
information on disk files.
B. Programs do not make mathematical errors.
C. Programs are kept up to date and perform as
intended.
D. Data have been entered and processed.

B. Central processing unit memory.

C. Hard disk.
D. Read only memory (ROM).

[167] Source: CMA 0687 5-3

Whether or not a real-time program contains adequate
controls is most effectively determined by the use of
A. Audit software.
B. An integrated test facility.

[162] Source: CMA 0686 5-8

Remote batch processing avoids the need for having
A. Terminals at each user location.

C. A tagging routine.
D. A tracing routine.

B. Printers at each user location.

C. A central processing unit (CPU) at each user
location.

[168] Source: CMA 0687 5-7

Compatibility tests are sometimes employed to determine
whether an acceptable user is allowed to proceed. In order
to perform compatibility tests, the system must maintain an

access control matrix. The one item that is not part of an

access control matrix is a
A. List of all authorized user code numbers and
passwords.
B. List of all files maintained on the system.
C. List of all programs maintained on the system.
D. Limit on the number of transaction inquiries that
can be made by each user in a specified time period.

[169] Source: CMA 0687 5-14

The installation of a database management system is not
likely to have any direct impact on
A. Data redundancy within files.
B. Inconsistencies within common data fields.
C. The logic needed to solve a problem in an
application program.
D. The internal control of data accuracy and access.

[170] Source: CMA 1287 5-17

The reporting of accounting information plays a central role
in the regulation of business operations. The importance of
sound internal control practices is underscored by the
Foreign Corrupt Practices Act of 1977 which requires
publicly owned U.S. corporations to maintain systems of
internal control that meet certain minimum standards.
Preventive controls are an integral part of virtually all
accounting processing systems, and much of the
information generated by the accounting system is used for
preventive control purposes. Which one of the following is
not an essential element of a sound preventive control
system?
A. Separation of responsibilities for the recording,
custodial, and authorization functions.
B. Sound personnel practices.
C. Documentation of policies and procedures.
D. Implementation of state-of-the-art software and
hardware.

Accounts Payable -- authorize payments and prepare

vouchers.
Accounts Receivable -- maintain customer accounts.
Billing -- prepare invoices to customers for goods sold.
Cashier -- maintain a record of cash receipts and
disbursements.
Credit Department -- verify the credit rating of customers.
Cost Accounting -- accumulate manufacturing costs for all
goods
produced.
Finished Goods Storeroom -- maintain the physical inventory
and
related stock records of finished goods.
General Accounting -- maintain all records for the company's
general
ledger.
Internal Audit -- appraise and monitor internal controls, as
well as
conduct operational and management audits.
Inventory Control -- maintain perpetual inventory records for
all
manufacturing materials and supplies.
Mailroom -- process incoming, outgoing, and
interdepartmental mail.
Payroll -- compute and prepare the company payroll.
Personnel -- hire employees, as well as maintain records on
job
positions and employees.
Purchasing -- place orders for materials and supplies.
Production -- manufacture finished goods.
Production Planning -- decide the types and quantities of
products to
be produced.
Receiving -- receive all materials and supplies.
Sales -- accept orders from customers.
Shipping -- ship goods to customers.
Stores Control -- safeguard all materials and supplies until
needed
for production.
Timekeeping -- prepare and control time worked by hourly
employees.
[172] Source: CMA 0690 5-1
(Refers to Fact Pattern #2)
The initiation of the purchase of materials and supplies
would be the responsibility of the
A. Purchasing Department.
B. Stores Control Department.

[171] Source: CMA 1289 5-1

To control purchasing and accounts payable, an
information system must include certain source documents.
For a manufacturing organization, these documents should
include
A. Purchase orders, receiving reports, and vendor
invoices.
B. Receiving reports and vendor invoices.
C. Purchase requisitions, purchase orders, receiving
reports, and vendor invoices.
D. Purchase requisitions, purchase orders, inventory
reports of goods needed, and vendor invoices.

[Fact Pattern #2]

Marport Company is a manufacturing company that uses
forms and documents in its accounting information systems
for record keeping and internal control. The departments in
Marport's organization structure and their primary
responsibilities are

C. Inventory Control Department.

D. Production Department.

[173] Source: CMA 0690 5-3

(Refers to Fact Pattern #2)
Multiple copies of the purchase order are prepared for
record keeping and distribution with a copy of the purchase
order sent to the vendor and one retained by the
Purchasing Department. In addition, for proper
informational flow and internal control purposes, a version
of the purchase order would be distributed to the
A. Accounts Payable, Receiving, and Stores Control
Departments.
B. Accounts Payable, Receiving, and Inventory
Control Departments.
C. Accounts Payable, Accounts Receivable, and
Receiving Departments.
D. Accounts Payable, Receiving, and Production

Planning Departments.

[174] Source: CMA 0690 5-4

(Refers to Fact Pattern #2)
Responsibility for following up on any problems regarding
orders of production materials and supplies, such as orders
for which no acknowledgment has been received, orders
overdue, partial orders, damaged or substandard
merchandise received on an order, etc., would be entrusted
to the
A. Inventory Control Department.
B. Stores Control Department.
C. Production Planning Department.

preparation.
B. Separation of payroll preparation and paycheck
distribution.
C. Separation of timekeeping from factory
departments.
D. Separation of payroll preparation and maintenance
of year-to-date payroll records.

[179] Source: CMA 0690 5-9

(Refers to Fact Pattern #2)
If employee paychecks are distributed by hand to
employees, which one of the following departments should
be responsible for the safekeeping of unclaimed
paychecks?

D. Purchasing Department.
A. Payroll Department.
[175] Source: CMA 0690 5-5
(Refers to Fact Pattern #2)
The documents that the Accounts Payable Department
must review before it can properly authorize payment for
the purchase of materials and supplies are

B. Timekeeping Department.
C. Production Department in which the employee
works or worked.
D. Cashier Department.

A. Vendor's invoice, purchase requisition, and

acknowledgment purchase order.
B. Vendor's invoice, acknowledgment purchase
order, and receiving report.
C. Vendor's monthly statement, purchase order, and
voucher.
D. Vendor's invoice, purchase order, and receiving
report.

[176] Source: CMA 0690 5-6

(Refers to Fact Pattern #2)
The document that is the authorization to initiate the
manufacture of goods is referred to as a
A. Daily production schedule.

[180] Source: CMA 0690 5-10

(Refers to Fact Pattern #2)
Organizational independence is required in the processing
of customers' orders in order to maintain an internal control
structure. Which one of the following situations is not a
proper separation of duties in the processing of orders from
customers?
A. Approval by Credit Department of a sales order
prepared by the Sales Department.
B. Shipping of goods by the Shipping Department
that have been retrieved from stock by the Finished
Goods Storeroom Department.
C. Invoice preparation by the Billing Department and
posting to customers' accounts by the Accounts
Receivable Department.

B. Raw materials requisition.

C. Bill of materials.
D. Production order.

[177] Source: CMA 0690 5-7

(Refers to Fact Pattern #2)
The document that is used to record the actual work
performed for a specific product by each factory employee
is called a(n)
A. Payroll register.
B. Production order cost summary.

D. Approval of a sales credit memo because of a

product return by the Sales Department with
subsequent posting to the customer's account by the
Accounts Receivable Department.

[181] Source: CMA 0690 5-11

(Refers to Fact Pattern #2)
A bill of lading is a document that
A. Indicates the amount the customer owes by listing
the quantities shipped, unit price, and total price of
goods shipped.
B. Is sent with the goods giving a listing of the
quantities of items included in the shipment.

C. Operations list.
D. Job time ticket.

[178] Source: CMA 0690 5-8

(Refers to Fact Pattern #2)
Organizational independence in the processing of payroll is
achieved by functional separations that are built into the
system. Which one of the following functional separations is
not required for internal purposes?
A. Separation of timekeeping from payroll

C. Is used to transfer responsibility for goods

between the seller of goods and a common carrier.
D. Reduces a customer's account for goods returned
to the seller.

[182] Source: CIA 1192 III-31

A manufacturer is developing a new database system for its
products, which are made to order in batches. During the
day, clerks respond to customer inquiries about the status
of orders. At night, invoices are produced in batch for

completed orders. The best access method for production

data is

D. Develop and maintain the database.

A. Indexed sequential.
B. Direct.

[188] Source: CIA 0594 III-27

The ability to add or update documentation items in data
dictionaries should be restricted to

C. Hashed.
A. Database administrators.
D. Sequential.
B. System programmers.
[183] Source: CIA 0594 III-30
Contingency planning alternatives can vary by computer
processing environment. A company is least likely to use a
reciprocal processing agreement for
A. Large batch operations.
B. Online teleprocessing facilities.
C. Small batch operations.

C. System librarians.
D. Application programmers.

[189] Source: CIA 1191 III-24

Which of the following is a device used in a data
communications system to interleave the slow data
transmissions of many different terminal devices to fully use
the capacity of a medium- or high-speed data
communication line?

D. Totally centralized operations.

A. Multiplexor.
[184] Source: CIA 0591 III-82
ADABAS, DATACOM/DB, DB2, IDMS, and IMS are

B. Modem.
C. Coaxial cable.

A. Library systems.
D. Bus.
B. Access control systems.
C. Programming languages.
D. Database management systems.

[185] Source: CIA 1191 III-27

Occasionally, a database user may send an incorrect
update to the database. Undoing the update is difficult
because the old data have been replaced by the new,
incorrect data. The feature of a system that allows the user
to undo the mistake is classified as error

[190] Source: CIA 0592 III-26

As the number of computers in an organization increases,
many organizations find it useful to interconnect them by a
communications network. A type of network that is used to
support interconnections within a building is known as a(n)
A. Local-area network.

B. Wide-area network.
C. Baseband network.

A. Prevention.
D. Broadband network.
B. Detection.
C. Correction.
D. Recovery.

[186] Source: CIA 1193 III-32

Enabling users to have different views of the same data is a
function of

[191] Source: CIA 1193 III-24

Which of the following is an advantage of electronic mail
systems?
A. They are more cost-effective than other methods
of delivering information.
B. They are easier to use than manual systems.

A. The operating system.

C. They are inexpensive to implement.

B. A program library management system.

D. The system is available to all who want to use it.

C. The database management system.

D. A utility program.

[187] Source: CIA 1193 III-33

The function of a data dictionary is to

[192] Source: CIA 0594 III-26

Companies now can use electronic transfers to conduct
regular business transactions. Which of the following terms
best describes a system in which an agreement is made
between two or more parties to electronically transfer
purchase orders, sales orders, invoices, and/or other
financial documents?

A. Organize and share information about objects and

resources.

A. Electronic funds transfer (EFT).

B. Specify systems users.

B. Electronic data interchange (EDI).

C. Specify privileges and security rules for objects

and resources.

C. Electronic data processing (EDP).

D. Electronic document exchange (EDE).

A. Domain.
[193] Source: CMA 1294 4-15
The most critical aspect of the separation of duties within a
mainframe information systems environment is between
A. Programmers and project leaders.

B. Subschema.
C. Cardinality.
D. Referential path.

B. Programmers and systems analysts.

C. Programmers and users.
D. Programmers and computer operators.

[Fact Pattern #3]

Although a company uses electronic data interchange with
most of its large customers, it also receives incoming orders
by mail and fax. After experiencing increasing delays
making online inquiries, the sales department has decided
to download accounts receivable data to a microcomputer
each morning. The microcomputer file will be used to do
credit checks on incoming mail and fax orders before the
orders are encoded for further processing.
[194] Source: CIA 0594 III-18
(Refers to Fact Pattern #3)
Which is the best set of data fields to download to the
microcomputer?

[198] Source: CMA 1287 5-3

The increased use of database processing systems makes
managing data and information a major information service
function. Because the databases of an organization are
used
for many different applications, they are coordinated and
controlled by a database administrator. The functions of a
database administrator are
A. Data input preparation, database design, and
database operations.
B. Database design, database operation, and
database security.
C. Database design, database operation, and
equipment operations.
D. Database design, software support, and database
security.

A. Account number, name, unused credit balance.

B. Account number, current customer balance, credit
limit.
C. Account number, unused credit balance.
D. Account number, name, current customer balance.

[199] Source: CMA 1287 5-16

An employee in the receiving department keyed in a
shipment from a remote terminal and inadvertently omitted
the purchase order number. The best systems control to
detect this error would be
A. Batch total.
B. Completeness test.

[195] Source: CIA 0594 III-19

(Refers to Fact Pattern #3)
The internal auditor examined the system, which uses a
microcomputer to do credit checking. Which of the
following is probably not included as a system weakness in
the internal auditor's report?
A. Updates might not be done on a daily basis.
B. Credit information is not real-time.
C. There is no end-of-day backup procedure for the
data.
D. Unauthorized changes could be made to amounts
in the file.

[196] Source: CIA 1193 III-19

Of the techniques available to an auditor, which is the most
valuable in providing a summary outline and overall
description of the process of transactions in an information
system?
A. Transaction retrievals.
B. Test decks.

C. Sequence check.
D. Reasonableness test.

[200] Source: CMA 1289 5-7

The database approach to systems and the resulting
concept of database management systems have several
unique characteristics not found in traditional systems,
specifically file-oriented systems. Which one of the
following statements does not apply to database-oriented
systems?
A. Database systems have data independence; that
is, the data and the programs are maintained
separately except during processing.
B. Database systems contain a data definition
language that helps describe each schema and
subschema.
C. The database administrator is the part of the
software package that instructs the operating aspects
of the program when data are retrieved.
D. A primary goal of database systems is to minimize
data redundancy.

C. Software code comparisons.

D. Flowcharts.

[197] Source: CMA Samp Q4-8

In data modeling and database design, the nature and
extent of a relationship between two entities is the

[201] Source: CMA 1290 4-23

An interactive system environment is best characterized by
A. Data files with records arranged sequentially.
B. The processing of groups of data at regular

intervals.
C. Sorting the transaction file before processing.
D. The processing of data immediately on input.

[202] Source: CMA 0691 4-24

Preventive controls are
A. Usually more costly to use than detective controls.
B. Found only in general accounting controls.

C. Tape and disk output controls and printed output

controls.
D. Input controls, tape and disk output controls, and
printed output controls.

[207] Source: CMA 0693 4-10

Online access controls are critical for the successful
operation of today's computer systems. To assist in
maintaining control over such access, many systems use
tests that are maintained through an internal access control
matrix which consists of

C. Found only in accounting transaction controls.

D. Usually more cost beneficial than detective
controls.

[203] Source: CMA 0691 4-25

Edit checks in a computerized accounting system
A. Are preventive controls.
B. Should be performed on transactions prior to
updating a master file.
C. Must be installed for the system to be operational.
D. Should be performed immediately prior to output
distribution.

[204] Source: CMA 0691 4-26

The concept of timeliness of data availability is most
relevant to
A. Payroll systems.
B. General ledger systems.
C. Manual systems.

A. Authorized user code numbers, passwords, lists of

all files and programs, and a record of the type of
access each user is entitled to have to each file and
program.
B. Authorized user code numbers and passwords.
C. A list of controls in the online system and a list of
those individuals authorized to change and adjust
these controls along with a complete list of files in the
system.
D. A completeness test, closed loop verification, and
a compatibility test.

[208] Source: CMA 0693 4-15

Transaction processing systems frequently support the
inquiry of online database users. Inquiry processing
includes all of the following characteristics except that
A. Either batch or real-time processing may be used.
B. It is dependent on the use of telecommunication
networks and database management query
languages.
C. Responses are in a prespecified format displayed
on the end user's terminal.

D. Online systems.
D. End users are allowed to make changes to the
records retrieved.
[205] Source: CMA 0692 4-1
Batch processing
A. Is not used by most businesses because it reduces
the audit trail.

[209] Source: CMA 1294 4-16

An electronic meeting conducted between several parties at
remote sites is referred to as
A. Teleprocessing.

B. Processes individual transactions as they occur.

B. Interactive processing.
C. Allows users to inquire about groups of
information contained in the system.
D. Accumulates transaction records into groups for
processing against the master file.

[206] Source: CMA 0693 4-6

Data processed by a computer system are usually
transferred to some form of output medium for storage.
However, the presence of computerized output does not, in
and of itself, assure the output's accuracy, completeness, or
authenticity. For this assurance, various controls are
needed. The major types of controls for this area include

C. Telecommuting.
D. Teleconferencing.

[210] Source: CMA 1294 4-17

A system that permits suppliers and buyers to have direct
access to portions of each others' databases, including
inventory data, to enhance service and deliveries is
A. Electronic mail.
B. Interactive processing.
C. Electronic data interchange.

A. Transaction controls, general controls, and

printout controls.
B. Activity listings, echo checks, and pre-numbered
forms.

D. Distributed processing.

[211] Source: CMA 1294 4-18

The system that permits the computers in a distributed

processing network to share the use of another end-user's
application program is

C. Having a separate information officer at the top

level of the organization outside of the accounting
function.

A. Electronic data interchange.

B. Interactive processing.

D. Using different programming personnel to maintain

utility programs from those who maintain the
application programs.

C. Executive support system.

D. Cooperative processing.

[212] Source: CMA 0695 4-19

A local area network (LAN) is best described as a(n)

[216] Source: CMA 0695 4-23

Data input validation routines include
A. Terminal logs.
B. Passwords.

A. Computer system that connects computers of all

sizes, workstations, terminals, and other devices
within a limited proximity.

C. Hash totals.
D. Backup controls.

B. System to allow computer users to meet and share

ideas and information.
C. Electronic library containing millions of items of
data that can be reviewed, retrieved, and analyzed.
D. Method to offer specialized software, hardware,
and data handling techniques that improve
effectiveness and reduce costs.

[217] Source: CMA 0696 4-14

A critical aspect of a disaster recovery plan is to be able to
regain operational capability as soon as possible. In order
to accomplish this, an organization can have an
arrangement with its computer hardware vendor to have a
fully operational facility available that is configured to the
user's specific needs. This is best known as a(n)
A. Uninterruptible power system.

[213] Source: CMA 0695 4-20

One advantage of a database management system
(DBMS) is

B. Parallel system.
C. Cold site.

A. The responsibility and control assumed by each

organizational unit for its own data.
B. The decrease in the cost of the data processing
department as users become responsible for
establishing their own data handling techniques.
C. A decreased vulnerability because the database
management system has numerous security controls
to prevent disasters.
D. The independence of the data from the application
programs, which allows the programs to be
developed for the user's specific needs without
concern for data capture problems.

D. Hot site.

[218] Source: CMA 1296 4-25

A system that has several minicomputers connected for
communication and data transmission purposes but also
enables each computer to process its own data is known as
a
A. Distributed data processing network.
B. Centralized network.
C. Decentralized network.

[214] Source: CMA 0695 4-21

A flat file structure is used in database management
systems
(DBMS) when
A. A complex network structure is employed.
B. A network based structure is used and a complex
database schema is developed.
C. A simple network structure is employed.

D. Multidrop network.

[219] Source: CMA 1296 4-29

In order to prevent, detect, and correct errors and
unauthorized tampering, a payroll system should have
adequate controls. The best set of controls for a payroll
system includes
A. Batch and hash totals, record counts of each run,
proper separation of duties, passwords and user
codes, and backup copies of activity and master files.

D. A relational database model is selected for use.

B. Employee supervision, batch totals, record counts
of each run, and payments by check.
[215] Source: CMA 0695 4-22
In the organization of the information systems function, the
most important separation of duties is
A. Not allowing the data librarian to assist in data
processing operations.
B. Assuring that those responsible for programming
the system do not have access to data processing
operations.

C. Passwords and user codes, batch totals,

employee supervision, and record counts of each run.
D. Batch totals, record counts, user codes, proper
separation of duties, and online edit checks.

[220] Source: CMA 0695 4-30

In auditing computer-based systems, the integrated test

facility (ITF)
A. Allows the auditor to assemble test transactions
and run them through the computer system to test the
integrity of controls on a sample data base.
B. Is a set of specialized software routines that are
designed to perform specialized audit tests and store
audit evidence.
C. Is a concurrent audit technique that establishes a
special set of dummy master files and enters
transactions to test the programs using the dummy
files during regular processing runs.
D. Uses an audit log to record transactions and data
having special audit significance during regular
processing runs.

C. Reliable.
D. Cost effective.

[225] Source: CIA 0595 III-68

An insurance company that has adopted cooperative
processing is planning to implement new standard software
in all its local offices. The new software has a fast response
time, is very user friendly, and was developed with
extensive user involvement. The new software captures,
consolidates, edits, validates, and finally transfers
standardized transaction data to the headquarters
mainframe. Local managers, who were satisfied with
existing locally written microcomputer applications,
opposed the new approach because they anticipated
A. Increased workloads.
B. Centralization of all processing tasks.

[221] Source: CMA 0693 4-8

Which one of the following incorporates making the best
decisions possible, using a logical approach to solving
problems, using reasoning, having the capability to learn,
and allowing subjective inputs and outputs?
A. Expert systems.
B. Decision support systems.
C. Multi-networking.

C. More accountability.
D. Less computer equipment.

[226] Source: CIA 0596 III-75

In traditional information systems, computer operators are
generally responsible for backing up software and data files
on a regular basis. In distributed or cooperative systems,
ensuring that adequate backups are taken is the
responsibility of

D. Neural networks.
A. User management.
[222] Source: Publisher
Which of the following is not an advantage of using
computers during the audit process?
A. Auditor can work independently of the auditee.
B. Working papers can be reviewed from an off-site
location, thus saving on travel costs.
C. Auditor has access to records at remote sites.
D. Auditors can alter client data, if desired.

[223] Source: CMA 0690 3-27

One of the steps in assessing control risk in a computerized
information control system is identifying necessary controls
to prevent data from being lost, added, duplicated, or
altered during processing. An example of this type of
control is the

B. Systems programmers.
C. Data entry clerks.
D. Tape librarians.

[227] Source: CIA 1192 III-35

In a database, there are often conditions that constrain
database records. For example, a sales order cannot exist
unless the corresponding customer exists. This kind of
constraint is an example of

A. Normalization.
B. Entity integrity.
C. Internal schema.
D. Referential integrity.

A. Authorization and approval of data in user

departments and screening of data by data control
groups.
B. Review of data output by data control groups.
C. Use of external and internal file labels.
D. Use of control totals, limit and reasonableness
checks, and sequence tests.

[228] Source: CIA 1196 III-75

In a database system, locking of data helps preserve data
integrity by permitting transactions to have control of all the
data needed to complete the transactions. However,
implementing a locking procedure could lead to
A. Inconsistent processing.
B. Rollback failures.

[224] Source: CIA 1195 III-31

Today organizations are using microcomputers for data
presentation because microcomputer use, compared to
mainframe use, is more
A. Controllable.
B. Conductive to data integrity.

C. Unrecoverable transactions.
D. Deadly embraces (retrieval contention).

[229] Source: CIA 0596 III-65

All of the following are methods for distributing a relational
database across multiple servers except

A. Snapshot (making a copy of the database for

distribution).
B. Replication (creating and maintaining replica
copies at multiple locations).
C. Normalization (separating the database into logical
tables for easier user processing).
D. Fragmentation (separating the database into parts
and distributing where they are needed).

[230] Source: CIA 1196 III-57

In an overall description of a database, the names of data
elements, their characteristics, and their relationship to each
other are defined by using a

C. Increases system overhead.

D. Reduces the need for periodic password changes.

[235] Source: CIA 1195 III-40

Large organizations often have their own
telecommunications networks for transmitting and receiving
voice, data, and images. Very small organizations,
however, are unlikely to be able to make the investment
required for their own networks and are more likely to use
A. Public switched lines.
B. Fast-packet switches.
C. Standard electronic mail systems.

A. Data definition language.

D. The Internet.
B. Data control language.
C. Data manipulation language.
D. Data command interpreter language.

[236] Source: CIA adap

Which of the following networks provides the least secure
means of data transmission?
A. Value-added.

[231] Source: CIA 1193 III-33

The function of a data dictionary is to
A. Mark the boundary between two consecutive
transactions.

B. Public-switched.
C. Local area.
D. Private.

B. Organize and share information about objects and

resources.
C. Specify systems users.
D. Specify privileges and security rules for objects
and resources.

[237] Source: CIA 0595 III-44

If a system does not have a mainframe computer or a file
server but does processing within a series of
microcomputers, the network is a(n)
A. Offline processing system.

[232] Source: CIA 0596 III-51

To properly control access to accounting database files, the
database administrator should ensure that database system
features are in place to permit

B. Expert system.
C. Direct access system.
D. Peer-to-peer system.

A. Read-only access to the database files.

B. Updating from privileged utilities.
C. Access only to authorized logical views.
D. User updates of their access profiles.

[233] Source: CIA 1196 III-77

The encryption technique that requires two keys, a public
key that is available to anyone for encrypting messages and
a private key that is known only to the recipient for
decrypting messages, is
A. Rivest, Shamir, and Adelman (RSA).

[238] Source: CIA 1196 III-47

A company makes snapshot copies of some often-used
data and makes them available in files on the mainframes.
Authorized users can then download data subsets into
spreadsheet programs. A risk associated with this means of
providing data access is that
A. Data replicas may not be synchronized.
B. Data fragments may lack integrity.
C. Data transactions may be committed prematurely.
D. Data currency may not be maintained.

B. Data encryption standard (DES).

C. Modulator-demodulator.

[239] Source: CIA 1194 III-21

Which of the following is considered to be a server in a
local area network (LAN)?

D. A cypher lock.
A. The cabling that physically interconnects the nodes
of the LAN.
[234] Source: CIA 1196 III-78
The use of message encryption software

B. A device that stores program and data files for

users of the LAN.

A. Guarantees the secrecy of data.

B. Requires manual distribution of keys.

C. A device that connects the LAN to other

networks.

to transmission facilities.
D. A workstation that is dedicated to a single user on
the LAN.

[240] Source: CIA 0596 III-76

When connecting two or more electronic mail systems,
which of the following is a major security issue?
A. Inability to encrypt messages going between
network gateways.
B. Loss of critical text within messages.
C. Inability of receiving users to automatically
acknowledge receipt of messages.
D. Inability to keep backup copies of messages.

C. Delay action on orders until a second order is

received for the same goods.
D. Write all incoming messages to a
write-once/read-many device for archiving.

[245] Source: CIA 1196 III-59

An insurance firm uses a wide area network (WAN) to
allow agents away from the home office to obtain current
rates and client information and to submit approved claims
using notebook computers and dial-in modems. In this
situation, which of the following methods would provide the
best data security?
A. Dedicated phone lines.
B. Call-back features.

[241] Source: CIA 1196 III-61

A company has a very large, widely dispersed internal audit
department. Management wants to implement a
computerized system to facilitate communications among
auditors. The specifications require that auditors have the
ability to place messages in a central electronic repository
where all auditors can access them. The system should
facilitate finding information on a particular topic. Which
type of system would best meet these specifications?
A. Electronic data interchange (EDI).

C. Frequent changes of user IDs and passwords.

D. End-to-end data encryption.

[246] Source: CIA 1193 III-45

Before sending or receiving EDI messages, a company
should
A. Execute a trading partner agreement with each of
its customers and suppliers.

B. Electronic bulletin board system (BBS).

C. Fax/modem software.
D. Private branch exchange (PBX).

[242] Source: CIA 0596 III-57

Which of the following is likely to be a benefit of electronic
data interchange (EDI)?
A. Increased transmission speed of actual
documents.
B. Improved business relationships with trading
partners.
C. Decreased liability related to protection of
proprietary business data.
D. Decreased requirements for backup and
contingency planning.

B. Reduce inventory levels in anticipation of receiving

shipments.
C. Demand that all its suppliers implement EDI
capabilities.
D. Evaluate the effectiveness of its use of EDI
transmissions.

[247] Source: CIA 1193 III-46

The best approach for minimizing the likelihood of software
incompatibilities leading to unintelligible messages is for a
company and its customers to
A. Acquire their software from the same software
vendor.
B. Agree to synchronize their updating of EDI-related
software.
C. Agree to use the same software in the same ways
indefinitely.

[243] Source: CIA 0593 III-38

The emergence of electronic data interchange (EDI) as
standard operating practice increases the risk of

D. Each write their own version of the EDI-related

software.

A. Unauthorized third-party access to systems.

B. Systematic programming errors.
C. Inadequate knowledge bases.

[248] Source: CIA 1195 III-62

As organizations move to implement EDI, more of them are
turning to the use of value-added networks (VANs).
Which of the following would not normally be performed
by a VAN?

D. Unsuccessful system use.

A. Store electronic purchase orders of one
organization to be accessed by another organization.
[244] Source: CIA 1193 III-43
A control a company could use to detect forged EDI
messages is to
A. Acknowledge all messages initiated externally with
confirming messages.
B. Permit only authorized employees to have access

B. Provide common interfaces across organizations

thereby eliminating the need for one organization to
establish direct computer communication with a
trading partner.
C. Maintain a log of all transactions of an organization
with its trading partner.

D. Inadequate backup and recovery capabilities.

D. Provide translations from clients' computer
applications to a standard protocol used for EDI
communication.

[249] Source: CIA 0596 III-59

In a review of an EDI application using a third-party
service provider, the auditor should

[253] Source: CIA 1196 III-63

Which of the following is a risk that is higher when an
electronic funds transfer (EFT) system is used?
A. Improper change control procedures.
B. Unauthorized access and activity.

I. Ensure encryption keys meet ISO standards.

II. Determine whether an independent review of the service
provider's operation has been conducted.
III. Verify that only public-switched data networks are used
by the service provider.
IV. Verify that the service provider's contracts include
necessary clauses, such as the right to audit.
A. I and II.
B. I and IV.
C. II and III.
D. II and IV.

[250] Source: CIA 1193 III-49

After implementing EDI with suppliers, a company
discovered a dramatic increase in the prices it paid the
single supplier of some special materials for its primary
product line. After consulting with the supplier, the
company determined that the supplier had assumed the risk
of not having inventory and raised its prices accordingly
since the company was the only buyer for the special
materials. The best approach for managing inventory in this
situation is for the company to
A. Give the supplier more information about
expected use of the materials.

C. Insufficient online edit checks.

D. Inadequate backups and disaster recovery
procedures.

[254] Source: CMA 1289 5-11

Most of today's computer systems have hardware controls
that are built in by the computer manufacturer. Common
hardware controls are
A. Duplicate circuitry, echo check, and internal
header labels.
B. Tape file protection, cryptographic protection, and
limit checks.
C. Duplicate circuitry, echo check, and dual reading.
D. Duplicate circuitry, echo check, tape file
protection and internal header labels.

[255] Source: Publisher

The firewall system that limits access to a computer
network by routing users to replicated Web pages is
A. A packet filtering system.

B. Demand that the supplier reduce the prices of the

materials.
C. Find another supplier to replace the one charging
higher prices.

B. Kerberos.
C. A proxy server.
D. An authentication system.

D. Change its product line so the special materials are

no longer needed.

[251] Source: CIA 1193 III-50

If the cycle time for manual purchase orders is 25 days,
composed of 4 days of preparation, 3 days in the mail, 14
days in process at the supplier, and 4 days for delivery of
raw materials, the shortest possible cycle time if a company
fully implemented EDI with suppliers would be

[256] Source: Publisher

An Internet firewall is designed to provide adequate
protection against which of the following?
A. A computer virus.
B. Unauthenticated logins from outside users.
C. Insider leaking of confidential information.

A. 21 days.
D. A Trojan horse application.
B. 18 days.
C. 4 days.

[257] Source: CIA 0591 II-37

Expert systems consist of

D. 1 day.
A. Software packages with the ability to make
judgment decisions.
[252] Source: CIA 0596 III-64
Which of the following risks is not greater in an electronic
funds transfer (EFT) environment than in a manual system
using paper transactions?
A. Unauthorized access and activity.

B. A panel of outside consultants.

C. Hardware designed to make judgment decisions.
D. Hardware and software used to automate routine
tasks.

B. Duplicate transaction processing.

C. Higher cost per transaction.

[258] Source: CIA 1196 III-68

Prudent managers will recognize the limits within which

expert systems can be effectively applied. An expert

system would be most appropriate to

which audit trails have either become diminished or

are very limited.

A. Compensate for the lack of certain technical

knowledge within the organization.

C. They allow faster detection of unauthorized

transactions.

B. Help make customer-service jobs easier to

perform.

D. They are standard components of generic

software packages.

C. Automate daily managerial problem-solving.

D. Emulate human expertise for strategic planning.

[259] Source: CIA 1194 III-41

The processing in knowledge-based systems is
characterized by
A. Algorithms.
B. Deterministic procedures.

[264] Source: CPA 1195 F-11

In a sale-leaseback transaction, a gain resulting from the
sale should be deferred at the time of the sale-leaseback
and subsequently amortized when
I. The seller-lessee has transferred substantially all the
risks
of ownership.
II. The seller-lessee retains the right to substantially all of
the remaining use of the property.
A. I only.

C. Heuristics.

B. II only.

D. Simulations.

C. Both I and II.

D. Neither I nor II.

[260] Source: CIA 1193 III-56

A bank implemented an expert system to help account
representatives consolidate the bank's relationships with
each customer. The expert system has
A. A sequential control structure.
B. Distinct input/output variables.
C. A knowledge base.
D. Passive data elements.

[261] Source: CIA 1196 III-69

For which of the following applications would the use of a
fuzzy logic system be the most appropriate artificial
intelligence (AI) choice?
A. Assigning airport gates to arriving airline flights.
B. Forecasting demand for spare auto parts.
C. Ventilating expressway tunnels.
D. Diagnosing computer hardware problems.

[262] Source: CMA Samp Q.4-10

An accounting system identification code that uses a
sum-of-digits check digit will detect all of the following
errors except
A. Completeness errors.
B. Transcription errors.
C. Transposition errors.
D. Validity errors.

[263] Source: CMA Samp Q4-11

Which one of the following statements concerning
concurrent auditing techniques is not correct?
A. They allow monitoring a system on a continuous
basis for fraudulent transactions.
B. They are most useful in complex online systems in

PART 4D
Information Systems
ANSWERS
[1] Source: CMA 0687 5-6
Answer (A) is incorrect because this does not involve
the need to recover from data loss caused by system
failure.
Answer (B) is incorrect because this does not involve
the need to recover from data loss caused by system
failure.
Answer (C) is incorrect because this does not involve
the need to recover from data loss caused by system
failure.
Answer (D) is correct. A checkpoint or restart
procedure is designed to recover from hardware
failures or power loss. The process involves capturing
all values and program indicators at specified
checkpoints and storing them in another file. If
processing is interrupted, it can be resumed at the last
checkpoint rather than at the beginning of the run.

[2] Source: CMA 0687 5-9

Answer (A) is correct. A turnaround document is a
computer output prepared in such a way that it can
eventually be used as a source document for an input
transaction. For example, an optical character
recognition (OCR) document might be used as a
sales invoice to be mailed to a customer and returned
with payment. Thus, no new document would have to
be prepared to record the payment. Utility bills are
often mailed to customers in the form of turnaround
documents.

Answer (A) is incorrect because the throughput of a

computer can be increased by this activity.
Answer (B) is incorrect because the throughput of a
computer can be increased by this activity.
Answer (C) is incorrect because the throughput of a
computer can be increased by this activity.
Answer (D) is correct. Throughput is the quantity of
work processed in a given time. It measures system
performance and embraces input, processing, and
output. Using punched cards as an input to the direct
keying of input data is a redundant process that will
slow input and thereby overall throughput.

[5] Source: CMA 0687 5-12

Answer (A) is incorrect because the term simplex
refers not only to use of a single CPU but also to
one-way transmission along a communication line,
e.g., for display only.
Answer (B) is correct. The reliability of a system is
improved when backup equipment is available. A
duplex system is a centralized system in which two
computers are used, with one backing up the other.
Answer (C) is incorrect because distributed systems
also have an inherent backup feature since they
consist of multiple remote computers that share
processing tasks and possibly even data management
responsibilities.
Answer (D) is incorrect because a front-end
processor is an ancillary device that performs certain
communications control functions for the CPU, such
as routine data transfer tasks.

[6] Source: CMA 1287 5-1

Answer (B) is incorrect because turnaround
documents circulate both within and without the
organization.
Answer (C) is incorrect because turnaround
documents circulate both within and without the
organization.
Answer (D) is incorrect because such documents are
especially useful in computer systems but are also
employed in manual systems.

[3] Source: CMA 0687 5-10

Answer (A) is incorrect because a modem allows
computer signals to be sent over a telephone line.
Answer (B) is incorrect because a modem allows
computer signals to be sent over a telephone line.
Answer (C) is incorrect because a modem allows
computer signals to be sent over a telephone line.
Answer (D) is correct. The term modem is an
acronym for modulator/demodulator. This device
converts digital signals to analog signals, e.g., sounds
necessary for transmission by telephone lines.
Another modem at the receiving end reconverts the
analog signals back to the digital signals used by the
computer.

Answer (A) is incorrect because it is not the most

accurate answer.
Answer (B) is incorrect because it is not the most
accurate answer.
Answer (C) is incorrect because it is not the most
accurate answer.
Answer (D) is correct. Whether or not an information
system is computerized it must capture data in a form
useful for further processing. Data must be recorded,
verified for accuracy, and classified into meaningful
categories. It may also need to be transmitted to the
point at which it will be processed. Data must be
processed to yield useful information. This step may
entail further verification and classification as well as
sorting into a specified order, batching or grouping
similar items, making calculations, and summarizing
(aggregating) data elements. The management of data
involves storage, maintenance (updating), and
retrieval (searching for stored data). A primary
function of the system at all stages is to establish
control over the accuracy, security, and integrity of
data. The ultimate function of the system is to
generate or report information that is effectively
communicated to users. The foregoing may be
summarized as the functions of inp ut, processing,
output, storage, and control.

[7] Source: CMA 0689 5-2

[4] Source: CMA 0687 5-11

Answer (A) is incorrect because a data-flow diagram

would show only where data goes, not the total
system.
Answer (B) is correct. A system flowchart is a
pictorial representation of an information system at
the macro level. It emphasizes inputs, processing
steps, and outputs but not the details of execution.
Answer (C) is incorrect because a Gantt chart is a
bar chart used to monitor the progress of large
projects.
Answer (D) is incorrect because a decision table is
used to show the various possibilities available in a
given decision situation.

[8] Source: CMA 0689 5-3

sounds necessary for transmission by telephone lines.

Another modem at the receiving end reconverts the
analog signals back to the digital signals used by the
computer.
Answer (D) is incorrect because a DBMS is complex
software that serves on an interface between
applications and a set of integrated files (a database).

[11] Source: CMA 1289 5-10

Answer (A) is incorrect because a control total is a
total of one information field.
Answer (B) is incorrect because a hash total is the
summation of an otherwise meaningless control total,
such as the total of all invoice numbers. The purpose
is to determine whether any data have been lost.

Answer (A) is incorrect because it is a part of the

implementation stage of the systems life cycle.

Answer (C) is incorrect because a data access

validation routine limits access to data.

Answer (B) is incorrect because it is a part of the

implementation stage of the systems life cycle.

Answer (D) is correct. Validity checks, limit checks,

field checks, and sign tests are all examples of input
controls (input validation routines).

Answer (C) is correct. Systems implementation

includes training and educating users, documenting
the systems, testing the systems' programs and
procedures, systems conversion (including final
testing and switchover), and systems follow-up.
General systems design is not a part of the
implementation stage of the life cycle, but the detailed
systems design, such as the line-by-line coding of
computer programs, is accomplished at this stage.
Answer (D) is incorrect because it is a part of the
implementation stage of the systems life cycle.

[9] Source: CMA 0689 5-9

Answer (A) is incorrect because ROM does not
permit the storage of data.
Answer (B) is incorrect because disk drives and tape
drives are not storage devices (disk and tape are
used for storage, but the drives are not).
Answer (C) is correct. Data may be entered into or
erased from RAM. RAM is used to store data that
can be subsequently used by the CPU. RAM is used
for primary storage of input and processing results. It
also transfers information for output and secondary
storage.
Answer (D) is incorrect because disk drives and tape
drives are not storage devices (disk and tape are
used for storage, but the drives are not).

[10] Source: CMA 0689 5-11

Answer (A) is incorrect because word processing
software permits a microcomputer to display text on
a screen, to edit that text, store it on a floppy disk,
and print it.
Answer (B) is incorrect because a language translator
is software that converts programs into
machine-readable instructions.
Answer (C) is correct. Software consists of
programmed instructions to computer equipment
(hardware). A modem is hardware. The term modem
is an acronym for modulator/demodulator. This
device converts digital signals to analog signals, e.g.,

[12] Source: CMA 1289 5-9

Answer (A) is incorrect because separation of duties
is not a feedforward control.
Answer (B) is correct. Calculation of cost accounting
variances is an example of a feedback control; that is,
a control that provides after-the-fact information
about the results of an operation. A feedforward
(planning) control predicts future conditions.
Feedforward is involved in such activities as cash
budgeting and cash planning. A preventive control
forestalls the occurrence of variations from desirable
performance. Separation of duties, organizational
independence, and inventory control are examples.
Thus, the following is the proper order: cost
accounting variances, cash budgeting, and
organizational independence or separation of duties.
Answer (C) is incorrect because cash budgeting is
not a feedback control and cost accounting variances
is not a feedforward control.
Answer (D) is incorrect because inventory control is
not a feedback control and cash budgeting is not a
preventive control.

[13] Source: CMA 1289 5-11

Answer (A) is incorrect because an internal header
label is not a hardware control.
Answer (B) is incorrect because these are not
hardware controls.
Answer (C) is correct. Hardware controls include
parity checks, echo checks, dual read-write heads,
dual circuitry, diagnostic routines, boundary
protection, interlock, and a file protection ring.
Answer (D) is incorrect because an internal header
label is not a hardware control.

[14] Source: CMA 0693 4-7

Answer (A) is incorrect because implementation is
excluded.

Answer (B) is incorrect because analysis is excluded.

Answer (C) is incorrect because follow-up is not
included.
Answer (D) is correct. The systems development life
cycle approach is the most common methodology
applied to the development of highly structured
application systems. The life cycle approach is based
on the idea that an information system has a finite life
span that is limited by the changing needs of the
organization. This cycle is analytically divisible into
stages. A new system life cycle begins when the
inadequacy of the current system leads to a decision
to develop a new or improved system. The process
goes from planning and analysis to design,
implementation, and follow-up.

[15] Source: CMA 0693 4-17

Answer (A) is incorrect because the increasing
availability of computing power to managers has
changed the nature and timing of available information
and the activities that can be undertaken.
Answer (B) is incorrect because individual managers,
not just computer specialists, can now make use of
computer systems.
Answer (C) is incorrect because remote access to
computer systems, collection of data organized to
serve many applications at the same time, and the
development of such office automation applications
as word processing and voice-mail have stimulated
change.
Answer (D) is correct. Information resource
management and management information services
are not examples of recent technological
developments. They have long existed in some form.

program or package within the system that records

signal counts and may perform other tasks such as
taking "snapshots" of internal conditions and
indications at predetermined times. This is particularly
relevant to reconstructing records after a system
failure.
Answer (D) is incorrect because monitors are not
concerned with programming.

[18] Source: CMA 0685 5-20

Answer (A) is correct. In the development of an
information system, the role of the systems analyst is
to study the activity for which a system is to be
created, define its goals or purposes, and design
operations and procedures that accomplish them in
the most efficient way.
Answer (B) is incorrect because a systems analyst
does not have to be a programmer.
Answer (C) is incorrect because the analyst is
responsible for using technology to meet information
needs, not for the management of the system.
Answer (D) is incorrect because a systems analyst is
not responsible for supervising programmers.

[19] Source: CMA 0685 5-21

Answer (A) is correct. A document flowchart depicts
the flow of documents through an entity. It is part of
the documentation of an accounting system and is
also a useful tool for understanding the organization's
communications network (to the extent documents
are a medium of communication). It also shows the
interfaces with other procedures.
Answer (B) is incorrect because a program flowchart
represents the specific steps in a computer program
and the order in which they will be executed.

[16] Source: CMA 1284 5-27

Answer (A) is correct. Editing (validation) of data
should produce a cumulative error listing that includes
not only errors found in the current processing run but
also uncorrected errors from earlier runs. Each error
should be identified and described, and the date and
time of detection should be given. Sometimes, the
erroneous transactions may need to be recorded in a
suspense file. This process is the basis for developing
appropriate reports.
Answer (B) is incorrect because the amount of work
needed to correct errors is not affected by the means
by which errors are detected and recorded.
Answer (C) is incorrect because validation of data is
not dependent upon whether an error log is
maintained manually or on the computer.
Answer (D) is incorrect because an audit trail
consists of much more than an error listing.

Answer (C) is incorrect because a decision table is a

logic diagram that shows possible conditions and
related actions to be taken.
Answer (D) is incorrect because it is a step in a
systems analysis.

[20] Source: CMA 0685 5-22

Answer (A) is incorrect because a document
flowchart depicts the flow of documents through an
entity.
Answer (B) is incorrect because a printer layout chart
is used to design the format of computer generated
reports on preprinted forms used only in output.
Answer (C) is correct. A record layout is used to
describe the fields in each logical record of each file
used in input, output, and storage. Layout sheets are
preprinted forms used as documentation for record
layouts.

[17] Source: CMA 1284 5-34

Answer (A) is incorrect because monitors are not
concerned with programming.
Answer (B) is incorrect because monitors are not
concerned with programming.
Answer (C) is correct. A software monitor is a

Answer (D) is incorrect because it is a step in

systems analysis.

[21] Source: CMA 0685 5-23

Answer (A) is incorrect because a document
flowchart depicts the flow of documents through an

entity.
Answer (B) is correct. A printer layout chart is a
gridded spacing chart that is an aid to designing
documents and reports generated as hardcopy paper
output by a printer.

Answer (B) is incorrect because a DBMS is a set of

programs that mediates between application
programs and a database. Since the DBMS performs
the function of locating data items in the storage
media, application programs can be written that are
independent of the physical arrangement of data.

Answer (C) is incorrect because a record layout

sheet is used for formatting computer input and file
records.

Answer (C) is incorrect because a utility program is a

generalized program for performing a commonly
required process such as sorting.

Answer (D) is incorrect because it is a step in

systems analysis.

Answer (D) is incorrect because a language

processor is a program that converts a source code
into instructions the CPU can execute.

[22] Source: CMA 0686 5-1

[25] Source: CMA 0686 5-5
Answer (A) is incorrect because interpretation of
accounting information is the function of its users.
Answer (B) is incorrect because the main focus of
accounting systems is to record transactions, maintain
accountability for assets, and provide reports,
although managerial accounting may sometimes
provide a basis (variance analysis) for management
by exception.
Answer (C) is incorrect because it states the purpose
of a management information system.
Answer (D) is correct. Accounting systems are
designed to record, process, and store data and
generate required reports to external and internal
users concerning business transactions. In many
companies, such systems embrace both financial and
managerial accounting. The distinction between an
accounting system and a management information
system is that the latter provides information for
decision making that is both accounting and
nonaccounting related.

[23] Source: CMA 0686 5-2

Answer (A) is incorrect because participating in the
design of the system is an operational task that might
impair an auditor's objectivity.
Answer (B) is incorrect because using
state-of-the-art techniques may be fruitless if top
management and users are not involved.
Answer (C) is incorrect because hardware selection
is an important consideration.
Answer (D) is correct. The most important factor in
planning for a system change is to obtain top
management's full support. If higher level executives
are enthusiastic about the change, their subordinates
will tend to cooperate more fully. Top management
should set priorities, clarify the objectives of the
system, approve the long-range plans and projects,
monitor development, and appoint key personnel.
Users should also become involved because of their
knowledge of the company's specific needs and their
crucial role in implementing and operating the system.

[24] Source: CMA 0686 5-4

Answer (A) is correct. An operating system is a set
of programs and routines used by the CPU to control
the operations of the computer. One function
performed by the operating system is to supervise the
execution of programs, including determining program
priority.

Answer (A) is incorrect because an operating system

is an integrated group of programs that controls the
operations of a computer.
Answer (B) is incorrect because a utility program is a
generalized program for performing a commonly
required process such as sorting.
Answer (C) is correct. A language processor or
translator is a program that converts a source
program into an object program (instruction codes
that the CPU can execute). Examples are assemblers
(used to convert assembly language to machine
language) and compilers (used to convert
procedure-oriented languages to machine language).
Answer (D) is incorrect because an object program
is a set of machine-readable instructions that can be
followed by the CPU.

[26] Source: CMA 0686 5-6

Answer (A) is incorrect because a source program is
written by a programmer in a source language
(FORTRAN, COBOL, BASIC) that will be
converted into an object program.
Answer (B) is incorrect because a compiler produces
a machine-language object program from a source
program written in a procedure-oriented language.
Answer (C) is incorrect because language processors
convert a source program into instruction codes that
the CPU can execute.
Answer (D) is correct. Service programs are also
known as utility programs. Utility programs are
standardized subroutines that can be incorporated
into other programs, e.g., to alphabetize, to find
square roots, etc. These routines are ordinarily
supplied by the manufacturer and are part of the
operating system.

[27] Source: CMA 0686 5-9

Answer (A) is incorrect because a database can be
used with direct or sequential file access.
Answer (B) is incorrect because separate conversion
and editing runs are usually performed in an offline
mode when sequential processing is used.
Answer (C) is incorrect because remote batch
processing of sequential files is not unusual.
Answer (D) is correct. In an online, real-time system,
direct (random), not sequential, access to files is

required. As each transaction is entered, it is edited

(validated). Files can then be immediately updated to
reflect that transaction. Sequential file access is
typical of (but not required in) batch processing.

[28] Source: CMA 0687 5-2

Answer (A) is incorrect because a special run would
be required to copy a disk file.
Answer (B) is incorrect because an extra run is not
required for tape since updating does not destroy the
original.
Answer (C) is correct. Updating a magnetic tape file
involves running the old master file together with the
transaction data to create a new master file on a
separate tape. The old master file and transactions file
can then be retained as backup. Updating a magnetic
disk file, however, entails writing on the old disk, thus
destroying the original master file. Accordingly, the
disk files should be copied on magnetic tape at
appropriate intervals so that restart procedures can
begin at those points if data are lost or destroyed.
Tape provides an efficient and cost effective medium
for the backup.
Answer (D) is incorrect because the
grandfather-father-son technique is more
appropriately applied with magnetic tape files.

Answer (B) is incorrect because it is a systems

development subsequent to surveying the present
system, etc.
Answer (C) is incorrect because it is a systems
development subsequent to surveying the present
system, etc.
Answer (D) is incorrect because it is a systems
development subsequent to surveying the present
system, etc.

[31] Source: CMA 0689 5-4

Answer (A) is correct. As with any investment
decision, the governing factor should be the
cost-benefit ratio. For this reason, both technological
and economic feasibility studies must be undertaken.
Answer (B) is incorrect because it is essentially a
nonsense answer in this context.
Answer (C) is incorrect because decision tree
analysis would need to have input in the form of costs
and benefits.
Answer (D) is incorrect because it is essentially a
nonsense answer in this context.

[32] Source: CMA 1290 4-20

[29] Source: CMA 0687 5-16
Answer (A) is correct. The term systems program
apparently refers to the operating system. This
software not only manages applications programs,
but also compiles them into machine-readable
language for execution, regulates the input/output
units and CPU, controls data movement, schedules
jobs, maintains logs, manages utility programs, and
communicates with the operator.
Answer (B) is incorrect because such algorithms
would be found in applications programs.
Answer (C) is incorrect because the operating system
must be able to communicate with the hardware in
machine language.
Answer (D) is incorrect because applications
programs manipulate data.

[30] Source: CMA 1287 5-5

Answer (A) is correct. A systems analysis requires a
survey of the existing system, the organization itself,
and the organization's environment to determine
(among other things) whether a new system is needed
and the scope of the study. The analysis of the survey
results determines not only what, where, how, and by
whom activities are performed but also why, how
well, and whether they should be done at all.
Ascertaining the problems and informational needs of
decision makers is the next step. The systems
analysts must consider the entity's key success
variables (factors that determine its success or
failure), the decisions currently being made and those
that should be made, the factors important in decision
making (timing, relation to other decisions, etc.), the
information needed for decision, and how well the
present system makes those decisions. Finally, the
systems analysis should establish the requirements of
a system that will meet user needs.

Answer (A) is incorrect because, as stated in S.

Vallabhaneni, Auditing Software Development (John
Wiley & Sons, Inc., 1990, p. 226), "Walkthroughs
are a structured series of peer reviews of a system
component used to enforce standards, detect errors,
and improve development visibility and system
quality."
Answer (B) is incorrect because systems design is
preliminary, not an alternative, to parallel operation.
Design must occur prior to conversion. Also,
participating in the design of the system is an
operational task that might impair an auditor's
objectivity.
Answer (C) is incorrect because programmed checks
are part of the system to which conversion is desired,
not a means of effecting the conversion.
Answer (D) is correct. Parallel running conversion is
the processing of data in both the old and new
systems simultaneously and comparison of the results.
If the systems produce identical output, the new
system is functioning properly. However, parallel
operation is costly and awkward and may not be
appropriate, e.g., when the system has been designed
for a new function of the company. A pilot operation
(modular or phase-in conversion) is an alternative. It
entails conversion to the new or modified system by
module or segment. For example, a supermarket
chain might convert one store at a time. The
disadvantage of this method is that it may extend the
conversion time.

[33] Source: CMA 0691 4-27

Answer (A) is incorrect because the proper sequence
is: analysis, design, implementation, and operation.
Answer (B) is incorrect because the proper sequence
is: analysis, design, implementation, and operation.
Answer (C) is correct. The systems development life

cycle approach is the most common methodology

applied to the development of large, highly structured
application systems. The life cycle approach is based
on the idea that an information system has a finite
lifespan that is limited by the changing needs of the
organization. A new system life cycle begins when the
inadequacy of the current system leads to a decision
to develop a new system. The first step in the systems
development life cycle is an investigation to identify
and define the organization's needs. This is followed
by analysis, systems design, implementation, and
finally operation of the system. Once operable,
systems maintenance must be undertaken throughout
the life of the system.
Answer (D) is incorrect because the proper sequence
is: analysis, design, implementation, and operation.

[34] Source: CIA 0592 III-24

Answer (A) is incorrect because tasks using heuristic
(trial and error) approaches do not follow
preestablished fixed logical steps facilitated by formal
information systems.
Answer (B) is incorrect because programmable tasks
using ad hoc analysis usually involve infrequent
decisions. They use a structured information process
only when indicators other than the frequency of the
decision suggest the need for it.
Answer (C) is incorrect because nonrepetitive tasks
are unstructured and least likely to be handled by the
formal information system.
Answer (D) is correct. According to Davis and
Olson [Management Information Systems (2d).
McGraw-Hill, 1985, p. 6], an MIS is "an integrated
user-machine system for providing information to
support operations, management analysis, and
decision-making functions in an organization. The
system uses computer hardware and software;
manual procedures; models for analysis, planning,
control, and decision-making; and a database." An
MIS can support structured and semistructured
decision, that is, those for which a decision procedure
(embedded decision tables) can be at least partially
programmed.

[35] Source: CIA 1192 III-21

Answer (A) is incorrect because a database is an
essential part of the routine processing performed by
a data processing system.

Answer (A) is correct. A decision support system

(DSS) assists middle- and upper-level managers in
long-term, nonroutine, and often unstructured
decision making. The system contains at least one
decision model, is usually interactive, dedicated, and
time-shared, but need not be real-time. It is an aid to
decision making, not the automation of a decision
process. The microcomputer-based simulation model
is used to provide interactive problem solving (i.e.,
scheduling) assistance, the distinguishing feature of a
DSS.
Answer (B) is incorrect because the generalized audit
software package does not provide interactive
problem solving assistance in retrieving the purchase
orders, and thus is not a DSS.
Answer (C) is incorrect because the query feature of
a DBMS does not provide interactive problem
solving assistance in compiling the report, and thus is
not a DSS.
Answer (D) is incorrect because remote access and
online operation are not unique to a DSS.

[37] Source: CIA 1191 III-29

Answer (A) is correct. Prototyping (an experimental
assurance process) is costly and time-consuming and
thus is not currently the most common approach. It
entails developing and putting into operation
successively more refined versions of the system until
sufficient information is obtained to produce
satisfactory design. Prototyping is the best approach
in these circumstances because the requirements are
difficult to specify in advance and are likely to change
significantly during development.
Answer (B) is incorrect because the system
development life cycle model is appropriate for highly
structured operational applications whose
requirements can be defined in advance. Thus, it is
not suitable for the bank's application.
Answer (C) is incorrect because structured analysis
and design technique is a specific application of the
system development life cycle model.
Answer (D) is incorrect because pilot operation is a
modular approach to conversion to a new system,
not an experimental technique.

[38] Source: CIA 1191 III-31

Answer (B) is correct. According to Davis and Olson

[Management Information Systems (2d),
McGraw-Hill, 1985, p. 6], an MIS is "an integrated
user-machine system for providing information to
support operations, management analysis, and
decision-making functions in an organization. The
system uses computer hardware and software;
manual procedures; models for analysis, planning,
control, and decision making; and a database."

Answer (A) is incorrect because the life cycle

approach is better suited for structured, clearly
defined projects.

Answer (C) is incorrect because the automation of

routine transaction processing is a central feature of a
data processing system.

Answer (D) is correct. The life cycle approach is best

employed when systems are large and highly
structured, users understand the tasks to be
performed by the information system, and the
developers have directly applicable experience in
designing similar systems. In the life cycle process,
each stage of development is highly structured, and
requirements are clearly defined. However, when the
task is unstructured, prototyping may be the better
approach. Prototyping (an experimental assurance

Answer (D) is incorrect because the production of

reports to support operations is a central feature of a
data processing system.

[36] Source: CIA 1193 III-22

Answer (B) is incorrect because the life cycle

approach is better suited for large projects.
Answer (C) is incorrect because the life cycle
approach is better suited for complex projects.

process) is costly and time-consuming and thus is not

currently the most common approach. It entails
developing and putting into operation successively
more refined versions of the system until sufficient
information is obtained to produce satisfactory
design.

[39] Source: CIA 1192 III-39

Answer (A) is incorrect because possible vendors for
the system and their reputation for quality would be
determined after the feasibility study.
Answer (B) is incorrect because exposure to
computer viruses and other intrusions is part of the
information requirements phase.
Answer (C) is incorrect because methods of
implementation such as parallel or cut-over would be
determined during the implementation and operations
stage.
Answer (D) is correct. The feasibility study should
consider the activity to be automated, the needs of
the user, the type of equipment required, the cost,
and the potential benefit to the specific area and the
company in general. Thus, technical feasibility and
cost are determined during this stage.

[40] Source: CIA 1192 III-87

Answer (A) is correct. The life cycle approach is best
employed when systems are large and highly
structured, users understand the tasks to be
performed by the information system, and the
developers have directly applicable experience in
designing similar systems. In the life cycle process,
each stage of development is highly structured, and
requirements are clearly defined.
Answer (B) is incorrect because the lower the user
understanding of tasks and the smaller the project
size, the less appropriate life cycle methodologies are
for the problem.
Answer (C) is incorrect because the lower the user
understanding of tasks and the more uncertain the
requirements, the less appropriate life cycle
methodologies are for the problem.
Answer (D) is incorrect because the more uncertain
the requirements, the less appropriate life cycle
methodologies are for the problem.

especially in cases in which requirements are

uncertain.
Answer (C) is incorrect because anticipating and
planning for resource use rather than acquiring
resources on short notice is a rationale for the life
cycle approach.
Answer (D) is incorrect because converting data files
once rather than reformatting data continually with
new project iterations is a rationale for the life cycle
approach.

[42] Source: CIA 1193 III-38

Answer (A) is correct. In order, the functions to be
performed are analysis of user requirements, design
of processes and data structures, construction of
programs and files, and implementation of the system.
Answer (B) is incorrect because determining user
requirements through analysis must precede design of
the system.
Answer (C) is incorrect because construction of a
system must precede its implementation.
Answer (D) is incorrect because determining user
requirements through analysis must precede design of
the system, and construction of a system must follow
its design.

[43] Source: CIA 0593 III-42

Answer (A) is incorrect because greater online
access may or may not be helpful, depending on the
user organization's needs.
Answer (B) is incorrect because the marketplace
creates competitive pressures for enhanced functions
in systems.
Answer (C) is correct. An important management
challenge is to integrate the planning, design, and
implementation of complex application systems with
the strategy of the organization, which will permit the
best possible response to quickly changing
information requirements.
Answer (D) is incorrect because use of automated
controls may be independent of responding quickly to
changing information requirements.

[44] Source: CIA 0594 III-32

[41] Source: CIA 1192 III-94
Answer (A) is incorrect because dividing a project
into manageable segments at the beginning instead of
imposing control after development is under way is a
rationale for the life cycle approach.
Answer (B) is correct. Prototyping (an experimental
assurance process) is costly and time-consuming and
thus is not currently the most common approach. It
entails developing and putting into operation
successively more refined versions of the system until
sufficient information is obtained to produce
satisfactory design. Prototyping is the best approach
for unstructured applications because the
requirements are difficult to specify in advance and
are likely to change significantly during development.
The principal rationale for prototyping is that it is
easier to react to an existing application system than
to specify desired features for a future system,

Answer (A) is incorrect because initiation, analysis,

and design must precede testing.
Answer (B) is correct. Major testing of the
developed system occurs before implementation.
According to Systems Auditability and Control, the
life cycle approach includes the following stages (in
order): initiation, analysis, design, construction, and
implementation.
Answer (C) is incorrect because initiation, analysis,
and design must precede testing.
Answer (D) is incorrect because a system should be
tested before implementation.

[45] Source: CIA 0594 III-33

Answer (A) is correct. The test data technique

involves the use of specifically prepared sets of input
data that test application controls. The purpose is to
run a variety of transactions, with the outcomes
compared with previously determined results. This
technique would be helpful during the development
stage because it would identify weaknesses in the
program early in the development process.

of a computer system. The major function of the

CPU is to retrieve stored instructions and data,
decode the instructions, and carry out the instructions
in the arithmetic-logic unit. The principal components
of the CPU are primary storage, the arithmetic-logic
unit, and the control unit. All computers have a CPU
that works in conjunction with peripheral devices
(e.g., input and output devices).

Answer (B) is incorrect because the ITF

(minicompany) technique is used to audit transactions
during normal operations, not during the development
stage.

Answer (C) is incorrect because the tape control unit

provides the path for data transfer to and from the
CPU and tape devices.

Answer (C) is incorrect because embedded audit

modules are used to audit transactions during normal
operations, not during the development stage.
Answer (D) is incorrect because system control audit
review files are used to audit transactions during
normal operations, not during the development stage.

[46] Source: CIA 0594 III-34

Answer (A) is incorrect because the direct cut-over
method immediately implements and switches to the
new system.
Answer (B) is correct. The parallel method operates
the old and new systems simultaneously until
satisfaction is obtained that the new system is
operating as expected. Thus, the parallel method is
the least risky method of conversion because it allows
a comparison between the old and new system
outputs.

Answer (D) is incorrect because a multiplexor

channel provides the path for data transfer to and
from the CPU and a group of output devices.

[49] Source: CIA 0593 III-52

Answer (A) is incorrect because WORM is write
once, read many times.
Answer (B) is incorrect because RAM is random
access memory.
Answer (C) is incorrect because ROM is read-only
memory. ROM is where certain start-up programs
are stored.
Answer (D) is correct. CD-ROM is a form of laser
optical disk often used for reference materials. It is
the acronym for compact disk, read-only memory.
Thus, it is read-only and removable.

[50] Source: CIA 0591 III-86

Answer (C) is incorrect because prototyping is an
experimental assurance process that involves
developing and putting into operation successively
more refined versions of the system. It is a method of
design, not of conversion.
Answer (D) is incorrect because the modular/phased
method converts to the new system by module or
segment.

[47] Source: CIA 1191 III-32

Answer (A) is incorrect because main memory
storage capacity is a measure of memory.
Answer (B) is correct. Processing speed is
commonly calculated in terms of arithmetic-logic
operations performed per second. Another method
of performance measurement is word size, that is, the
number of bits that can be manipulated in one
operation by the processing unit.
Answer (C) is incorrect because read only memory is
main memory that ordinarily cannot be changed by
the user. It is not a performance measure.
Answer (D) is incorrect because, although some
processors can be faster than others, the true
measure of a microprocessor is its overall ability to
process data.

[48] Source: CIA 0593 III-45

Answer (A) is incorrect because the disk control unit
provides the path for data transfer to and from the
CPU and disk devices.
Answer (B) is correct. The CPU is the main element

Answer (A) is correct. Higher-level languages have

certain advantages over lower-level (machine and
assembler) languages. For example, higher-level
languages, such as COBOL, FORTRAN, and
BASIC, are easier to write and understand and
therefore more human efficient. They can also be
more computer independent than lower-level
languages.
Answer (B) is incorrect because higher-level
languages use compilers to translate source code to
machine readable code and thus use additional
computer resources.
Answer (C) is incorrect because no computer
language is compatible with all computer operating
systems.
Answer (D) is incorrect because access to data is
determined by controls within application programs,
not programming languages.

[51] Source: CIA 0591 III-84

Answer (A) is incorrect because assembler languages
usually correlate programmer commands on a
one-to-one basis with machine instructions. They
employ mnemonic symbols rather than the binary
code used in machine languages.
Answer (B) is incorrect because a compiler is a
program that translates a higher-level language
program into machine language.
Answer (C) is correct. A procedure-oriented or
higher-level language allows specification of
processing steps in terms of more highly aggregated
operations. Translation to an object program is

performed by a compiler program. COBOL

(COmmon Business Oriented Language) consists of
a series of English-like statements. FORTRAN
(FORmula TRANslation) is very effective for solving
mathematics and engineering problems but is less so
for business applications. BASIC (Beginner's
All-purpose Symbolic Instruction Code) is a widely
used language for microcomputers but is not
ordinarily used in large business application
processing.
Answer (D) is incorrect because machine language
consists of instructions a computer can directly
recognize and execute. It is internally stored in binary
form. All programs must eventually be converted into
machine language.

[52] Source: CIA 0592 III-36

Answer (A) is incorrect because lower quality
documentation of end-user programs is a likely
outcome.
Answer (B) is correct. Fourth-generation
(problem-oriented) languages were developed to
make programming languages more user-friendly. A
user who is a nonprogrammer does not have to learn
the technical workings of the computer to understand
fourth-generation languages. They permit users simply
to describe the problems to be solved rather than the
specific procedures to be followed by the computer
in arriving at solutions. Thus, efficiency is improved
when managers can generate their own reports when
needed rather than delegating the task to others.
However, unintentional errors by inexperienced
programmers is one of the dangers associated with a
widespread increase in end-user programming.
Answer (C) is incorrect because demand should be
lower.
Answer (D) is incorrect because a potential increase
(not decrease) in the risk of fraud and irregularities is
one of the dangers associated with a widespread
increase in end-user programming.

[53] Source: CIA 1192 III-32

Answer (A) is incorrect because utility software
performs routine tasks such as sorting or merging of
files.
Answer (B) is correct. In multiprogramming, the
operating system processes a program until an
input-output operation is required. Because input or
output can be handled by peripheral hardware, the
CPU can thus begin executing another program's
instructions while output is in progress. Several
programs are being processed concurrently, but only
one is actually being executed in the CPU. This is
accomplished by the computer switching back and
forth between programs during processing. Operating
software can also provide multiprocessing and virtual
storage capabilities.

[54] Source: CIA 0593 III-55

Answer (A) is correct. The operating system is a
form of system software that mediates between the
applications programs and the computer hardware. It
communicates with the operator or user in the event
of processor, input/output device, or program errors.
Answer (B) is incorrect because the operating system
contains a repertoire of simple commands for
otherwise complicated functions but no programs for
specific applications.
Answer (C) is incorrect because application
programs are responsible for performing check digit
verification of account numbers.
Answer (D) is incorrect because utility programs
perform such routine tasks as merging files or sorting
data.

[55] Source: CIA 0592 III-32

Answer (A) is incorrect because field refers to a
single data item.
Answer (B) is incorrect because file refers to multiple
records.
Answer (C) is incorrect because database refers to
multiple files.
Answer (D) is correct. A record is a collection of
related data items (fields). A field (data item) is a
group of characters representing one unit of
information. The part number, part description, etc.,
are represented by fields.

[56] Source: CIA 1192 III-37

Answer (A) is incorrect because neither sequential
storage nor chains allow the access necessary to be
able to easily locate individual files on a random
basis.
Answer (B) is incorrect because neither sequential
storage nor indexes allow the access necessary to be
able to easily locate individual files on a random
basis.
Answer (C) is correct. Record keys provide a way
for each file to be uniquely identified for random
requests. Indexes provide the addresses for each
record. Pointers provide a method for the overdue
accounts to be linked together for ease in preparing
the overdue report.
Answer (D) is incorrect because internal file labels
provide the identification information concerning the
files stored on the magnetic media. They do not
provide sufficient information to allow access to
individual records in the file.

[57] Source: CIA 0593 III-57

Answer (C) is incorrect because database
management system software allows access to stored
data by providing an interface between users or
programs and the stored data.
Answer (D) is incorrect because shareware is
software made available for a fee to users through a
distributor or an electronic bulletin board service.

Answer (A) is incorrect because a database is an

organized collection of files.
Answer (B) is correct. A data item (or field) is a
group of characters. It is used to represent individual
attributes of an entity, such as an employee's address.
A field is an item in a record.
Answer (C) is incorrect because a file is a collection

of records.
Answer (D) is incorrect because a record is a
collection of data items.

[58] Source: CIA 1191 III-25

Answer (A) is incorrect because read-write time
occurs after a location has been accessed.
Answer (B) is incorrect because rotational delay of
the disk is also included in the time needed to access
a location.
Answer (C) is correct. Rotational delay is the time
required for the magnetic disk to revalue so that the
location to be accessed on the disk is under the head
of the read-write arm. Seek time is the time required
to position the read-write arm. Both are necessary to
access a location on a disk.
Answer (D) is incorrect because read-write time
occurs after a location has been accessed.

can have multiple purchase orders made out to the

same vendor. The primary key in purchase order files
would be the purchase order number because it is the
only unique identifier for the record.
Answer (C) is incorrect because purchase order files
can have multiple purchase orders made out to the
same vendor. The primary key in purchase order files
would be the purchase order number because it is the
only unique identifier for the record.
Answer (D) is incorrect because purchase order files
can have multiple purchase orders made out to the
same vendor. The primary key in purchase order files
would be the purchase order number because it is the
only unique identifier for the record.

[62] Source: CIA 0591 III-88

Answer (A) is correct. A distributed data processing
system maximizes the advantages of both centralized
and decentralized systems. Each remote location has
its own processing unit that is linked to a central
mainframe. The advantage is that processing tasks
may be undertaken where they are best performed.

[59] Source: CIA 0592 III-29

Answer (A) is correct. RAM is primary storage that
may be used to store data and application programs.
Data may be read from or written in RAM. Unlike
ROM and magnetic secondary storage devices, a
power interruption causes erasure of the contents.
Answer (B) is incorrect because ROM is designed to
retain all information whether or not the PC is turned
on.
Answer (C) is incorrect because contents of magnetic
disk storage are not affected when the PC is turned
off.

Answer (B) is incorrect because the parallel

approach to systems conversion involves running
both old and new systems until confidence in the new
system is achieved, at which time the old system is
discarded.
Answer (C) is incorrect because the
strategic-planning system relates to the long-range
planning used by top management.
Answer (D) is incorrect because a local area network
is found within an office or other small area.

[63] Source: CMA 0694 4-6

Answer (D) is incorrect because there is no such
thing as hard drive memory.

Answer (A) is incorrect because identifying benefits

and objectives is an element of the analysis phase of
the systems development life cycle.

[60] Source: CIA 1192 III-27

Answer (A) is incorrect because encryption is an
effective control method for both floppy and hard
disks.
Answer (B) is incorrect because backup software is
available and important for both hard and flexible
disks.
Answer (C) is incorrect because security cards can
take control of the operating system and monitor
access and use of data on both hard and flexible
disks.
Answer (D) is correct. Hard disks are nonremovable,
whereas floppy disks are removable. Hence, data
stored only on flexible disks is very susceptible to
physical loss and/or damage, making controls over
physical use very important.

[61] Source: CIA 0594 III-17

Answer (A) is correct. The primary record key
uniquely identifies each record in a file. Because there
is only one record for each vendor in an accounts
payable master file, the vendor number would be the
appropriate key.
Answer (B) is incorrect because purchase order files

Answer (B) is correct. The systems development life

cycle approach is the most common methodology
applied to the development of large, highly structured
application systems. A new system life cycle begins
when the inadequacy of the current system leads to a
decision to develop a new or improved system. This
is followed by an analysis phase in which the benefits
and objectives of a new system are identified and its
technical, economic, and operational feasibility is
determined. The analysis phase also includes
determining the information needs of end users,
defining problems in the current system, and studying
the current organization environment. Developing
program specifications is not a part of the analysis
phase, but would be performed during the
development stage of the life cycle.
Answer (C) is incorrect because determining the
information needs of end users is an element of the
analysis phase of the systems development life cycle.
Answer (D) is incorrect because defining current
problems is an element of the analysis phase of the
systems development life cycle.

[64] Source: CMA 0694 4-8

Answer (A) is incorrect because the design phase
follows the analysis stage and involves the decision to

proceed with implementation.

Answer (B) is incorrect because implementation
follows the analysis and design phases of the life cycle
and includes the development and design of data files.
Answer (C) is incorrect because maintenance is the
final stage of the life cycle in that it continues
throughout the life of the system; maintenance
includes the redesign of the system and programs to
meet new needs or to correct design flaws.
Answer (D) is correct. A systems analysis requires a
survey of the existing system, the organization itself,
and the organization's environment to determine
(among other things) whether a new system is
needed. The survey results determine not only what,
where, how, and by whom activities are performed
but also why, how well, and whether they should be
done at all. Ascertaining the problems and
informational needs of decision makers is the next
step. The systems analyst must consider the entity's
key success variables (factors that determine its
success or failure), the decisions currently being made
and those that should be made, the factors important
in decision making (timing, relation to other decisions,
etc.), the information needed for decisions, and how
well the current system makes those decisions.
Finally, the systems analysis should establish the
requirements of a system that will meet user needs.

Answer (C) is incorrect because each computerized

organization should have an information systems
steering committee.
Answer (D) is incorrect because a top-down
approach does not effectively address user needs.

[67] Source: CMA 0695 4-29

Answer (A) is incorrect because, although a
programming delay is undesirable, it does not
necessarily impair the achievement of objectives.
Answer (B) is incorrect because user specifications
are the foundation of the program development
process.
Answer (C) is incorrect because using specialized
application tools should avert problems.
Answer (D) is correct. Program development entails
coding programs in accordance with the
specifications established in the physical design phase
of the systems development life cycle. The physical
system design includes creating specifications for,
among other things, work flow and programs (but not
coding) that are consistent with the general or
conceptual design. The general design incorporates
user descriptions of the applications. Accordingly, a
misunderstanding about user specifications can have
fundamental and far-reaching consequences.

[65] Source: CMA 1294 4-11

Answer (A) is correct. A graphical user interface is
part of an operating system with which users may
interact. It uses graphic icons to represent activities,
programs, and files. The computer mouse is used to
make selections. Windows is a graphical user
interface shell initially developed by Microsoft to run
in conjunction with DOS. Newer operating systems
also have this feature. Thus, windowing is the
characteristic that allows a computer to display more
than one program on the screen at the same time.
Each program has its own section of the screen, but
only one program is active.
Answer (B) is incorrect because distributed
processing is a means of assigning computer
processing to various segments of a business, with
some aspects centralized and some decentralized.
Answer (C) is incorrect because context switching
does not relate to the various segments on a
computer screen.

[68] Source: CMA 1295 4-27

Answer (A) is incorrect because computer
configuration is not an element of a data flow
diagram.
Answer (B) is correct. Structured analysis is a
graphical method of defining the inputs, processes,
and outputs of a system and dividing it into
subsystems. It is a top down approach that specifies
the interfaces between modules and the
transformations occurring within each. Data flow
diagrams are used in structured analysis. The basic
elements of a data flow diagram include data source,
data destination, data flows, transformation
processes, and data storage.
Answer (C) is incorrect because a program flowchart
is not an element of a data flow diagram.
Answer (D) is incorrect because a program flowchart
is not an element of a data flow diagram.

Answer (D) is incorrect because a file extension is a

means of extending a logical collection of records.
[69] Source: CMA 1295 4-28
[66] Source: CMA 0695 4-24
Answer (A) is incorrect because an information
systems steering committee should be broad enough
to represent all users of the system.
Answer (B) is correct. An information systems
steering committee consists of top-level managers
representing the functional areas of the organization,
such as information systems, accounting, and
marketing. It provides overall guidance for
information systems activities to assure that goals are
consistent with those of the organization. Thus, the
steering committee establishes priorities for
implementing applications and either performs or
approves high-level planning.

Answer (A) is incorrect because a program flowchart

depicts an overall view of the specific steps in a
program and the order in which those steps will be
carried out.
Answer (B) is correct. Computer system flowcharts
are the best depiction of the path of data through an
information system. A computer system flowchart
provides an overall view of the inputs, processes, and
outputs of a system. Unlike a data flow diagram, it
also shows the physical media used for input, output,
and storage.
Answer (C) is incorrect because a decision table
depicts the probable results from selection of
alternative decision paths.

Answer (D) is incorrect because an HIPO chart does

not show the path of data through a system.

[70] Source: CMA 1295 4-29

Answer (A) is incorrect because it is included in the
systems implementation process.
Answer (B) is incorrect because it is included in the
systems implementation process.
Answer (C) is correct. The implementation phase of
the systems development life cycle includes
documentation of the system, testing, training and
educating system users, and conversion to the new
system. Systems design precedes the implementation
phase and thus is not an element of the systems
implementation process.
Answer (D) is incorrect because it is included in the
systems implementation process.

[71] Source: CMA 1295 4-30

Answer (A) is correct. In any systems decision, there
must be an evaluation of the relative costs and
benefits of each alternative. Cost-benefit analysis is a
simple test for possible solutions. Costs should be
less than the benefits realized.
Answer (B) is incorrect because systems design is the
process of matching user needs to applications.
Answer (C) is incorrect because decision tree
analysis maps out possible actions given probabilistic
events. Probabilities are assigned, and the expected
value for each decision choice and the events that
might follow from that choice are calculated.

support operations, management analysis, and

decision-making functions in an organization. The
system uses computer hardware and software;
manual procedures; models for analysis, planning,
control, and decision making; and a database."
Answer (C) is incorrect because the automation of
routine transaction processing is a central feature of a
data processing system.
Answer (D) is incorrect because the production of
reports to support operations is a central feature of a
data processing system.

[74] Source: CIA 1192 III-24

Answer (A) is incorrect because the management of
data in an organized database is a central element of
MIS.
Answer (B) is correct. According to Davis and Olson
[Management Information Systems (2d),
McGraw-Hill, 1985, p. 6], an MIS is "an integrated
user-machine system for providing information to
support operations, management analysis, and
decision-making functions in an organization. The
system uses computer hardware and software;
manual procedures; models for analysis, planning,
control, and decision-making; and a database."
Answer (C) is incorrect because users of an MIS do
not have to be computer experts to realize benefits.
Answer (D) is incorrect because the MIS concept is
not necessarily based on computers, and consists of
an organized federation of subsystems rather than a
single, highly integrated system.

[75] Source: CIA 0593 III-32

Answer (D) is incorrect because user selection may
ignore the cost of the new system.

[72] Source: CIA 0592 III-23

Answer (A) is correct. A decision support system
(DSS) assists middle- and upper-level managers in
long-term, nonroutine, and often unstructured
decision making. The system contains at least one
decision model, is usually interactive, dedicated, and
time-shared, but need not be real-time. It is an aid to
decision making, not the automation of a decision
process.
Answer (B) is incorrect because an MIS does not
normally include subsystems that provide support for
unstructured decisions.

Answer (A) is correct. According to the Systems

Auditability Control survey of managers by The IIA,
40% of the respondents mentioned failure to meet the
business needs of the organization as a significant
risk.
Answer (B) is incorrect because, while all
organizations desire to use the latest technology that
can be economically justified, this was not listed as a
concern of management related to MIS success.
Answer (C) is incorrect because, while testing is time
consuming and expensive, it was not listed as a
concern of management related to MIS success.
Answer (D) is incorrect because use of CASE tools
usually improves the chances of success instead of
increasing risk.

Answer (C) is incorrect because systems analysis

techniques are used to design the DSS.
[76] Source: CIA 1192 III-39
Answer (D) is incorrect because all decision models
are rational.

Answer (A) is incorrect because possible vendors for

the system and their reputation for quality would be
determined after the feasibility study.

[73] Source: CIA 1192 III-21

Answer (A) is incorrect because a database is an
essential part of the routine processing performed by
a data processing system.
Answer (B) is correct. According to Davis and Olson
[Management Information Systems (2d),
McGraw-Hill, 1985, p. 6], an MIS is "an integrated
user-machine system for providing information to

Answer (B) is incorrect because exposure to

computer viruses and other intrusions is part of the
information requirements phase.
Answer (C) is incorrect because methods of
implementation such as parallel or cut-over would be
determined during the implementation and operations
stage.

Answer (D) is correct. The feasibility study should

consider the activity to be automated, the needs of
the user, the type of equipment required, the cost,
and the potential benefit to the specific area and the
company in general. Thus, technical feasibility and
cost are determined during this stage.

[77] Source: CIA 1192 III-87

Answer (A) is correct. The life cycle approach is best
employed when systems are large and highly
structured, users understand the tasks to be
performed by the information system, and the
developers have directly applicable experience in
designing similar systems. In the life cycle process,
each stage of development is highly structured, and
requirements are clearly defined.
Answer (B) is incorrect because the lower the user
understanding of tasks and the smaller the project
size, the less appropriate life cycle methodologies are
for the problem.
Answer (C) is incorrect because the lower the user
understanding of tasks and the more uncertain the
requirements, the less appropriate life cycle
methodologies are for the problem.
Answer (D) is incorrect because the more uncertain
the requirements, the less appropriate life cycle
methodologies are for the problem.

[78] Source: CIA 1192 III-89

Answer (A) is incorrect because modifying programs
is a developer responsibility.
Answer (B) is incorrect because creating the initial
system is a developer responsibility. Operating the
system is an operator responsibility.
Answer (C) is correct. The steps in prototyping are
to ascertain the user's basic requirements, create the
initial prototype of the system, refine the user's basic
requirements using the prototype, and to revise and
enhance the prototype. The role of the user in this
process is to state his/her basic needs, obtain
experience with the prototype, detect any problems,
and indicate when changes are necessary. This
procedure may be repeated as often as desired.
Answer (D) is incorrect because developing code is a
developer responsibility.

lifespan that is limited by the changing needs of the

organization. This cycle is analytically divisible into
stages. A new system life cycle begins when the
inadequacy of the current system leads to a decision
to develop a new or improved system. This method is
a structured process for controlling the creative
activity required to devise, develop, and implement
an information system. The process is described in
varying terms by different writers, but the nature and
sequence of the steps are essentially the same. Life
cycle methodologies provide enhanced manageability
and control of the development process because they
provide structure for a creative process by dividing it
into manageable steps and specifying what must be
produced in each phase.

[80] Source: CIA 1192 III-88

Answer (A) is incorrect because revising and
enhancing a system are typical of prototyping.
Answer (B) is incorrect because creating an initial
system is typical of prototyping.
Answer (C) is incorrect because creating an initial
system is typical of prototyping.
Answer (D) is correct. According to Davis and
Olson [Management Information Systems (2d),
McGraw-Hill, 1985, p. 571], the cycle has three
stages: definition, development, and installation and
operation. The definition stage includes a proposal for
a new or modified system, feasibility studies,
determination of information requirements, and
conceptual design. The development stage includes
the physical system design, the physical database
design, program development, procedure
development, and flowcharting. Installation and
operation involve training and educating users,
acceptance testing by users, and systems conversion
(final testing and switchover).

[81] Source: CIA 1192 III-91

Answer (A) is correct. Prototyping entails developing
and putting into operation successively more refined
versions of a system until sufficient information is
obtained to produce a satisfactory design. Its
advantages include the ability to experiment with new
concepts without incurring large development costs,
lower overall development costs when application
requirements change often, putting a functioning
system in use quickly, dividing responsibilities
between developers and users, reduced application
development time, and effective use of scarce human
resources.

[79] Source: CIA 1192 III-90

Answer (A) is incorrect because overall development
costs are higher when requirements change frequently
in a life cycle methodology.
Answer (B) is incorrect because life cycle
methodologies are unable to give users a functioning
system quickly.
Answer (C) is incorrect because life cycle
methodologies require lengthy application
development time to achieve a functioning system.
Answer (D) is correct. The systems development life
cycle approach is the most common methodology
applied to the development of large, highly structured
application systems. The life cycle approach is based
on the idea that an information system has a finite

Answer (B) is incorrect because requirements and

conceptual design may not be complete, even in the
last prototype version.
Answer (C) is incorrect because control points and
associated control procedures are often omitted to
obtain a functioning system quickly.
Answer (D) is incorrect because life cycle
methodologies, not prototyping, provide enhanced
management and control of the development process.

[82] Source: CIA 1192 III-93

Answer (A) is incorrect because using a single
requirements development assurance method for all
projects increases the likelihood of a mismatch

between the project and project characteristics.

Answer (B) is correct. The contingency approach to
application development is intended to choose the
best method for assuring that the application
appropriately reflects user requirements. Four
contingencies affect the degree of uncertainty
regarding the level of assurance provided by the
development process. Larger project size (in terms of
duration and cost) tends to increase uncertainty. The
greater the degree of structure in decision making, the
lower the uncertainty. The greater the user
comprehension of the task (requirements and
modification of requirements), the lower the
uncertainty. Finally, a high degree of developer-task
efficiency also reduces uncertainty.
Answer (C) is incorrect because adopting one life
cycle methodology increases the likelihood of a
mismatch between the project and project
characteristics.
Answer (D) is incorrect because, although uncertain
requirements are consistent with a prototyping
approach, an organization using the contingency
approach should also consider the other factors in the
situation before choosing a development strategy.

[83] Source: CIA 1192 III-94

Answer (A) is incorrect because dividing a project
into manageable segments at the beginning instead of
imposing control after development is under way is a
rationale for the life cycle approach.

highly competitive industry can be aided by leveraging

information technology. Finally, advances in
information technology, especially the wide
acceptance of telecommunications standards and
protocols, have made EFT systems possible.
Answer (D) is incorrect because improvements in
automated control techniques and data encryption
standards result from advances in information
technology.

[85] Source: CIA 0593 III-60

Answer (A) is correct. The systems development life
cycle approach is the most common methodology
applied to the development of large, highly structured
application systems. The life cycle approach is based
on the concept that an information system has a finite
lifespan that is limited by the changing needs of the
organization. However, there is no necessary link
between organizational strategy and system
requirements. This is a major reason for project
failure.
Answer (B) is incorrect because SDLC is designed
to enhance process management.
Answer (C) is incorrect because users often play
important roles in SDLC.
Answer (D) is incorrect because feasibility studies are
a crucial part of the SDLC.

[86] Source: CMA 1292 4-26

Answer (B) is correct. Prototyping (an experimental
assurance process) is costly and time-consuming and
thus is not currently the most common approach. It
entails developing and putting into operation
successively more refined versions of the system until
sufficient information is obtained to produce
satisfactory design. Prototyping is the best approach
for unstructured applications because the
requirements are difficult to specify in advance and
are likely to change significantly during development.
The principal rationale for prototyping is that it is
easier to react to an existing application system than
to specify desired features for a future system,
especially in cases in which requirements are
uncertain.
Answer (C) is incorrect because anticipating and
planning for resource use rather than acquiring
resources on short notice is a rationale for the life
cycle approach.
Answer (D) is incorrect because converting data files
once rather than reformatting data continually with
new project iterations is a rationale for the life cycle
approach.

[84] Source: CIA 1193 III-17

Answer (A) is incorrect because improvements in
automated control techniques follow from the
development of information technology.
Answer (B) is incorrect because data encryption
standards are a response to the increase in the use of
telecommunications technology.
Answer (C) is correct. Competition has been a
strong motivator in the financial services industry in
the development of EFT systems, which are an
application of EDI. Furthermore, containing costs in a

Answer (A) is incorrect because analysis occurs

earlier in the system development cycle.
Answer (B) is incorrect because detailed design will
occur before employees are hired and trained.
Answer (C) is incorrect because conceptual design
occurs before employees are hired and trained.
Answer (D) is correct. Installation (implementation)
of the new system includes training and testing.
Training and educating system users is important not
only for proper use of the system but also to offset
the resistance of users whose jobs may have been
substantially changed. Acceptance testing by users of
inputs, outputs, programs, and procedures is
necessary to determine that the new system meets
their needs. Systems conversion is the final testing
phase.

[87] Source: CMA 0692 4-2

Answer (A) is incorrect because an EIS does focus
on obtaining strategic objectives.
Answer (B) is incorrect because an EIS gives
immediate information about an organization's critical
(strategic) success factors.
Answer (C) is incorrect because an EIS does not use
traditional computer sources.
Answer (D) is correct. An EIS serves the needs of
top management for transaction processing (primarily
inquiries and support for decisions), operational
control, managerial control, and strategic planning.
Top management needs access to the database and
decision models, the use of large amounts of
summarized internal and especially external data, and

the capacity for ad hoc analysis. Thus, an EIS

focuses on strategic (long-range) objectives and gives
immediate information about a firm's critical success
factors. Information is typically supplied from
nontraditional computer sources. However, an EIS
program can be used on computers of all sizes. An
EIS is not a program for providing top management
with advice and answers from a knowledge-based
(expert) system.

[88] Source: CMA 1292 4-25

Answer (A) is incorrect because an MIS provides
financial information; an AIS is a subsystem within an
MIS that is not limited to financial information.
Answer (B) is incorrect because an AIS is a
subsystem within an MIS which is an integrated
user-machine system that includes computer
hardware and software.
Answer (C) is correct. An information system
transforms raw data into knowledge useful for
decision making. An MIS provides information for
management decisions. An AIS is a subsystem of an
MIS and processes financial and transactional data
relevant to managerial decisions as well as financial
accounting.
Answer (D) is incorrect because both types of
systems are used to provide a wide range of
information to management.

[89] Source: CMA 0693 4-5

Answer (A) is correct. A feedforward system
anticipates problems and strives for timely prevention
rather than after-the-fact correction. Planning is a
related concept. Preventive maintenance is an
example of a feedforward control.
Answer (B) is incorrect because variance analysis is a
feedback control.
Answer (C) is incorrect because the goal of
feedforward systems is to predict variations before
they occur, not to provide information by use of
system controls on computer input.
Answer (D) is incorrect because feedforward
controls are concerned with variations that will lead
to problems, not with predicting all future events.

[90] Source: CMA 0693 4-16

Answer (A) is incorrect because the
decision-maker's insight and judgment are important
aspects of a DSS.
Answer (B) is correct. Decision support systems
(DSS) are extensions of the MIS concept that are
useful for semistructured problems such as those
requiring the decision maker to exercise judgment in
controlling the process but allowing for certain
aspects of the problem to be preprogrammed. A
DSS does not automate a decision but rather
provides tools for the user to employ in applying his
or her own insight and judgment. The system should
be interactive to permit the user to explore the
problem by using the computational capacities,
models, and data resources of the DSS. A DSS
needs flexible access through reliable
communications, ready availability of terminals, and
possibly stand-alone microcomputers. Models tend

to be relatively simple, and system development

requires substantial involvement by the user because
of the need for DSS to evolve with the user's
experience and as new conditions emerge.
Answer (C) is incorrect because a DSS does not
include programming models.
Answer (D) is incorrect because a DSS is not an
expert system. An expert system actually makes the
decision, whereas a DSS merely aids the decision
maker.

[91] Source: CMA 1294 4-13

Answer (A) is incorrect because a DSS does not
process transactions. It supports decisions.
Answer (B) is incorrect because a database
management system is software used to create and
maintain a database. It is more structured than a
DSS.
Answer (C) is incorrect because a DSS is not in the
form of a spreadsheet system.
Answer (D) is correct. A DSS is used primarily for
semistructured problems that require the decision
maker to exercise judgment in controlling the
process, but that allow for certain aspects of the
problems to be preprogrammed. A DSS does not
automate a decision but does provide a tool for the
user to employ in applying his/her own insight and
judgment. The system should be interactive to permit
the user to explore the problem by using the
computational capacities, models, and data resources
of the system.

[92] Source: CMA 1295 4-23

Answer (A) is incorrect because it is an attribute of
an AIS.
Answer (B) is incorrect because it is an attribute of
an AIS.
Answer (C) is correct. An AIS is a subsystem of a
management information system that processes
financial and transactional data relevant to managerial
and financial accounting. The AIS supports
operations by collecting and sorting data about an
organization's transactions. An AIS is concerned not
only with external parties, but also with the internal
activities needed for management decision making at
all levels. An AIS is best suited to solve problems
when reporting requirements are well defined. A
decision support system is a better choice for
problems in which decision making is less structured.
Answer (D) is incorrect because it is an attribute of
an AIS.

[93] Source: CMA 1295 4-24

Answer (A) is incorrect because it is a feature
commonly associated with an AIS.
Answer (B) is incorrect because it is a feature
commonly associated with an AIS.
Answer (C) is incorrect because it is a feature
commonly associated with an AIS.
Answer (D) is correct. An AIS is a subsystem of a

management information system that processes

financial and transactional data relevant to managerial
and financial accounting. The AIS supports
operations by collecting and sorting historical data
about an organization's transactions. An AIS is
concerned not only with external parties but also with
the internal activities needed for management decision
making at all levels. An AIS is best suited to solve
problems when reporting requirements are well
defined. An AIS does not typically use records based
on predictive systems, which would be a feature of a
decision support system.

undertaken by systems analysts and applications

programmers continuously throughout the life of a
system. Maintenance is the redesign of the system
and programs to meet new needs or to correct design
flaws. Ideally, these changes should be made as part
of a regular program of preventive maintenance.
Answer (D) is incorrect because systems
implementation involves training and educating system
users, testing, conversion, and follow-up.

[97] Source: CMA 1287 5-6

[94] Source: CMA 1295 4-25
Answer (A) is incorrect because it is a risk
associated with outsourcing the data processing
function.
Answer (B) is incorrect because it is a risk associated
with outsourcing the data processing function.
Answer (C) is incorrect because it is a risk
associated with outsourcing the data processing
function.
Answer (D) is correct. Some companies have
outsourced their data processing function because of
the economies provided, superior service quality,
avoidance of changes in the organization's information
system infrastructure, cost predictability, the freeing
up of human and financial capital, avoidance of fixed
costs, and the greater expertise offered by outside
vendors. The risks of outsourcing include the
inflexibility of the relationship, the loss of control, the
vulnerability of important information, and often the
dependency on a single vendor.

[95] Source: CMA 1295 4-26

Answer (A) is incorrect because this statement about
an EIS is true.
Answer (B) is incorrect because this statement about
an EIS is true.
Answer (C) is incorrect because this statement about
an EIS is true.
Answer (D) is correct. An EIS focuses on strategic
(long-range) objectives and gives immediate
information about an organization's critical success
factors. Information is ordinarily supplied from
nontraditional computer sources. An EIS can be used
on computers of all sizes. An EIS is typically used
only by executives at the highest levels within the
organization; as a result, it is not widely used within
the organization. Information provided is often highly
aggregated, but the details supporting the aggregated
data are accessible.

[96] Source: CMA 1287 5-4

Answer (A) is incorrect because systems analysis is
the process of determining user problems and needs,
surveying the organization's present system, and
analyzing the facts.
Answer (B) is incorrect because a feasibility study
determines whether a proposed system is technically,
operationally, and economically feasible.
Answer (C) is correct. Systems maintenance must be

Answer (A) is incorrect because systems analysis is

the process of learning how the current system
functions, determining the needs of users, and
developing the logical requirements of a proposed
system.
Answer (B) is incorrect because a feasibility study
determines the technical, operational, and economic
feasibility of a system.
Answer (C) is incorrect because systems
maintenance is the process of monitoring, evaluating,
and modifying a system.
Answer (D) is correct. Detailed systems design
involves developing specifications regarding input,
processing, internal controls and security measures,
programs, procedures, output, and databases.

[98] Source: CMA 1289 5-8

Answer (A) is incorrect because an information
system is unlikely to have a significant effect on the
environment.
Answer (B) is incorrect because an information
system is unlikely to have a significant effect on the
environment.
Answer (C) is incorrect because legal issues are least
likely to be a concern in systems development.
Answer (D) is correct. A feasibility study consists of
an investigation of the current system, determination
of the information and processing requirements,
evaluation of the possible applications of computer
data processing, selection of the best option, and an
evaluation of the proposed design choice's cost
effectiveness and impact on the organization. A
feasibility study must therefore consider technical,
operational, and economic feasibility. The design
choice must be within the range of available
technology, meet the operational needs of users and
otherwise be acceptable to them, and have a
favorable cost-benefit ratio.

[99] Source: CMA 1290 4-19

Answer (A) is incorrect because parallel conversion
operates the old and new systems simultaneously.
Answer (B) is incorrect because direct conversion
involves immediate conversion to the new system
throughout the organization.
Answer (C) is incorrect because a prototype
conversion involves developing and putting into
operation successively more refined versions of the
system until sufficient information is obtained to
produce a satisfactory design.

Answer (D) is correct. A modular conversion

approach entails switching to the new or improved
system in organizational (division, region, product
line, etc.) segments or system segments (accounts
receivable, database, etc.). A pilot conversion is one
in which the final testing and switchover are
accomplished at one segment or division of the
company.

more risky than a parallel conversion.

Answer (D) is incorrect because database conversion
is more risky than a parallel conversion.

[103] Source: CMA 1292 4-30

Answer (A) is incorrect because coding occurs prior
to testing and debugging.

[100] Source: CMA 0691 4-28

Answer (A) is correct. The project initiation phase
includes promptly informing managers and employees
about the project, assembling the project team
(possibly including systems analysts, programmers,
accountants, and users), training selected personnel
to improve necessary skills and enhance
communication among team members, and
establishing project controls (e.g., by implementing a
project scheduling technique such as PERT).
Preparing the project proposal is a part of the project
definition phase, as are feasibility studies, determining
project priority, and submitting the proposal for
approval.
Answer (B) is incorrect because informing managers
and employees of the project is a component of the
project initiation phase.
Answer (C) is incorrect because assembling the
project team is a component of the project initiation
phase.
Answer (D) is incorrect because training selected
personnel is a component of the project initiation
phase.

[101] Source: CMA 0691 4-29

Answer (A) is incorrect because error correction at
the programming level would be less costly than at
the implementation stage.
Answer (B) is incorrect because error correction at
the conceptual design level would be less costly than
at the implementation stage.
Answer (C) is incorrect because error correction at
the analysis level would be less costly than at the
implementation stage.
Answer (D) is correct. Errors can be corrected most
easily and clearly when they are found at an early
stage of systems development. Their correction
becomes more costly as the life cycle progresses.
Because implementation is the last stage of the
process listed, errors are most costly to correct when
discovered at the implementation stage.

[102] Source: CMA 0691 4-30

Answer (A) is incorrect because direct conversion is
more risky than a parallel conversion.
Answer (B) is correct. The least risky mean of
converting from a manual to a computerized system is
a parallel conversion in which the old and new
systems are operated simultaneously until satisfaction
is obtained that the new system is operating as
expected. Slightly more risky is a pilot conversion in
which the new system is introduced by module or
segment.

Answer (B) is correct. According to one paradigm

for the life cycle approach, the detailed design phase
is part of the implementation of the system. Detailed
design includes coding programs in accordance with
the specifications established in the physical design
phase. Testing the results is the next phase.
Answer (C) is incorrect because data flows need to
be known before coding can begin.
Answer (D) is incorrect because program
maintenance is the redesign of programs to meet new
needs or to correct design flaws.

[104] Source: CMA 0693 4-14

Answer (A) is incorrect because systems analysts
design computer applications.
Answer (B) is incorrect because analysts prepare
specifications for computer programmers.
Answer (C) is correct. A systems analyst plans and
designs computer applications. This is often
accomplished with the assistance of systems
flowcharts. Systems analysis usually involves
examining user information requirements, surveying
the existing system, and preparing specifications for
computer programming. The concept of systems
analysis, however, does not include the development,
coding, and testing of individual computer programs.
The work of the systems analyst provides the design
specifications that will guide the preparation of
specific programs by programmers. In a good system
of internal control, the systems analyst should not
perform programming tasks or have access to
computer equipment, production programs, data files,
or input-output controls.
Answer (D) is incorrect because the systems analyst
must examine user information requirements to learn
what type of application is needed.

[105] Source: CMA 0693 4-18

Answer (A) is incorrect because data manipulation is
not a part of systems design; it is an operational
activity that occurs after a system has been installed.
Answer (B) is incorrect because output analysis
occurs after a system has been installed.
Answer (C) is correct. Systems design determines
how information requirements will be met. It concerns
how users will interact with the system to meet their
needs, how data will be organized, and the
formulation of processing steps.
Answer (D) is incorrect because input validation and
processing are operational activities.

[106] Source: CMA 0694 4-9

Answer (C) is incorrect because pilot conversion is

Answer (A) is incorrect because pilot testing

determines only whether a system works, not how
efficient it is in a particular application.
Answer (B) is incorrect because users may not have
the necessary systems knowledge to make a
decision.
Answer (C) is incorrect because decision tree
analysis is probably more sophisticated than is
necessary in choosing between a few systems
alternatives.
Answer (D) is correct. Feasibility studies should
include an analysis of the cost-benefit ratio of any
system alternatives. In many cases, the best possible
system may not be cost effective. Thus, once the
decision makers have determined that two or more
systems alternatives are acceptable, the cost-benefit
relationship should be used to select the best system
for a particular application.

Answer (A) is correct. ROM consists of

microinstructions "hardwired" into the computer. Data
cannot be written on or erased from ROM. The
operating system and the language translator
(software that translates source programs into
machine-readable instructions) are permanently
stored in ROM in a microcomputer to prohibit users
from accidentally erasing or changing the system.
Some microcomputers, however, have erasable,
programmable ROM. This form of storage may be
erased by an ultraviolet technique (but not by the
microcomputer) after which new instructions may be
entered.
Answer (B) is incorrect because drives are not
storage devices.
Answer (C) is incorrect because RAM is erasable.
Answer (D) is incorrect because drives are not
storage devices.

[107] Source: CMA 1294 4-12

[110] Source: CMA 0694 4-5
Answer (A) is correct. A spreadsheet is software that
displays a financial model in which the data are
presented in a grid of columns and rows. An example
is a financial statement spreadsheet. The model is
based on a set of mathematical relationships defined
by the user, with specified inputs and outputs. The
effects of changes in assumptions can be seen
instantly because a change in one value results in an
immediate recomputation of related values. Thus, in
designing a spreadsheet model, the first step is to
define the problem. Next, relevant inputs and outputs
are identified, and assumptions and decision criteria
are developed. Finally, formulas are documented.
Answer (B) is incorrect because the definition of the
problem is a necessary first step in designing a
spreadsheet model.
Answer (C) is incorrect because inputs and outputs
must be identified at some point (early) in the
spreadsheet design process.
Answer (D) is incorrect because the definition of the
problem is a necessary first step in designing a
spreadsheet model.

Answer (A) is incorrect because a magnetic tape

drive is not for temporary storage.
Answer (B) is correct. The CPU is the part of the
computer system that manipulates numbers, symbols,
and letters. Primary storage is the area in the CPU
where programs and data are temporarily stored
during processing. Internal primary storage is also
known as random-access memory because each
memory location therein can be randomly accessed in
the same amount of time.
Answer (C) is incorrect because a magnetic disk
drive is a secondary storage medium for permanent
storage of data.
Answer (D) is incorrect because a floppy disk drive
is a random access storage medium for
microcomputers that permits permanent storage of
data.

[111] Source: CMA 0695 4-16

Answer (A) is incorrect because online devices are
peripheral units.

[108] Source: CMA 1287 5-2

Answer (A) is incorrect because many database
management systems are available for
microcomputers.

Answer (B) is correct. All computers have a CPU

that works in conjunction with peripheral devices.
The CPU is the main element of a computer system.
Its principal components are primary storage, the
arithmetic-logic unit, and the control unit.

Answer (B) is incorrect because an operating system

is critical since it is the software that controls the
overall functioning of the computer. Operating
systems are also commercially available.

Answer (C) is incorrect because auxiliary storage is

not a part of the CPU.

Answer (C) is incorrect because electronic

spreadsheet packages are types of business
applications programs. An applications program is
used to perform desired data processing tasks.
Answer (D) is correct. Integrated packages consist
of two or more applications programs rather than
operating system programs. These software
packages are increasingly available from vendors at
prices less than the cost of internal development.
However, they may require expensive modifications.

[109] Source: CMA 0689 5-10

Answer (D) is incorrect because input-output devices

are peripheral equipment.

[112] Source: CMA 0695 4-17

Answer (A) is incorrect because access time refers to
the speed of data retrieval not data transmittal.
Answer (B) is incorrect because throughput time is
the time to complete a transaction from initial input to
output.
Answer (C) is incorrect because access time is much
slower than the time required to execute an

instruction.
Answer (D) is correct. Access time is the interval
between the moment at which an instruction control
unit initiates a call for data and the moment at which
delivery of the data is completed. For example, direct
access memory is faster than sequential access
memory.

[113] Source: CMA 0695 4-18

Answer (A) is incorrect because a disk pack is a
storage device.
Answer (B) is incorrect because magnetic tape is a
storage device, not a data entry device.
Answer (C) is incorrect because bar coding is a data
entry technique often used by manufacturers,
wholesalers, and retailers, but is rarely used by
banks.
Answer (D) is correct. Magnetic ink character
recognition (MICR) is used by banks to read the
magnetic ink on checks and deposit slips. MICR is a
form of data entry device.

[114] Source: CMA 1287 5-13

Answer (A) is incorrect because file integrity is
achieved by implementing controls that protect the
completeness, accuracy, and physical security of files.
Answer (B) is incorrect because software control
refers to library control of programs.
Answer (C) is correct. Firmware consists of software
programs "hardwired" or permanently installed in the
computer hardware. Firmware can be used to
monitor internal conditions, e.g., by making signal
counts (such as accesses to the computer) or taking
"snapshots" of indicators. Thus, ROM (read only
memory) is firmware.
Answer (D) is incorrect because RAM (as opposed
to sequential access memory) describes storage
devices in which data locations can be directly
accessed, thereby speeding data retrieval.

[115] Source: CMA 0689 5-12

Answer (A) is incorrect because machine language is
internally stored in binary form (the only characters
used in binary notation are 0 and 1).
Answer (B) is incorrect because machine language
uses binary code for internal purposes but printing out
(dumping) the contents of storage can be done more
efficiently if the printout is expressed in a number
system with a base of 8 (actual) or 6 (hexadecimal).
Answer (C) is correct. An assembly language
program may be written in one of several languages
that use mnemonic codes, not the binary code in
which a machine language program is written. In the
hierarchy of programming languages, assembly
language is one level higher than machine language.
Machine language is a programming language made
up of instructions that a computer can directly
recognize and execute.
Answer (D) is incorrect because on/off electrical
switches correspond to the binary digits 0 and 1 in
which machine language is written.

[116] Source: CMA 1289 5-5

Answer (A) is incorrect because it is a true statement
about multiprocessing and multiprogramming.
Answer (B) is correct. In multiprogramming, the
operating system processes a program until an
input/output operation is required. Because input or
output can be performed by peripheral hardware, the
CPU can thus begin executing another program's
instructions while input or output is in progress.
Several programs are being processed concurrently,
but only one is actually being executed in the CPU.
This is accomplished by the computer's switching
back and forth between programs during processing.
In multiprocessing, the operating system, in
conjunction with multiple CPUs, actually executes
instructions from more than one program
simultaneously.
Answer (C) is incorrect because it is a true statement
about multiprocessing and multiprogramming.
Answer (D) is incorrect because it is a true statement
about multiprocessing and multiprogramming.

[117] Source: CMA 0695 4-15

Answer (A) is incorrect because some items in a
block code may be unassigned to allow for flexibility.
Answer (B) is incorrect because some items in a
block code may be unassigned to allow for flexibility.
Answer (C) is correct. Coding of data is the
assignment of alphanumeric symbols consistent with a
classification scheme. Block coding assigns blocks of
numbers in a sequence to classes of items. For
example, in a chart of accounts, assets may be given
numbers 100-199, liabilities the numbers 200-299,
etc.
Answer (D) is incorrect because block codes are
assigned judgmentally, not at random.

[118] Source: CMA 1292 4-27

Answer (A) is correct. File volatility is the relative
frequency with which records are added, deleted, or
changed during a specified period.
Answer (B) is incorrect because changes to a master
file are measured by volatility.
Answer (C) is incorrect because changes to a master
file are measured by volatility.
Answer (D) is incorrect because the volume ratio is
not a measure of changes to a master file.

[119] Source: CMA 0694 4-7

Answer (A) is incorrect because a DBMS is an
example of computer software.
Answer (B) is correct. Software consists of computer
programs, procedures, rules, and related
documentation concerned with the operation of the
computer system. A modem, however, is hardware
used to convert digital signals from terminals and the
CPU into analog signals for transmission along
telephone lines.

Answer (C) is incorrect because a language translator

is an example of computer software.
Answer (D) is incorrect because a word processing
package is an example of computer software.

Answer (A) is correct. An input, or data entry,

device communicates information to a computer.
Examples include bar code readers, magnetic ink
character recognition devices, light pens, keyboards,
touch screens, a computer mouse, digital scanners,
and voice recognition devices. A plotter is an output
device that draws graphs directly on paper.

[120] Source: CMA 0695 4-14

Answer (A) is incorrect because a linked list is a file
organization in which each data record has a pointer
field containing the address of the next record in the
list.
Answer (B) is incorrect because an ISAM system
does not use pointers.
Answer (C) is incorrect because, in a direct file
organization, a randomizing formula or hashing
scheme (a transform algorithm) converts a record key
into a storage address. This method permits direct
access without an index.
Answer (D) is correct. ISAM is a system in which
records are stored sequentially in a direct access file
and organized by a primary key stored in an index
record. It does not use pointers. A pointer is a data
element attached to a record that gives the address of
the next logically related record. The virtue of an
ISAM system is that it permits sequential processing
of large numbers of records while providing for
occasional direct access.

[121] Source: CMA 0696 4-6

Answer (A) is incorrect because a multiprocessor
system is more flexible than a mainframe. It consists
of machines that may be networked in a variety of
ways or treated as stand-alone processors.

Answer (B) is incorrect because a mouse is an input

device.
Answer (C) is incorrect because a magnetic ink
character recognition device is an input device.
Answer (D) is incorrect because a light pen is an
input device.

[124] Source: CMA 1296 4-19

Answer (A) is incorrect because cost-benefit analysis
is a part of the feasibility study conducted early in the
life cycle.
Answer (B) is incorrect because requirements are
defined during the analysis or systems study stage.
Answer (C) is incorrect because flowcharting is a
necessary activity in all early stages of the life cycle.
Answer (D) is correct. The systems development
life-cycle approach is the oldest methodology applied
to the development of medium or large information
systems. The cycle is analytically divisible into stages:
investigation, analysis, systems design,
implementation, and maintenance. Testing, training,
and conversion occur in the installation and operation,
or implementation, stage of the life cycle.

[125] Source: CMA 1296 4-21

Answer (B) is incorrect because small applications
may be processed more cheaply on smaller, less
expensive machines.
Answer (C) is correct. Mainframes are the largest
computers. They have very rapid processing ability
and a massive amount of memory. Consequently,
they are appropriate when great quantities of data
must be processed.
Answer (D) is incorrect because programming tools
available for smaller machines ordinarily simplify the
programming process.

[122] Source: CMA 0696 4-12

Answer (A) is incorrect because a mark-sense
reader can only read marks that are in a proper place
on a predesigned computer form.
Answer (B) is correct. An optical scanner, or optical
character reader, passes a light pen over the
information to be entered into a computer system.
Special inks are not needed, and the scanner can
read both bar codes and alphanumeric characters.
Answer (C) is incorrect because a touch-tone device
is a telephone.
Answer (D) is incorrect because a laser bar code
scanner reads bar codes only.

[123] Source: CMA 0696 4-13

Answer (A) is incorrect because the number of

workers who can be computing at the same time
increased exponentially with the advent of personal
computers and networks of desktop machines.
Answer (B) is incorrect because office automation
systems are knowledge-level systems that have
improved the productivity of data workers by
providing word processing, e-mail, voice mail,
videoconferencing, electronic calendars, desktop
publishing, and digital filing. Teleprocessing permits
access to information and the performance of work at
remote sites.
Answer (C) is incorrect because a DSS is a
management-level information system that facilitates
semistructured and unstructured decision processes.
AI is the capability of a computer to emulate human
functions, for example, expert decision making.
Answer (D) is correct. Advances in disaster recovery
systems are a response to, not a cause of, the
technological changes in the workplace.
Developments in computer hardware, software, and
telecommunications devices have increased reliance
on computer-based systems. Furthermore, the
vulnerability of such systems has increased as
technology has improved because more people are
computing, more access points are available, and
more opportunities for failure of system components
have been created.

[126] Source: CMA 1296 4-26

Answer (A) is incorrect because cash budgeting is a

feedforward control.
Answer (B) is incorrect because cash budgeting is a
feedforward control, and variance analysis is a
feedback control.
Answer (C) is incorrect because separation of duties
is a preventive control, but cash planning is not.
Answer (D) is correct. A feedback control system
gathers information after the occurrence of an event,
evaluates it, and initiates action to improve future
activities. For example, calculation of variances in a
standard cost accounting system is a feedback
control. A feedforward control anticipates potential
variations from plans so that adjustments can be
made to prevent problems either before they occur or
before they become too serious. A cash budget is an
example of a feedforward control because it
anticipates cash needs and allows for the provision of
resources to meet those needs. A preventive control
prevents an event from occurring. Separation of
duties and organizational independence are examples
of preventive controls because certain undesirable
events are impossible if these controls are properly
implemented.

[127] Source: CMA 1296 4-27

Answer (A) is incorrect because a management
reporting system provides structured, routine
information flows.
Answer (B) is incorrect because the required
flexibility of a DSS means that it cannot be highly
formalized or structured.
Answer (C) is correct. A decision support system is
an interactive system that is useful in solving
semistructured and unstructured problems, that is,
those requiring a top-management or
middle-management decision maker to exercise
judgment and to control the process. A DSS does
not automate a decision or provide structured
information flows but rather provides tools for an end
user to employ in applying insight and judgment. The
system must be interactive to permit the user to
explore the problem by using the computational
capacities, models, assumptions, data resources, and
display graphics of the DSS.
Answer (D) is incorrect because an accounting
information system processes routine, highly
structured financial and transactional data relevant for
accounting purposes.

[128] Source: CMA 1296 4-28

Answer (A) is incorrect because maintenance is the
final stage of the life cycle in that it continues
throughout the life of the system; maintenance
includes the redesign of the system and programs to
meet new needs or to correct design flaws.
Answer (B) is correct. A systems analysis requires a
survey of the existing system, the organization itself,
and the organization's environment to determine
(among other things) whether a new system is
needed. The survey results determine not only what,
where, how, and by whom activities are performed
but also why, how well, and whether they should be
done at all. Ascertaining the problems and
informational needs of decision makers is the next

step. The systems analyst must consider the entity's

key success variables (factors that determine its
success or failure), the decisions currently being made
and those that should be made, the factors important
in decision making (timing, relation to other decisions,
etc.), the information needed for decisions, and how
well the current system makes those decisions.
Finally, the systems analysis should establish the
requirements of a system that will meet user needs.
Answer (C) is incorrect because the systems
feasibility study does not involve the process of
learning how the current system works.
Answer (D) is incorrect because systems design is
the process of developing a system to meet specified
requirements.

[129] Source: CMA 1296 4-30

Answer (A) is incorrect because receiving reports
should be included.
Answer (B) is incorrect because requisitions and
vendor invoices should be included.
Answer (C) is incorrect because purchase
requisitions should be included.
Answer (D) is correct. An AIS is a subsystem of a
management information system that processes
financial and transactional data relevant to managerial
and financial accounting. The AIS supports
operations by collecting and sorting data about an
organization's transactions. An AIS is concerned not
only with external parties but also with the internal
activities needed for management decision making at
all levels. An AIS is best suited to solve problems
when reporting requirements are well defined. A
manufacturer has well-defined reporting needs for
routine information about purchasing and payables.
Purchase requisitions document user department
needs, and purchase orders provide evidence that
purchase transactions were appropriately authorized.
A formal receiving procedure segregates the
purchasing and receiving functions and establishes the
quantity, quality, and timeliness of goods received.
Vendor invoices establish the liability for payment and
should be compared with the foregoing documents.

[130] Source: CMA 1292 4-29

Answer (A) is incorrect because a report generator is
frequently used. It generates reports based on special
requirements by users, often in conjunction with
query language.
Answer (B) is incorrect because program generators
allow the user to create application programs based
on requirements entered in a specific format. They
differ from query languages because they permit data
to be written or altered.
Answer (C) is incorrect because an application
generator is frequently used.
Answer (D) is correct. Utility programs are service
programs that perform certain standard tasks, such as
sorting, merging, copying, and printing file dumps. A
query utility program could be used to access items in
a database. However, such programs would not be
used in normal operational circumstances. A query
language permits interactive searching of a database.
Data may be read and reorganized but not altered.

[131] Source: Publisher

Answer (A) is incorrect because Basic traditionally
emphasizes procedures rather than objects.
Answer (B) is incorrect because Fortran traditionally
emphasizes procedures rather than objects.
Answer (C) is incorrect because C traditionally
emphasizes procedures rather than objects.
Answer (D) is correct. C++ is sometimes referred to
as "C with classes." As the name implies, C is its
foundation. Classes provide a means of encapsulating
the objects used by the program (which ordinarily
represent the program's data) into a well organized,
modular format that is easy to reuse and maintain.
Through a process called inheritance, new objects
can be derived from existing objects by adding new
elements to the existing object design. C++ was
specifically designed with these features in mind.

Answer (B) is incorrect because it is a true statement

about coding.
Answer (C) is correct. A primary key, such as a
customer number in an accounts receivable file, is the
main code used to store and locate records within a
file. However, records can be sorted, and temporary
files created, using codes other than the primary keys.
Secondary keys are used to sort records based on an
attribute other than the primary key, for example, the
credit limit or current balance for an accounts
receivable file. An inverted file is the result of such a
process. Moreover, a given data record can have
more than one secondary key. However, secondary
keys are not substitutes for primary keys.
Answer (D) is incorrect because it is a true statement
about coding.

[135] Source: CMA Samp Q4-9

Answer (A) is incorrect because the financial
reporting cycle is omitted.

[132] Source: Publisher

Answer (A) is incorrect because, in time sharing, the
CPU spends a fixed amount of time on each
program.
Answer (B) is incorrect because multitasking is
multiprogramming on a single-user operating system.
It is the process of having multiple programs active at
a given time, although the CPU is executing
instructions from only one program at a time.
Answer (C) is correct. Multiprocessing greatly
increases system efficiency by executing multiple
programs on the same computer at the same time. In
systems with only one CPU, although multiple
programs may be active simultaneously, program
instructions can only be executed for one of these
programs at a time.
Answer (D) is incorrect because batch processing
entails execution of a list of instructions from
beginning to end without interruption.

[133] Source: Publisher

Answer (B) is incorrect because the cash receipts

and cash disbursements cycles are omitted.
Answer (C) is incorrect because the capital budgeting
and financial reporting cycles are omitted.
Answer (D) is correct. An entity's financing and
investing function, including capital budgeting,
concerns the management of financial assets,
acquisition and disposal of fixed assets, issuance of
stock, payment of dividends, and borrowing. The
accounting function manages the entity's financial
records, accounts for the flow of funds (e.g., cash
disbursements and receipts), and prepares financial
statements for external reporting purposes. These
functions are readily combined for data processing
purposes. For example, the process of developing a
budget may be divided into operating and financial
(cash disbursements, cash receipts, capital budget,
pro forma balance sheet, and cash flows statement)
components linked by the pro forma income
statement.

[136] Source: CMA 0687 5-4

Answer (A) is correct. Shareware is commercial

software offered to users without initial charge. It is
traditionally offered by less established software
developers. Often it comes with some features
disabled and can only be used without charge for a
limited time. Users pay a fee to "register" it, in return
for which they receive a license to use it with all
features enabled.

Answer (A) is incorrect because sign checks test

data for the appropriate arithmetic sign. For instance,
hours worked in a payroll should always be a positive
number.

Answer (B) is incorrect because firmware is

permanently wired into the hardware.

Answer (C) is correct. All of the terms listed refer to

program controls to prescreen or edit data prior to
processing, but the sequence check is most likely to
be used only in batch processing. A sequence check
tests to determine that records are in proper order.
For example, a payroll input file would be sorted into
Social Security number order. A sequence check
could then be performed to verify record order. This
control would not apply in a real-time operation
because records would not be processed
sequentially.

Answer (C) is incorrect because middleware

oversees the interaction between disparate systems.
Answer (D) is incorrect because freeware is software
that, although usually copyrighted, may be used
without any licensing fee on a much less limited basis
than shareware.

[134] Source: CMA 1289 5-3

Answer (A) is incorrect because it is a true statement
about coding.

Answer (B) is incorrect because reasonableness tests

verify that the amounts of input or output fall within
predetermined limits.

Answer (D) is incorrect because a redundancy check

requires transmission of additional data items to
check a previously received data item; for example, a
few letters of a customer's name could be matched
against the name associated with the customer

number.

[137] Source: CMA 0687 5-5

Answer (A) is incorrect because it describes an edit
routine.
Answer (B) is incorrect because it describes a
completeness check.
Answer (C) is incorrect because it describes
prompting.
Answer (D) is correct. To avoid data entry errors in
online systems, a screen prompting approach may be
used. The dialogue approach, for example, presents a
series of questions to the operator. The preformatted
screen approach involves the display on the CRT of a
set of boxes for entry of specified data items. The
format may even be in the form of a copy of a
transaction document.

Answer (B) is incorrect because a record count is a

control total of the number of records processed
during the operation of a program. In this question,
the number of documents was correct, assuming that
the termination had not yet been recorded.
Answer (C) is correct. A hash total of employee
numbers would detect such a substitution although the
termination had not yet been recorded. A hash total is
an otherwise meaningless control total, such as the
total of employee numbers or invoice numbers, that is
used to verify data. Thus, the hash total for the
employee listing by the personnel department could
be compared with the total generated during the
payroll run.
Answer (D) is incorrect because a hash total would
detect the irregularity more quickly and easily than a
subsequent check.

[141] Source: CMA 0689 5-8

[138] Source: CMA 0687 5-8
Answer (A) is incorrect because the terms used are
not meaningful in this context.
Answer (B) is incorrect because the terms used are
not meaningful in this context.
Answer (C) is correct. A master file containing
relatively permanent information, e.g., an inventory
file containing the part number, description, quantities
on hand, quantities on order, etc., is used in a file
processing run. Transactions are processed against
the master file, thus periodically updating it. A
transaction file (detail file) contains current transaction
information used to update the master file, e.g., the
number of items shipped to be removed from
inventory.
Answer (D) is incorrect because the terms used are
not meaningful in this context.

[139] Source: CMA 0687 5-15

Answer (A) is incorrect because local control permits
quick completion of jobs.
Answer (B) is incorrect because small jobs can be
handled easily.
Answer (C) is incorrect because use of a distributed
network permits backup by other computers when
one is down.
Answer (D) is correct. Distributed data processing
involves the use of remote computers that interact
with a central facility and/or with each other to form a
network. Control over operation and development of
applications is usually local. This local control can be
a disadvantage because of a shortage of EDP
professionals. Other disadvantages are weakened
security, high cost, audit difficulties, and coordination
problems.

[140] Source: CMA 1287 5-15

Answer (A) is incorrect because a batch total, such
as a financial total, summarizes one information field,
such as pay or hours worked, in a group of
documents. In this question, this item would have
appeared to be correct.

Answer (A) is incorrect because disk storage is more

expensive.
Answer (B) is correct. A disk storage system offers
random access memory, but a tape system permits
only sequential access. Random access is faster and
thus is appropriate for online systems and other
applications that need rapid retrieval of data.
Answer (C) is incorrect because disk systems offer
random access.
Answer (D) is incorrect because magnetic tape is
measured in bytes per inch.

[142] Source: CMA 1289 5-2

Answer (A) is correct. Controls in a payroll system
should include a proper separation of the functions of
authorization, record keeping, and custody of assets;
batch totals for such items as hours worked and
payroll amounts; hash totals (e.g., of employee
identification numbers) to test for completeness of
processing; record counts for each run; special
control over unclaimed checks (the person who
distributes checks must not retain unclaimed checks);
and backup copies of files to allow for reconstruction
if information is lost.
Answer (B) is incorrect because separation of duties
and backup procedures are not mentioned.
Answer (C) is incorrect because separation of duties
and backup procedures are not mentioned.
Answer (D) is incorrect because separation of duties
and backup procedures are not mentioned.

[143] Source: CMA 1289 5-3

Answer (A) is incorrect because it is a true statement
about coding.
Answer (B) is incorrect because it is a true statement
about coding.
Answer (C) is correct. A primary key, such as a
customer number in an accounts receivable file, is the
main code used to store and locate records within a
file. However, records can be sorted, and temporary
files created, using codes other than the primary keys.

Secondary keys are used to sort records based on an

attribute other than the primary key, for example, the
credit limit or current balance for an accounts
receivable file. An inverted file is the result of such a
process. Moreover, a given data record can have
more than one secondary key. However, secondary
keys are not substitutes for primary keys.
Answer (D) is incorrect because it is a true statement
about coding.

[144] Source: CMA 1290 4-21

Answer (A) is incorrect because a basic tenet of
internal control is that all activities should be executed
in accordance with management's express or implied
authorization.
Answer (B) is incorrect because effective internal
control ensures the reliability of records. A control
group (clerk) should perform a continuous review
function by supervising and monitoring input,
operations, and distribution of output.
Answer (C) is incorrect because security is a proper
concern of internal control. Restricted access and
passwords are examples of controls to secure data
files.
Answer (D) is correct. A functional separation of
EDP activities is necessary. A programmer designs
program flowcharts and writes the computer
programs as required by the system. Once the
program has been debugged and the documentation
prepared, the programmer should have no further
access to it or to data files. A librarian is responsible
for permitting only computer operators, not
programmers, to have access to programs.

[145] Source: CMA 1290 4-22

Answer (A) is incorrect because combining the duties
of project leaders and programmers affords less
opportunity to commit irregularities than combining
programming and computer operation, although
separation of these duties might enhance control.
Answer (B) is correct. The computer operator should
not be assigned programming responsibility and have
the opportunity to make changes in programs as (s)he
operates the equipment. In general, achieving control
through separation of duties in the EDP department
requires that EDP personnel have no access to assets
and that access to computer operation, possession of
files, and development of program logic be strictly
separated.
Answer (C) is incorrect because combining the duties
of management and users affords less opportunity to
commit irregularities than combining programming
and computer operation, although separation of these
duties might enhance control.
Answer (D) is incorrect because combining the duties
of programmers and systems analysts affords less
opportunity to commit irregularities than combining
programming and computer operation, although
separation of these duties might enhance control.

[146] Source: CMA 1290 4-24

Answer (A) is incorrect because online systems
process transactions as they are entered, but a central
processor may do the work.

Answer (B) is incorrect because interactive

processing may not involve a network.
Answer (C) is incorrect because time-sharing
involves using another organization's computer.
Access to the other organization's central processor
is provided through dumb terminals.
Answer (D) is correct. Distributed data processing
has resulted from the advent of cheaper and smaller
computers and smart terminals. These small
computers or smart terminals (a terminal with
stand-alone processing capabilities) are dispersed
throughout the organization and connected in a
network. The increased interdependence among
processing sites allows greater flexibility in systems
design and the possibility for an optimal distribution of
processing tasks.

[147] Source: CMA 0692 4-3

Answer (A) is incorrect because block coding is not
limited to financial statement accounts.
Answer (B) is incorrect because block codes may
also use alphabetical characters.
Answer (C) is correct. Coding of data is the
assignment of alphanumeric symbols consistent with a
classification scheme. Block coding assigns blocks of
numbers in a sequence to classes of items. For
example, in a chart of accounts, assets may be given
numbers 100-199, liabilities the numbers 200-299,
etc.
Answer (D) is incorrect because block codes simplify
the sorting of data.

[148] Source: CMA 0693 4-4

Answer (A) is incorrect because control objectives
concerning the entity's ability to record, process,
summarize, and report financial data include
management authorization of access to assets.
Answer (B) is incorrect because control objectives
concerning the entity's ability to record, process,
summarize, and report financial data include proper
authorization of transactions.
Answer (C) is correct. An accounting control is
concerned with the safeguarding of assets and the
reliability of financial records, whereas an operational
or administrative control is concerned with
operational efficiency and effectiveness. Thus,
compliance with methods and procedures ensuring
operational efficiency and adherence to managerial
policies is an objective of an operational control.
Answer (D) is incorrect because control objectives
concerning the entity's ability to record, process,
summarize, and report financial data include
comparison of recorded accountability with assets at
reasonable intervals.

[149] Source: CMA 0695 4-13

Answer (A) is incorrect because a star network
routes all data through the host computer.
Answer (B) is correct. In a distributed system, an
organization's processing needs are examined in their
totality. The decision is not whether an application

should be done centrally or locally but, rather, which

parts are better performed by small local computers
as intelligent terminals and which parts are better
performed at some other, possibly centralized, site.
The key distinction between decentralized and
distributed systems is the interconnection among the
nodes in the network. A ring network links all
communication channels to form a loop and each link
passes communications through its neighbor to the
appropriate location.
Answer (C) is incorrect because a bus network
attaches all channel messages along one common line
with communication to the appropriate location via
direct access.
Answer (D) is incorrect because a tree configuration
is organized along hierarchical lines to a host
computer.

Answer (C) is incorrect because hardware and

operating controls are general controls.
Answer (D) is incorrect because hardware and
operating controls are general controls.

[153] Source: CMA 0685 5-25

Answer (A) is incorrect because identification of all
threats is not possible.
Answer (B) is incorrect because reasonable but not
absolute assurance can be provided.
Answer (C) is correct. A comprehensive computer
security plan should be developed to safeguard
physical facilities and hardware and provide for the
privacy and integrity of data. Such a plan assists
management in assuring that benefits exceed costs.

[150] Source: CMA 0693 4-12

Answer (A) is incorrect because the general ledger is
a master file with a record for every account.
Answer (B) is incorrect because subsidiary ledgers
are master files containing accounting records by
specific account categories.
Answer (C) is correct. Although most cash
disbursements are recorded in cash disbursements
journals, such transactions can also be recorded in
other journals, primarily the general journal.
Answer (D) is incorrect because transaction records
contain cross-references.

[151] Source: CMA 1284 5-28

Answer (A) is incorrect because the auditor must still
use audit judgment.
Answer (B) is correct. The primary use of
generalized computer programs is to select and
summarize a client's records for additional testing.
Generalized audit software packages permit the
auditor to audit through the computer, to extract,
compare, analyze, and summarize data and generate
output as part of the audit program. They allow the
auditor to exploit the computer to examine many
more records than otherwise possible with far greater
speed and accuracy.
Answer (C) is incorrect because an auditor must
have a knowledge of computer auditing to use a
generalized software package.
Answer (D) is incorrect because using a generalized
software package is a means of auditing through the
computer.

[152] Source: CMA 0685 5-24

Answer (A) is correct. Application controls relate to
specific tasks performed by the EDP department.
Their function is to provide reasonable assurance that
recording, processing, and reporting of data are
performed properly. Application controls are often
categorized as input controls, processing controls,
and output controls.
Answer (B) is incorrect because separation of
incompatible functions is a general, not an application,
control.

Answer (D) is incorrect because the development of

a plan is not the same as its successful
implementation.

[154] Source: CMA 0685 5-26

Answer (A) is incorrect because the employees must
have access to the system. Thus, the restriction of
access would not solve the problem.
Answer (B) is incorrect because the employees must
have access to the system. Thus, user codes and
passwords would not solve the problem.
Answer (C) is incorrect because a validity check is
used to compare input identification numbers with
acceptable numbers.
Answer (D) is correct. A compatibility test is an
access control used to ascertain whether a code
number is compatible with the use to be made of the
information requested. For example, a user may be
authorized to enter only certain kinds of transaction
data, to gain access only to certain information, to
have access to but not update files, or to use the
system only during certain hours.

[155] Source: CMA 0685 5-27

Answer (A) is incorrect because overflow occurs
when too large a number is attempted to be stored in
the CPU's memory, but an overflow control does not
provide assistance to the inexperienced user.
Answer (B) is correct. An online, real-time system
permits interaction between the system and the user.
Such a system can be designed to guide data entry by
prompting (asking questions of) the user. Automatic
teller machines are common examples.
Answer (C) is incorrect because it is an access
control.
Answer (D) is incorrect because checkpoints are
"snapshots" of data values and program indicators
taken periodically in a batch processing run. They are
useful as a means of recovery in the event of a
temporary hardware failure.

[156] Source: CMA 0685 5-29

Answer (A) is incorrect because the need for a

database arises more from the multiplicity of

applications than from the quantity of data stored.
Answer (B) is correct. The use of a database system
significantly reduces redundancy of stored data in a
system. Data in a standardized form are ideally
entered once into integrated files and then used for
any and all related applications. The database is
usually built to serve multiple applications.
Consequently, the data are independent of particular
applications and greater flexibility in meeting
unanticipated demands is possible. The database
approach also allows for better access by users and
for more rapid updating of information.
Answer (C) is incorrect because a database system
need not provide immediate (real-time) responses.
Answer (D) is incorrect because a database is an
integrated, centralized group of files.

Answer (C) is correct. The schema contains a

description of the logical and physical structure of the
database. The standard meanings of data items are
found in a data dictionary. A subschema is the part of
the database pertinent to a specific user. The
subschema indicates who may use the system.
Answer (D) is incorrect because file definitions are
found in the schema.

[160] Source: CMA 0685 5-33

Answer (A) is incorrect because database integrity
means that the data elements are consistent with one
another.
Answer (B) is correct. In a database, the data for
diverse applications are standardized, centralized,
and integrated. To say that a database has integrity
means that these data elements are consistent with
one another.

[157] Source: CMA 0685 5-28

Answer (A) is incorrect because the operating system
controls the overall functioning of the CPU and its
online peripheral equipment.
Answer (B) is correct. Special programs validate
(edit) input data for completeness, validity, and
accuracy. The edited data are then used in
processing. The errors, omissions, or exceptions are
printed on a report.
Answer (C) is incorrect because a compiler translates
source programs written in a higher level language
into machine language.
Answer (D) is incorrect because an ITF uses
simulated transactions to audit the processing system.

[158] Source: CMA 0685 5-30

Answer (A) is correct. A database provides for
minimum redundancy of data while serving multiple
applications. Data are stored in standardized form in
integrated files on direct access media and are related
by means of indexes (e.g., look-up tables), pointers
(e.g., the address/location of the next logical data
item), and other methods. In principle, a data item
need be entered into the system only once but will be
accessible to many applications. Accordingly, one of
the first steps in designing such a system is to provide
standard definitions for all data items so they will be
accessible by all users.
Answer (B) is incorrect because standardization of
data items occurs before increasing storage.
Answer (C) is incorrect because standardization of
data items occurs before obtaining software.
Answer (D) is incorrect because standardization of
data items occurs before integrating systems.

[159] Source: CMA 0685 5-31

Answer (A) is incorrect because an operating system
is a set of programs controlling the overall functioning
of the computer system.
Answer (B) is incorrect because a systems manual
documents the system through flowcharts,
descriptions, etc. but does not identify specific users.

Answer (C) is incorrect because database integrity

means that the data elements are consistent with one
another.
Answer (D) is incorrect because database integrity
means that the data elements are consistent with one
another.

[161] Source: CMA 0685 5-32

Answer (A) is incorrect because tape does not allow
for the direct access required in a database system.
Answer (B) is incorrect because data files are kept
on a secondary storage medium, not the CPU's
primary memory.
Answer (C) is correct. Mainframe computer
databases use magnetic hard disks as a secondary
storage medium. They provide direct rather than
sequential access and have greater capacity than
floppy disks.
Answer (D) is incorrect because ROM is not
appropriate for storage of data that require updating.

[162] Source: CMA 0686 5-8

Answer (A) is incorrect because terminals will be
required.
Answer (B) is incorrect because printers will be
required.
Answer (C) is correct. Batch processing is the
accumulation and grouping of transactions for
processing on a delayed basis. The batch approach is
suitable for applications involving large volumes of
similar items, e.g., payroll, sales, and inventory
transactions. Remote batch processing (remote job
entry) entails collection and entry of data from places
other than the location of the CPU. Thus, only one
CPU is needed. However, terminals, printers,
input/output controls, communications links, and
effective procedures will still be required at each user
location.
Answer (D) is incorrect because input/output controls
will be required.

[163] Source: CMA 0686 5-10

Answer (A) is incorrect because a separate edit run

is needed when a sequential access medium, such as
magnetic tape, is used to store files.
Answer (B) is correct. If direct access files are used,
the computer may read or write on a given record in
the file without having to make a sequential search of
other records. Direct access files permit transactions
to be entered and the data converted, edited, and
used to update files in a real-time, online mode.

Program documentation (the program run manual)

consists of problem statements, systems flowcharts,
operating instructions, record lay-outs, program
flowcharts, program listings, test data, and approval
and change sheets.
Answer (D) is incorrect because the control group
exists to supervise input, processing, and output.

[167] Source: CMA 0687 5-3

Answer (C) is incorrect because backup procedures

entail making copies of already validated data.

Answer (A) is incorrect because audit software is

used with batch processing systems.

Answer (D) is incorrect because editing of data is a

vital processing step that should never be omitted.

Answer (B) is correct. An integrated test facility

involves the use of a fictitious entity, such as a dummy
customer in accounts receivable, against which data
transactions are processed. The results are then
compared with those previously determined. This
technique can be used without computer operator
knowledge during routine system operation. The ITF
is relatively inexpensive and requires no special
processing. It is employed in auditing online, real-time
systems.

[164] Source: CMA 0686 5-13

Answer (A) is incorrect because it is external to
computer processing.
Answer (B) is incorrect because it is external to
computer processing.
Answer (C) is incorrect because it is external to
computer processing.
Answer (D) is correct. Arithmetic proof checks
(recalculations) are performed by edit routines before
data are processed. A simple example is comparing
total debits and total credits.

[165] Source: CMA 0686 5-12

Answer (A) is incorrect because a batch total is the
total of an information field in a batch of records.
Answer (B) is incorrect because a record count is a
control total using a count of records processed
during the various phases of the operation of a
program.
Answer (C) is correct. A check digit, or
self-checking number, is an input control to determine
if an error might have been made on an identification
number. The digit is an extra number on the end of
the identification number (creating a new ID number)
which is calculated by an algorithm on the original
part of the ID number. If the ID is miskeyed, the
algorithm will produce a number different from the
check digit and an error will be detected and
reported.
Answer (D) is incorrect because a checkpoint is a
point in a program at which data are recorded for
backup purposes.

[166] Source: CMA 0686 5-14

Answer (A) is incorrect because programmers should
not have access to operational materials.
Answer (B) is incorrect because editing routines
check for arithmetic errors prior to processing, and
debugging should uncover errors in programs.
Answer (C) is correct. Complete, up-to-date
documentation of all programs and associated
operating procedures is necessary for efficient
operation of a computer installation. Maintenance of
programs is important to provide for continuity and
consistency of data processing services to users.

Answer (C) is incorrect because tagging requires the

generation of a complete audit trail and is used in
advanced systems. Tagging electronically identifies
the items to be traced (tracked) by means of a
special code. These transactions are processed
normally but are monitored to determine if the
program logic is handled appropriately.
Answer (D) is incorrect because tracing requires the
generation of a complete audit trail and is used in
advanced systems. Tracing (tracking) is an audit
technique that provides an electronic walk-through of
the data processing system.

[168] Source: CMA 0687 5-7

Answer (A) is incorrect because it would be included
in the table or matrix.
Answer (B) is incorrect because it would be included
in the table or matrix.
Answer (C) is incorrect because it would be included
in the table or matrix.
Answer (D) is correct. Compatibility tests restrict
access to the computer system by determining
whether access by a given user (or device) is
compatible with the nature of the attempted use. A
series of passwords or identification numbers may be
required to gain access to the system, to examine
data files, and to perform processing using particular
programs. Thus, a clerk might be authorized only to
read the data in a given file while using a specified
terminal, but his/her superior might be able to update
the file. Compatibility tests require online storage of
authorization tables or matrices that specify the
access permitted to specified codes and devices. The
number of authorized inquiries per user is not
included in such a table.

[169] Source: CMA 0687 5-14

Answer (A) is incorrect because the installation of a
database management system is likely to reduce data
redundancy.
Answer (B) is incorrect because the installation of a
database management system is likely to eliminate

inconsistencies within common data fields.

Answer (C) is correct. A database is a set of related
files arranged so that data usually need to be stored
only once. A DBMS is an integrated set of computer
programs that create the database, maintain the
elements, safeguard the data from loss or destruction,
and make the data available to application programs
and inquiries. The database structure is independent
of the applications. When writing programs, only the
name of a data item is needed because the DBMS
will take care of locating it. The installation of a
DBMS is likely to reduce data redundancy, promote
sharing of data, eliminate inconsistencies within data
fields, and provide more sophisticated internal control
over data accuracy and access. However, program
logic would not change because changes in the
physical or logical structure of the database do not
offset applications programs.
Answer (D) is incorrect because the installation of a
database management system is likely to provide
more sophisticated internal control over data
accuracy and access.

[170] Source: CMA 1287 5-17

Answer (A) is incorrect because segregation of
functions makes it more difficult for one person both
to perpetrate and conceal an irregularity.
Answer (B) is incorrect because hiring honest and
capable employees prevents many problems.
Answer (C) is incorrect because documentation
provides a guide for conduct.
Answer (D) is correct. Preventive controls are
designed to prevent an error or irregularity from
occurring. State-of-the-art hardware and software
would presumably incorporate the latest control
features, but a less advanced system could very well
contain a sound preventive control structure. Hence,
state-of-the-art components are not essential for
effective control.

[171] Source: CMA 1289 5-1

Answer (A) is incorrect because a purchase
requisition is also needed.
Answer (B) is incorrect because a purchase order
and requisition are also necessary.
Answer (C) is correct. Before ordering an item, the
purchasing department should have on hand a
purchase requisition reflecting an authorized request
by a user department. Before a voucher is prepared
for paying an invoice, the accounts payable
department should have the purchase requisition, a
purchase order (to be certain the items were indeed
ordered), the vendor's invoice, and a receiving report
(to be certain the items were received).
Answer (D) is incorrect because a receiving report is
needed.

[172] Source: CMA 0690 5-1

Answer (A) is incorrect because Purchasing places
orders that have been initiated and authorized by
others.
Answer (B) is incorrect because Stores Control has

custody of materials; it does not maintain inventory

records.
Answer (C) is correct. The Inventory Control
Department would be responsible for initiating a
purchase. It has access to the inventory records and
would therefore know when stocks were getting low.
Answer (D) is incorrect because the Production
Department manufactures goods and obtains
materials from Stores Control.

[173] Source: CMA 0690 5-3

Answer (A) is incorrect because Stores Control does

not need to know that a purchase has been initiated.
Answer (B) is correct. The Accounts Payable
Department should receive a copy of the purchase
order for internal control purposes to ensure that all
invoices paid are for properly authorized items. The
Receiving Department should receive a copy (with
the quantity omitted to encourage an honest count) so
that its employees will know that incoming shipments
were authorized and should be accepted. In addition,
the department issuing the purchasing requisition (the
Inventory Control Department) should receive a copy
as a notification that the order has been placed.
Answer (C) is incorrect because Accounts
Receivable does not need a copy.
Answer (D) is incorrect because Production Planning
does not need a copy.

[174] Source: CMA 0690 5-4

Answer (A) is incorrect because the Inventory
Control Department should not have to follow up on
orders once the purchase requisition has been sent.
Answer (B) is incorrect because the Stores
Department is responsible only for the security of
goods once they are received.
Answer (C) is incorrect because Production Planning
is concerned only with the types and quantities of
products to be produced.
Answer (D) is correct. The Purchasing Department is
in the best position to follow up on purchase orders
because it is the department closest to the vendors. In
effect, the Purchasing Department is fully responsible
for all communications with the vendor from the time
a purchase order is issued until the goods are
received.

[175] Source: CMA 0690 5-5

Answer (A) is incorrect because an acknowledgment

purchase order is not necessary for payment.
Answer (B) is incorrect because an acknowledgment
purchase order is not necessary for payment.
Answer (C) is incorrect because a monthly statement
is not needed; payments are made from the original
invoice, not a statement.
Answer (D) is correct. The Accounts Payable
Department prepares a voucher from a vendor's
invoice only after examining supporting documents.

These include a properly authorized purchase order

and a receiving report stating quantities received and
their condition.

[176] Source: CMA 0690 5-6

Answer (A) is incorrect because the daily production
schedule is used to plan a variety of manufacturing
activities.
Answer (B) is incorrect because a raw materials
requisition is sent from the Production Department to
inventory control to obtain materials needed for
production.
Answer (C) is incorrect because a bill of materials is
a list of the components in a particular product.
Answer (D) is correct. The Production Planning
Department uses a production order to authorize the
Production Department to manufacture a specific
product.

[177] Source: CMA 0690 5-7

Answer (A) is incorrect because the payroll register
is the listing of payroll checks given to each
employee. The total of the payroll register is the total
payroll for the period.
Answer (B) is incorrect because the production order
cost summary is the total of costs assigned to a
particular production order.
Answer (C) is incorrect because an operations list is
a listing of operations required for a product.
Answer (D) is correct. A job time ticket is used by
employees to account for their time throughout the
day. As an employee finishes his/her work on a
particular job, (s)he prepares a time ticket that lists
the amount of time spent on that job so that its cost
can be calculated.

Answer (B) is incorrect because the Timekeeping

Department authorized payment based on a certain
number of hours worked.
Answer (C) is incorrect because a production
supervisor or fellow worker has an opportunity to
intercept the check of a fictitious or terminated
employee.
Answer (D) is correct. The responsibility for
unclaimed paychecks should be given to a
department that has no opportunity to authorize or
write those checks. Because the treasury function
serves only an asset custody function and thus has
had no input into the paycheck process, it is the
logical repository of unclaimed checks.

[180] Source: CMA 0690 5-10

Answer (A) is incorrect because it is a proper
segregation of functions.
Answer (B) is incorrect because it is a proper
segregation of functions.
Answer (C) is incorrect because it is a proper
segregation of functions.
Answer (D) is correct. Allowing a sales department
to approve a credit memo without a receiving report
would be dangerous. Sales personnel could overstate
sales in one period and then reverse them in
subsequent periods. Thus, a copy of the receiving
report for returned goods should be sent to the billing
department for preparation of a credit memo after
approval by a responsible supervisor who is
independent of the Sales Department.

[181] Source: CMA 0690 5-11

Answer (A) is incorrect because it defines an invoice.
Answer (B) is incorrect because a packing slip
provides such information.

[178] Source: CMA 0690 5-8

Answer (A) is incorrect because separating
timekeeping and payroll preparation is an effective
control. It prevents one person from claiming that an
employee worked certain hours and then writing a
check to that employee. Payment to an absent or
fictitious employee would therefore require collusion
among two employees.
Answer (B) is incorrect because separating paycheck
preparation from distribution makes it more difficult
for fictitious employees to receive checks.
Answer (C) is incorrect because separating
timekeeping from factory departments is a good
control over the factory workers.
Answer (D) is correct. Most companies have their
payrolls prepared by the same individuals who
maintain the year-to-date records. There is no need
for this functional separation because the duties are
closely related.

[179] Source: CMA 0690 5-9

Answer (A) is incorrect because the Payroll
Department was responsible for causing the check to
be written.

Answer (C) is correct. A bill of lading is both a

contract for shipment and a document of title issued
(signed) by a common carrier to accept transfer of
possession of goods delivered by the seller to the
carrier. It can be either negotiable or nonnegotiable.
Answer (D) is incorrect because a credit (debit)
memo authorizes a debit to sales returns and a credit
to accounts receivable.

[182] Source: CIA 1192 III-31

Answer (A) is correct. The situation described
requires direct access to a customer's account during
the day and sequential processing of batches of
customer transactions each night. The company
should use an indexed sequential file organization. In
this system, records are accessed by means of a
directory or index, but are also tied together
sequentially to permit sequential processing.
Answer (B) is incorrect because direct access is
inappropriate. It requires a one-to-one
correspondence between records and their storage
locations. Production data are sparse, so the disk
would be used very inefficiently.
Answer (C) is incorrect because randomizing, which

converts the primary key of a record to a random

number and then to a storage address, is inefficient
for large data files although it permits random access.
Answer (D) is incorrect because sequential access
would not permit clerks to respond immediately to
customer inquiries about order status.

[183] Source: CIA 0594 III-30

Answer (A) is incorrect because reciprocal
processing agreements are often used for small
systems and batch processing.
Answer (B) is correct. A reciprocal processing
agreement permits the disaster-stricken party to
obtain space and equipment on a time-available
basis. However, online teleprocessing facilities would
be difficult to provide because the assisting
organization's excess time, if any, would most likely
be limited to weekends and the third shift.
Answer (C) is incorrect because reciprocal
processing agreements are often used for small
systems and batch processing.
Answer (D) is incorrect because the desirability of a
reciprocal processing agreement increases when
operations are totally centralized.

[184] Source: CIA 0591 III-82

Answer (A) is incorrect because library systems help
in the maintenance of collections of data and program
files.
Answer (B) is incorrect because access controls are
security controls.
Answer (C) is incorrect because languages permit
coding of instructions for execution by the computer.
None of the terms given is for a language.
Answer (D) is correct. A database management
system (DBMS) is an integrated set of computer
programs that create the database, maintain the
elements, safeguard the data from loss or destruction,
and make the data available to application programs
and inquiries. The items listed are commercial DBMS
packages.

[186] Source: CIA 1193 III-32

Answer (A) is incorrect because the operating system
regulates the use of the components of the computer
system.
Answer (B) is incorrect because a program library
management system controls the movement of
programs and job control statements into and out of
the production program libraries.
Answer (C) is correct. A database is characterized
by the independence of applications from the physical
arrangement of the data. Application programmers
define a user view (external schema) of the data and
write program instructions using a programming
language interface with the DBMS. Consequently,
programs need not specify the location of a data item.
Only the name of the item is necessary. The DBMS
mediates between user view and the actual physical
arrangement of the data. Hence, different users
(applications) may create different views of the data.
Answer (D) is incorrect because utility programs
have special purpose functions, e.g., sorting, printing,
or copying.

[187] Source: CIA 1193 III-33

Answer (A) is correct. According to Systems
Auditability and Control (The Institute of Internal
Auditors, 1991, p. 5-35), a "data dictionary/directory
is an organized and shared collection of information
about the objects and resources used by the IS
organization to deliver or exchange information
internally and externally."
Answer (B) is incorrect because specification of
system users is a function of the security features of a
DBMS.
Answer (C) is incorrect because the data control
language specifies privileges and security rules for
objects and resources.
Answer (D) is incorrect because database
administrators have the overall responsibility for
developing and maintaining the database and for
establishing controls to protect its integrity.

[188] Source: CIA 0594 III-27

[185] Source: CIA 1191 III-27
Answer (A) is incorrect because error prevention
involves providing specific instructions so that the
user knows what to do and avoids making errors.

Answer (B) is incorrect because error detection

involves providing immediate notification that an error
has been detected by way of an error message.
Answer (C) is incorrect because error correction is
usually in the form of a question. It asks the user to
respond and verify the request before the transaction
is processed.
Answer (D) is correct. Error recovery procedures
allow the user to reconstruct the prior state of the
database by logging the updating transaction as well
as before-and-after images of the record. A single
"undo" command can then be used to rectify the
mistake.

Answer (A) is correct. Access must be controlled to

ensure integrity of documentation, although read
access should be provided to other parties for
applications development and maintenance. The
DBA has the overall responsibility for developing and
maintaining the database and for establishing controls
to protect its integrity.
Answer (B) is incorrect because programmers may
be able to modify programs, files, and controls and
should therefore have no access to them.
Answer (C) is incorrect because librarians should
have no access to equipment or the skills to
perpetrate fraud.
Answer (D) is incorrect because programmers may
be able to modify programs, files, and controls and
should therefore have no access to them.

[189] Source: CIA 1191 III-24

Answer (A) is correct. Multiplexors are switching

devices that channel the flow of data. They intermix
the two-way flow so that data may be transmitted
over a single line. A multiplexor channel permits
sending more than one message on a communication
line (interleaving). As a result, several terminals may
be able to share a communication line to a CPU.
Answer (B) is incorrect because a modem is a device
used to convert analog data transmissions into digital
form and vice-versa.
Answer (C) is incorrect because a coaxial cable is a
data communication line, not a device.
Answer (D) is incorrect because a bus is part of the
internal structure of a microprocessor.

[190] Source: CIA 0592 III-26

Answer (A) is correct. A communication network
consists of one or more computers and their
peripheral equipment linked together. Local-area
networks (LANs) link together hardware and other
equipment within a geographical area so that users
can share data and hardware devices.
Answer (B) is incorrect because wide-area networks
are for long-distance communications and typically
use the resources of companies such as AT&T.
Answer (C) is incorrect because baseband
(narrowband) networks, a type of local-area
network, are used exclusively for data
communications. Baseband communications channels
provide the slowest data transport (less than 30
characters per second). Broadband communications
channels provide the fastest data transport (more than
1,200 characters per second).
Answer (D) is incorrect because a broadband
network may use microwave circuits and satellite
channels.

[191] Source: CIA 1193 III-24

Answer (A) is correct. An electronic mail system is a
computer-based message system that permits
transfer, receipt, and storage of messages within or
between computer systems. The advantages of
electronic mail are high-speed transmission, reduction
of message preparation costs, and the possibility of
sending or reading messages at a convenient time.
Hence, electronic mail is more cost-effective than
other methods of delivering information.

Answer (B) is correct. Electronic data interchange is

the electronic transfer of documents between
businesses. EDI was developed to enhance
just-in-time (JIT) inventory management. Advantages
include speed, reduction of clerical errors, and
elimination of repetitive clerical tasks and their costs.
Answer (C) is incorrect because electronic data
processing (EDP) is a generic term for computerized
processing of transaction data within organizations.
Answer (D) is incorrect because electronic document
exchange (EDE) is a nonsense term.

[193] Source: CMA 1294 4-15

Answer (A) is incorrect because neither
programmers nor project leaders have access both to
programs and computers; thus, danger of control
breakdowns is minimal.
Answer (B) is incorrect because systems analysts are
specifically qualified to analyze and design computer
systems; the work of the systems analyst is used to
guide the work of programmers. The two need to
work together.
Answer (C) is incorrect because neither
programmers nor users of computer output have
access to the operating computer; thus, danger is
minimal.
Answer (D) is correct. Segregation of duties is
important in any environment in which control is a
concern. In particular, programmers and computer
operators should be kept separate because
programmers have the ability to modify programs,
files, and controls. Thus, they should not be allowed
to also operate the computer.

[194] Source: CIA 0594 III-18

Answer (A) is correct. When data fields for accounts
receivable are downloaded to the microcomputer, the
account number, name of customer, and the unused
credit balance should be included to ensure efficient
processing. The name should be displayed when the
account number is entered to provide a control
check. The system then should show the amount
available for a credit purchase. Also, the user should
not be required to perform a calculation that could be
done by the computer.
Answer (B) is incorrect because the name should be
provided as a control, and presentation of the unused
credit balance obviates the need for a calculation.

Answer (B) is incorrect because it requires that users

have access to appropriate hardware and be trained
to use the various features of the system.

Answer (C) is incorrect because the name should be

provided as a control.

Answer (C) is incorrect because all senders and

receivers must be wired into the network and acquire
the necessary hardware to use the system.

Answer (D) is incorrect because the unused credit

balance should be given instead of the current
customer balance.

Answer (D) is incorrect because only individuals who

have been given appropriate access passwords and
identification codes recognized by the system can use
it.

[192] Source: CIA 0594 III-26

Answer (A) is incorrect because electronic funds
transfer (EFT) refers to the transfer of money.

[195] Source: CIA 0594 III-19

Answer (A) is incorrect because the sales department
is creating an informal system to compensate for a
system deficiency. The risk is that it may rely on the
previous day's file and its outdated credit information.
Answer (B) is incorrect because the sales department
is capturing data at the beginning of the day. The risk

is that customers will exceed their credit limits if

multiple orders are submitted on the same day.

Answer (A) is incorrect because the user is

responsible for input preparation.

Answer (C) is correct. Backups of transaction data

are necessary for security and to safeguard data and
provide control. However, in this situation the user
file does not contain transaction data and a backup
would likely duplicate data contained elsewhere. It is
highly probable that the main system has a history file
with the day's beginning balances that could be
accessed if needed.

Answer (B) is correct. A database administrator

(DBA) is the person who has overall responsibility
for developing, designing, controlling, and maintaining
the database. The DBA manages all database
functions including design and maintenance of the
schema that describes the structure of the database.
The DBA also assigns user passwords and
establishes other security measures. Control of
changes in data items and in the programs that use the
database is another responsibility of the DBA.

Answer (D) is incorrect because the risk is that the

sales department could alter the contents of the file
and allow customers to exceed their credit limits.

Answer (C) is incorrect because the manager of the

EDP department is responsible for equipment
(hardware) operations.

[196] Source: CIA 1193 III-19

Answer (A) is incorrect because transaction retrievals
are used to select items for testing and review.
Answer (B) is incorrect because test decks are used
to verify processing accuracy.
Answer (C) is incorrect because software code
comparisons are used to validate that programs in
production correspond to an authorized copy of the
software.
Answer (D) is correct. Flowcharting is a useful tool
for systems development as well as understanding the
internal control structure. A flowchart is a pictorial
diagram of the definition, analysis, or solution of a
problem in which symbols are used to represent
operations, data flow, transactions, equipment, etc.
The processing is presented as sequential from the
point of origin to final output distribution. Processing
usually flows from top to bottom and left to right in
the flowchart. Areas of responsibility (e.g., data
processing or purchasing) are usually depicted in
vertical columns or areas.

Answer (D) is incorrect because the systems

programming group is responsible for software
support.

[199] Source: CMA 1287 5-16

Answer (A) is incorrect because a batch total is a
total of one information field (such as sales on
invoices) for all records in a batch.
Answer (B) is correct. A completeness test checks
that all data elements are entered before processing.
An interactive system can be programmed to notify
the user to enter the number before accepting the
receiving report.
Answer (C) is incorrect because a sequence check
tests for the ordering, not omission, of records.
Answer (D) is incorrect because a limit or
reasonableness test checks the values of data items
against established limits.

[200] Source: CMA 1289 5-7

[197] Source: CMA Samp Q4-8
Answer (A) is incorrect because the domain is the set
of possible values of an attribute of one particular
entity.
Answer (B) is incorrect because subschema is a
particular user's (application's) view of a part of the
database using data definition language.
Answer (C) is correct. Cardinality expresses the
bounds (a minimum and a maximum) of the
association between related entities. For example,
assuming the entities are (1) the number of students
and (2) a college class, a cardinality limit of (3, 59)
for the class entity in the student-class relationship
means that a class may contain from 3 to 59 students.
The minimum cardinality means that an occurrence of
the entity on one side of the relation (the class) must
be linked to at least three instances of the entity on
the other side (the number of students). The
maximum cardinality means that an occurrence of the
class entity must be linked to no more than 59
instances of the student entity.
Answer (D) is incorrect because a referential path is
the connection between an unspecified number of
relations connected by a chain of referential
constraints.

[198] Source: CMA 1287 5-3

Answer (A) is incorrect because it is a true statement

about database management systems.
Answer (B) is incorrect because it is a true statement
about database management systems.
Answer (C) is correct. A database management
system (DBMS) involves an integrated set of
computer programs that create the database, maintain
the elements, safeguard the data from loss or
destruction, and make the data available to
application programs and inquiries. In a database
system, the data and programs, are maintained
separately except during processing. The DBMS
contains a description of the logical and physical
structure of the database called the schema. The
schema is the description of the structure or
organization of the database using data description
(definition) language. A primary goal of a DBMS is to
minimize data redundance, and user interface is
enhanced through increased accessibility and
flexibility. The system is administered by a database
administrator who is a person with overall
responsibility for developing and maintaining the
database.
Answer (D) is incorrect because it is a true statement
about database management systems.

[201] Source: CMA 1290 4-23

Answer (A) is incorrect because an interactive

system requires direct access files.
Answer (B) is incorrect because an interactive system
permits immediate, online processing of single
transactions.
Answer (C) is incorrect because the transaction file
does not have to be sorted before processing.
Answer (D) is correct. In an interactive (inquiry)
system, users employ interactive terminals to
converse directly with the system. The system is
characterized by online entry and processing, direct
access, and timesharing.

[202] Source: CMA 0691 4-24

Answer (A) is incorrect because preventive controls
are usually cheaper to implement than other types of
controls.
Answer (B) is incorrect because preventive controls
can be of many types other than general accounting
controls.
Answer (C) is incorrect because preventive controls
can be of many types other than accounting
transaction controls.
Answer (D) is correct. Preventive controls in a
system anticipate and avoid deviations. Examples
include training of personnel, segregation of duties,
prenumbered forms, documentation, passwords,
compatibility tests, and turnaround documents.
Preventive controls are usually more cost beneficial
as compared with other controls because they avoid
the costs of deviations and the costs of correction.

[203] Source: CMA 0691 4-25

Answer (A) is incorrect because edit checks also
include detective and corrective controls.
Answer (B) is correct. Edit checks are those that are
programmed into the software. They include error
listings, field checks, financial totals, hash totals, limit
and range checks, preformatting, reasonableness
(relationship) tests, record counts, self-checking
digits, sequence checks, sign checks, and validity
checks. Such checks should be performed on
transactions before the master file is updated.
Answer (C) is incorrect because edit checks are not
necessary for a system to run; they are purely for
internal control purposes.
Answer (D) is incorrect because edit checks are
normally performed at time of input or during
manipulation of data, not at the time of output.

[204] Source: CMA 0691 4-26

Answer (A) is incorrect because timeliness is not
necessarily an element of any system unless it is
online.
Answer (B) is incorrect because timeliness is not
necessarily an element of any system unless it is
online.
Answer (C) is incorrect because timeliness is not
necessarily an element of any system unless it is
online.

Answer (D) is correct. An online processing system

is in direct communication with the computer, giving it
the capability to handle transactions as they are
entered. An online system permits both immediate
posting (updating) and inquiry of master files as
transactions occur. In an online system, data are
immediately available to users upon entry.

[205] Source: CMA 0692 4-1

Answer (A) is incorrect because batch processing
provides as much of an audit trail as any
computerized operation.
Answer (B) is incorrect because individual
transactions are grouped into batches, and the entire
batch is processed together.
Answer (C) is incorrect because batch processing
refers to the input of data, not inquiry.
Answer (D) is correct. Batch processing is the
accumulation and grouping of transactions for
processing on a delayed basis. The batch approach is
suitable for applications that can be processed against
the master file at intervals and involve large volumes
of similar items, such as payroll, sales, inventory, and
billing.

[206] Source: CMA 0693 4-6

Answer (A) is incorrect because general, transaction,
and print-out controls do not assure accuracy of
inputs.
Answer (B) is incorrect because an echo check,
which is an input control over transmission along
communications lines, does not assure proper
authorization of data. Neither do the other techniques
assure completeness of data.
Answer (C) is incorrect because output controls are
insufficient to assure completeness and accuracy of
output. Input controls are also needed.
Answer (D) is correct. Input controls provide
reasonable assurance that data received for
processing have been properly authorized, converted
into machine-sensible form, and identified, and that
data have not been lost, suppressed, added,
duplicated, or otherwise improperly changed. Input
controls also relate to rejections, correction, and
resubmission of data that were initially incorrect.
Output controls provide assurance that the
processing result is accurate and that only authorized
personnel receive the output.

[207] Source: CMA 0693 4-10

Answer (A) is correct. Access controls, such as
passwords, ID numbers, access logs, and device
authorization tables, prevent improper use or
manipulation of data files and programs. They insure
that only those persons with a bona fide purpose and
authorization have access to data processing. Many
systems use tests that are maintained through an
internal access control matrix that consists of
authorized user code numbers, passwords, lists of all
files and programs, and a record of the type of
access each user is entitled to have to each file and
program.
Answer (B) is incorrect because user code numbers

and passwords may limit access to the overall

system, but are not capable of allowing limited use in
certain files.
Answer (C) is incorrect because access codes would
not be concerned with adjusting controls in all files.
Answer (D) is incorrect because a completeness test
is not an access control, but is used to determine
whether all necessary information has been
transmitted.

[208] Source: CMA 0693 4-15

Answer (A) is incorrect because either batch or
real-time processing may be used to query a
database system.
Answer (B) is incorrect because a query system is
dependent on the use of telecommunication networks
and database management query languages.

management. The advantages of EDI include

reduction of clerical errors, speed, elimination of
repetitive clerical tasks, and elimination of document
preparing, processing, and mailing costs.
Answer (D) is incorrect because distributed
processing distributes work among computers linked
by a communications network.

[211] Source: CMA 1294 4-18

Answer (A) is incorrect because EDI is the
communication of electronic documents directly from
a computer in one entity to a computer in another
entity.
Answer (B) is incorrect because interactive
processing does not allow for the use of another
end-user's application programs.

Answer (C) is incorrect because responses are in a

prespecified format.

Answer (C) is incorrect because an executive

support system focuses on strategic objectives and
gives immediate information about an organization's
critical success factors.

Answer (D) is correct. Inquiry processing in a

database system can be the result of either batch or
real-time processing. An inquiry system requires the
use of sophisticated hardware and software, including
a database query language. Responses are in a
prespecified format. End users receive responses
concerning the results of transaction activities, but are
not allowed to make changes to the records
retrieved.

Answer (D) is correct. Cooperative processing is a

system whereby computers in a distributed
processing network can share the use of application
programs belonging to another end user. The system
assigns different machines the functions they perform
best in executing a transaction-based application
program. For example, a microcomputer might be
used to enter and validate data for the application,
and a mainframe might handle file input and output.

[209] Source: CMA 1294 4-16

Answer (A) is incorrect because teleprocessing refers
to connections in an online system.
Answer (B) is incorrect because interactive
processing allows users to converse directly with the
system. It requires online processing and direct
access to stored information.
Answer (C) is incorrect because telecommuting
refers to the practice of individuals working out of
their homes by communicating with their office via the
computer.
Answer (D) is correct. Conducting an electronic
meeting among several parties at remote sites is
teleconferencing. It can be accomplished by
telephone or electronic mail group communication
software. Videoconferencing permits the conferees to
see each other on video screens. The practice has
grown in recent years as companies have attempted
to cut their travel costs.

[210] Source: CMA 1294 4-17

Answer (A) is incorrect because electronic mail is the
computer-to-computer exchange of messages.
Answer (B) is incorrect because interactive
processing does not permit access to another
company's database.
Answer (C) is correct. Electronic data interchange
(EDI) is the communication of electronic documents
directly from a computer in one entity to a computer
in another entity. For example, a buyer's computer
will issue a purchase order to a seller's computer.
EDI was developed to enhance JIT inventory

[212] Source: CMA 0695 4-19

Answer (A) is correct. A LAN is a local distributed
computer system, often housed within a single
building. Computers, communication devices, and
other equipment are linked by cable. Special
software facilitates efficient data communication
among the hardware devices.
Answer (B) is incorrect because a LAN is more than
a system to allow computer users to share
information; it is an interconnection of a computer
system.
Answer (C) is incorrect because a LAN is not a
library.
Answer (D) is incorrect because a LAN does not
require specialized hardware.

[213] Source: CMA 0695 4-20

Answer (A) is incorrect because each organizational
unit develops programs to make use of elements of a
broad database.
Answer (B) is incorrect because data handling
techniques are still the responsibility of the data
processing department; it is the use of the data that is
departmentalized.
Answer (C) is incorrect because the DBMS is no
safer than any other database system.
Answer (D) is correct. A fundamental characteristic
of databases is that applications are independent of
the database structure; when writing programs or
designing applications to use the database, only the
name of the desired item is necessary. Programs can

be developed for the user's specific needs without

concern for data capture problems. Reference can be
made to the items using the data manipulation
language, after which the DBMS takes care of
locating and retrieving the desired items. The physical
or logical structure of the database can be completely
altered without having to change any of the programs
using the data items; only the schema requires
alteration.

[214] Source: CMA 0695 4-21

Answer (A) is incorrect because a complex network
structure requires something more intricate than a flat
file structure.
Answer (B) is incorrect because a network structure
reduces redundancy by arranging data through
development of many-to-many relationships; that is,
each item may have multiple antecedent as well as
successive relationships, which would preclude a flat
file structure.
Answer (C) is incorrect because a network structure
reduces redundancy by arranging data through
development of many-to-many relationships; that is,
each item may have multiple antecedent as well as
successive relationships, which would preclude a flat
file structure.
Answer (D) is correct. A flat file structure is used
with a relational database model. A relational
structure organizes data in conceptual tables. One
relation (table or file) can be joined together or
related to another without pointers or linked lists if
each contains one or more of the same fields (also
known as columns or attributes). The relational
structure is expected to become the most popular
structure because it is relatively easy to construct.

[215] Source: CMA 0695 4-22

Answer (A) is incorrect because librarians maintain
control over documentation, programs, and data files;
they should have no access to equipment, but they
can assist in data processing operations.
Answer (B) is correct. Separation of duties is a
general control that is vital in a computerized
environment. Some separation of duties common in
noncomputerized environments may not be feasible in
a computer environment. However, certain tasks
should not be combined. Systems analysts, for
example, should be separate from programmers and
computer operators. Programmers design, write, test,
and document specific programs required by the
system developed by the analysts. Both programmers
and analysts may be able to modify programs, data
files, and controls and should therefore have no
access to computer equipment and files or to copies
of programs used in production. Operators should
not be assigned programming duties or responsibility
for systems design, and should have no opportunity
to make changes in programs and systems.
Answer (C) is incorrect because a separate
information officer outside of the accounting function
would not be as critical a separation of duties as that
between programmers and processors.
Answer (D) is incorrect because programmers
usually handle all types of programs.

[216] Source: CMA 0695 4-23

Answer (A) is incorrect because terminal logs are

access controls.
Answer (B) is incorrect because passwords are
access controls.
Answer (C) is correct. Application controls, including
input controls, are designed to assure the accuracy
and completeness of data entered into the computer.
Input controls provide assurance that data have not
been lost, suppressed, added, duplicated, or
otherwise improperly changed. A hash total is an
example of a data input validation routine. A hash
total is a control total without a defined meaning, such
as the total of employee numbers or invoice numbers,
that is used to verify the completeness of data. Thus,
the hash total for the employee listing by the
personnel department could be compared with the
total generated during the processing run.
Answer (D) is incorrect because backup controls are
general controls.

[217] Source: CMA 0696 4-14

Answer (A) is incorrect because an uninterruptible
power system is a system that is fully protected by a
generator or battery backup to prevent data
destruction and downtime from electrical power
outages.
Answer (B) is incorrect because a parallel system
exists if a company maintains an identical system to
the main system.
Answer (C) is incorrect because a cold site is a
cheaper alternative to a hot site. It is a shell facility
suitable for the quick installation of computer
equipment. It provides a prebuilt, environmentally
controlled area with raised flooring, electrical power,
and appropriate plumbing.
Answer (D) is correct. A disaster recovery plan may
include a contract with an external contingency facility
vendor. Depending on the organization's needs, the
contingency facility may be a hot site or a cold site. A
hot site is an arrangement with a vendor for a fully
operational facility that is configured to the user's
specific needs and that will be available within 24
hours. A hot site may also be fixed or portable and is
recommended for an organization that cannot afford
for its computer system to be down for even one day.

[218] Source: CMA 1296 4-25

Answer (A) is correct. Distributed processing is
characterized by a merger of computer and
telecommunications technology. Distributed systems
permit not only remote access to a computer but also
the performance of local processing at local sites. The
result is greater flexibility in systems design and the
possibility of an optimal distribution of processing
tasks.
Answer (B) is incorrect because, in a centralized
network, processing occurs in one location.
Answer (C) is incorrect because, in a pure
decentralized system, the nodes are not
interconnected.
Answer (D) is incorrect because a multidrop network
provides links for each terminal to a single
communications line connected to a central

processing unit; only one terminal can send or receive

messages at a time.

Answer (C) is incorrect because multi-networking

involves using multiple networks with the same
computer.

[219] Source: CMA 1296 4-29

Answer (A) is correct. Controls in a payroll system
should include a proper separation of the functions of
authorization, record keeping, and custody of assets;
batch totals for such items as hours worked and
payroll amounts; hash totals (e.g., of employee
identification numbers) to test for completeness of
processing; record counts for each run; special
control over unclaimed checks (the person who
distributes checks must not retain unclaimed checks);
and backup copies of files to allow for reconstruction
if information is lost.

Answer (D) is incorrect because neural networks,

although similar to expert systems, can learn from
making mistakes.

[222] Source: Publisher

Answer (A) is incorrect because it is an advantage of
using computers in the internal audit process.
Answer (B) is incorrect because it is an advantage of
using computers in the internal audit process.

Answer (B) is incorrect because separation of duties

and backup procedures are not mentioned.

Answer (C) is incorrect because it is an advantage of

using computers in the internal audit process.

Answer (C) is incorrect because separation of duties

and backup procedures are not mentioned.

Answer (D) is correct. Auditors may use computers

in many ways to simplify and enhance the audit
process. The auditor can work independently of the
auditee and can access records at remote sites
without travel. Auditors should never alter client data.

Answer (D) is incorrect because special controls

over unclaimed checks and backup procedures are
omitted.

[223] Source: CMA 0690 3-27

[220] Source: CMA 0695 4-30
Answer (A) is incorrect because an ITF includes a
dummy entity as well as test data.
Answer (B) is incorrect because generalized audit
software is a set of specialized software routines that
are designed to perform specialized audit tests and
store audit evidence.
Answer (C) is correct. An ITF involves the use of a
fictitious entity, such as a dummy customer in
accounts receivable, against which data transactions
are processed. Results are compared with previously
determined results. This procedure is used within the
framework of regular production, frequently without
computer operator knowledge. The use of an ITF
enables testing of a system as it routinely operates.
The cost of using an ITF is low. The disadvantages of
the ITF include the need to later nullify the data put
into the system and the possibility of contaminating a
database.
Answer (D) is incorrect because the ITF does not
use an audit log.

[221] Source: CMA 0693 4-8

Answer (A) is correct. An expert system is software
designed to perceive, reason, and understand. An
expert system is an interactive system that asks a
series of questions and uses knowledge gained from a
human expert to analyze answers and come to a
decision. The system is developed by using a
continuous process of revision. As new knowledge or
decision-making strategies become available, prior
systems must be revised.
Answer (B) is incorrect because decision support
systems are extensions of the MIS concept that are
primarily useful for semistructured problems, such as
those requiring the decision maker to exercise
judgment in controlling the process but allowing for
certain aspects of the problem to be preprogrammed.
A decision support system does not automate a
decision but rather provides tools for the user to
employ in applying his/her own insight and judgment.

Answer (A) is incorrect because authorization and

approval by users and review by control groups are
controls that do not function during processing.
Answer (B) is incorrect because review by control
groups is a control that does not function during
processing.
Answer (C) is incorrect because use of internal and
external labels is an organizational, not a processing,
control. External labels allow the computer operator
to determine whether the correct file has been
selected for an application. External labels are
gummed-paper labels attached to a tape reel or other
storage medium that identify the file. Internal labels
perform the same function through the use of
machine-readable identification in the first record in a
file.
Answer (D) is correct. A control total is an
application control that may consist of a count of the
number of records processed at different stages of
the operation. Comparison of the counts indicates
whether all records have been processed or some
have been added. A control total might also consist
of a total of one information field for all records
processed, such as the total sales dollars for a batch
of sales invoices. A limit or reasonableness check
tests whether the value of a field falls outside a
prescribed range. The range may be stated in terms
of an upper limit, lower limit, or both. The loss,
addition, etc., of data may result in an unreasonable
value. A sequence test verifies the ordering of
records and may therefore detect various anomalies.

[224] Source: CIA 1195 III-31

Answer (A) is incorrect because microcomputer use
is less controllable than mainframe use.
Answer (B) is incorrect because the difficulty of
control in a microcomputer environment threatens
data integrity.
Answer (C) is incorrect because, given their decades
of refinement, mainframes are usually more reliable

than microcomputers.
Answer (D) is correct. In cooperative processing,
microcomputers are more cost effective than
mainframes for data entry and presentation. They are
better suited to frequent screen updating and
graphical user interfaces.

[225] Source: CIA 0595 III-68

Answer (A) is incorrect because, given that only
existing systems would be converted, the transaction
volume would likely remain relatively constant.
Answer (B) is incorrect because, in a cooperative
processing environment, different computers execute
different parts of an application.
Answer (C) is correct. Cooperative processing
implies a tighter coupling than previously existed
between the microcomputers and the mainframe. The
result may threaten the managers' perceived
autonomy by increasing the control exercised by
headquarters and therefore the accountability of local
managers.
Answer (D) is incorrect because, compared with
mainframe-only processing, cooperative processing
typically requires more computer equipment at
distributed locations.

[228] Source: CIA 1196 III-75

Answer (A) is incorrect because inconsistent
processing occurs when a transaction has different
effects depending on when it is processed. Data
locking ensures consistent processing.
Answer (B) is incorrect because rollback failure is the
inability of the software to undo the effects of a
transaction that could not be run to completion. A
rollback failure is not caused by data locking.
However, data locking may lead to situations in
which rollback is required.
Answer (C) is incorrect because unrecoverable
transactions are not a typical symptom of locking
procedures.
Answer (D) is correct. In a distributed processing
system, the data and resources a transaction may
update or use should be held in their current status
until the transaction is complete. A deadly embrace
occurs when two transactions need the same
resource at the same time. If the system does not
have a method to cope with the problem efficiently,
response time worsens or the system eventually fails.
The system should have an algorithm for undoing the
effects of one transaction and releasing the resources
it controls so that the other transaction can run to
completion.

[226] Source: CIA 0596 III-75

[229] Source: CIA 0596 III-65
Answer (A) is correct. In distributed or cooperative
systems, the responsibility for ensuring that adequate
backups are taken is the responsibility of user
management. The systems are under the control of
users, not a central information processing
department.
Answer (B) is incorrect because distributed
environments have no systems programmers
comparable to those at central sites for traditional
systems.
Answer (C) is incorrect because distributed
environments may not have data entry clerks. Users
typically perform their own data entry.
Answer (D) is incorrect because, in distributed
environments, there are no tape librarians.

[227] Source: CIA 1192 III-35

Answer (A) is incorrect because normalization is the
practice of decomposing database relations to
remove data field redundancies and thus reduce the
likelihood of update anomalies.
Answer (B) is incorrect because, in a database, entity
integrity means that each thing or relationship in the
database is uniquely identified by a single key value.
Answer (C) is incorrect because, in a database, the
internal schema describes the ways the data are
physically organized on the disk.
Answer (D) is correct. The data in a database are
subject to the constraint of referential integrity. Thus,
if data are collected about something, e.g., a payment
voucher, all reference conditions regarding the data
must be met. Thus, for a voucher to exist, a vendor
must also exist.

Answer (A) is incorrect because the snapshot

technique makes duplicates to be stored at multiple
locations. Changes are periodically copied and sent
to each location. If a database is small, storing
multiple copies may be cheaper than retrieving
records from a central site.
Answer (B) is incorrect because the replication
technique makes duplicates to be stored at multiple
locations. Changes are periodically copied and sent
to each location. If a database is small, storing
multiple copies may be cheaper than retrieving
records from a central site.
Answer (C) is correct. A distributed database is
stored in two or more physical sites. The two basic
methods of distributing a database are partitioning
and replication. However, normalization is a process
of database design, not distribution. Normalization is
the term for determining how groups of data items in
a relational structure are arranged in records in a
database. This process relies on "normal forms," that
is, conceptual definitions of data records and
specified design rules. Normalization is intended to
prevent inconsistent updating of data items. It is a
process of breaking down a complex data structure
by creating smaller, more efficient relations, thereby
minimizing or eliminating the repeating groups in each
relation.
Answer (D) is incorrect because fragmentation or
partitioning stores specific records where they are
most needed. For example, a financial institution may
store a particular customer's data at the branch where
(s)he usually transacts his/her business. If the
customer executes a transaction at another branch,
the pertinent data are retrieved via communications
lines.

[230] Source: CIA 1196 III-57

[233] Source: CIA 1196 III-77

Answer (A) is correct. The data definition language
defines the database structure and content, especially
the schema (the description of the entire database)
and subschema (logical views of the database). The
schema specifies characteristics such as the names of
the data elements contained in the database and their
relationship to each other. The subschema defines the
logical data views required for applications. Thus, it
limits the data elements and functions available to
each application.
Answer (B) is incorrect because the data control
language specifies the privileges and security rules
governing database users.
Answer (C) is incorrect because data manipulation
language provides application programs with a means
of interacting with the database to add, retrieve,
modify, or delete data or relationships.
Answer (D) is incorrect because data command
interpreter languages are symbolic character strings
used to control the current state of database
management system operations.

[231] Source: CIA 1193 III-33

Answer (A) is incorrect because the database
management system log contains checkpoint records
that mark the boundary between two consecutive
transactions.
Answer (B) is correct. According to the Systems
Auditability and Control Report (The Institute of
Internal Auditors, 1991, p. 5-35), a "data
dictionary/directory is an organized and shared
collection of information about the objects and
resources used by the IS organization to deliver or
exchange information internally and externally."
Answer (C) is incorrect because specification of
system users is a function of the security features of a
DBMS.
Answer (D) is incorrect because the data control
language specifies privileges and security rules for
objects and resources.

Answer (A) is correct. RSA is a potential encryption

standard licensed to hardware and software vendors.
Public key encryption requires management of fewer
keys for a given client-server environment than does
private key encryption. However, compared with
DES, RSA entails more complex computations and
therefore has a higher processing overhead. RSA
requires two keys: the public key for encrypting
messages is widely known, but the private key for
decrypting messages is kept secret by the recipient.
Answer (B) is incorrect because DES is a shared
private-key method developed by the U.S.
government. It encrypts data into 64-bit blocks using
a 56-bit key. DES requires only a single key for each
pair of communicants that want to send each other
encrypted messages.
Answer (C) is incorrect because a modem is used for
telecommunications.
Answer (D) is incorrect because a cypher lock is a
physical device.

[234] Source: CIA 1196 III-78

Answer (A) is incorrect because no encryption
approach absolutely guarantees the secrecy of data.
Answer (B) is incorrect because keys may also be
distributed electronically via secure key transporters.
Answer (C) is correct. Encryption software uses a
fixed algorithm to manipulate plain text and an
encryption key (a set of random data bits used as a
starting point for application of the algorithm) to
introduce variation. The machine instructions
necessary to encrypt and decrypt data constitute
system overhead. As a result, processing speed may
be slowed.
Answer (D) is incorrect because periodic password
changes are needed. Passwords are the typical
means of validating users' access to unencrypted
data.

[235] Source: CIA 1195 III-40

[232] Source: CIA 0596 III-51
Answer (A) is incorrect because, if the only access is
read-only, no updating is possible.
Answer (B) is incorrect because utility programs
(e.g., performance monitors, job schedulers, and tape
and disk management systems) may have privileged
access capabilities. Thus, they may be able to bypass
normal security measures. Permitting updating from
privileged software is a breach of security.
Answer (C) is correct. A database management
system's software includes security features. Thus, a
specified user's access may be limited to certain data
fields or logical views depending on the individual's
assigned duties. A logical view consists of the fields
available to a given user, function, or application. It
may include all or part of a physical data file or a
combination of fields from multiple physical data files.
Answer (D) is incorrect because updating of users'
access profiles should be a function of a security
officer.

Answer (A) is correct. Companies can use public

switched lines (phone lines) on a per-transmission
basis. This option is the most cost-effective way for
low-volume users to conduct telecommunications.
Answer (B) is incorrect because fast-packet switches
receive transmissions from various devices, break the
data into packets, and route them over a network to
their destination. They are typically installed by
telecommunication utility companies and other large
companies that have their own networks.
Answer (C) is incorrect because electronic mail
systems do not allow for voice and image
transmissions.
Answer (D) is incorrect because the Internet does
not provide telephone connections.

[236] Source: CIA adap

Answer (A) is incorrect because value-added
carriers provide data security and error detection and
correction procedures.

Answer (B) is correct. Public-switched networks are

wide area networks that use public telephone lines.
This arrangement may be the most economical, but
data transmission may be of lower quality, no
connection may be available, and security measures
may be ineffective.

connects the LAN to other networks is a network

gateway.
Answer (D) is incorrect because a workstation
dedicated to a single user of the LAN is a client.

[240] Source: CIA 0596 III-76

Answer (C) is incorrect because local area networks
inherently limit data transmission exposures.
Answer (D) is incorrect because private networks
provide security through limited access and dedicated
facilities.

[237] Source: CIA 0595 III-44

Answer (A) is incorrect because offline processing
occurs when devices are not directly connected to
the computer.
Answer (B) is incorrect because expert systems are
information systems that provide diagnostic and
problem solving through the use of structured
software and expert experience.
Answer (C) is incorrect because direct access refers
to the method for storing and retrieving data within a
database.
Answer (D) is correct. A local area network is a
user-controlled network that operates without the
assistance of a common carrier. It can have several
microcomputers attached to a host computer, can be
linked as part of several LANs that may or may not
communicate with a host computer, or can be
connected together but not connected to a host
computer (stand alone). A peer-to-peer network
operates without a mainframe or file server.

Answer (A) is correct. Loss of confidentiality is a

major risk of an e-mail system. Thus, inability to
encrypt messages going between network gateways
is a major security issue. A gateway is a means of
connecting otherwise incompatible networks, nodes,
or devices. It performs this function by converting
one set of communication protocols to another.
Accordingly, even if all systems are secured, an
unsecured gateway can be a security exposure.
Answer (B) is incorrect because loss of critical text
within messages is a less serious concern than loss of
confidentiality.
Answer (C) is incorrect because inability of receiving
users to automatically acknowledge receipt of
messages is a less serious concern than loss of
confidentiality.
Answer (D) is incorrect because inability to keep
backup copies of messages is a less serious concern
than loss of confidentiality.

[241] Source: CIA 1196 III-61

Answer (A) is incorrect because EDI is for the
electronic transmission of business information and
electronic mail, but it does not offer central
repositories that store messages for many parties to
read.

Answer (A) is incorrect because data replication

consists of copying all of the data on multiple devices
for improved accessibility.

Answer (B) is correct. Bulletin board systems

function as a centralized information source and
message switching system for a particular interest
group. Users review and leave messages for other
users, and communicate with other users on the
system at the same time.

Answer (B) is incorrect because data fragmentation

involves distributing data across different locations so
that the fragments from the different locations must be
put together to create the complete file.

Answer (C) is incorrect because, although

fax/modem software can store images of faxes
received, it does not meet the criterion of ease of
access to information on a particular topic.

Answer (C) is incorrect because the snapshot

approach does not involve writing of transactions to
files.

Answer (D) is incorrect because a PBX is a

telecommunications system that routes calls to
particular extensions within an organization.

[238] Source: CIA 1196 III-47

Answer (D) is correct. Snapshot files are created at a

fixed time. Thus, by the time an employee downloads
the data subset, it could be obsolete. Snapshot data
available to download into spreadsheets may contain
old or erroneous information that was later corrected
on the main file system.

[239] Source: CIA 1194 III-21

Answer (A) is incorrect because the cabling that
interconnects the nodes of the LAN is the
telecommunications link.
Answer (B) is correct. A file server is a computer in a
network that operates as a librarian. It stores
programs and data files for users of the LAN and
manages access to them.
Answer (C) is incorrect because a device that

[242] Source: CIA 0596 III-57

Answer (A) is incorrect because EDI transmits
document data, not the actual document.
Answer (B) is correct. Electronic data interchange is
the electronic transfer of documents between
businesses. EDI was developed to enhance
just-in-time (JIT) inventory management. Advantages
include speed, reduction of clerical errors, and
elimination of repetitive clerical tasks and their costs.
Improved business relationships result because of the
mutual benefits conferred by EDI. Accordingly, some
organizations require EDI.
Answer (C) is incorrect because liability for
protection of a trading partner's proprietary business
data is a major risk that must be addressed by the
control structure.

Answer (D) is incorrect because backup and

contingency planning requirements are not diminished
by use of EDI.

[243] Source: CIA 0593 III-38

Answer (A) is correct. EDI is the communication of
electronic documents directly from a computer in one
entity to a computer in another entity. EDI for
business documents between unrelated parties has
the potential to increase the risk of unauthorized
third-party access to systems because more outsiders
will have access to internal systems.

Answer (B) is incorrect because systematic

programming errors are the result of misspecification
of requirements or lack of correspondence between
specifications and programs.
Answer (C) is incorrect because inadequate
knowledge bases are a function of lack of care in
building them.
Answer (D) is incorrect because a benefit of EDI is
to improve the efficiency and effectiveness of system
use.

[246] Source: CIA 1193 III-45

Answer (A) is correct. Before sending or receiving
EDI messages, a company should execute a trading
partner agreement with its customers and suppliers.
All parties should understand their responsibilities, the
messages each will initiate, how they will interpret
messages, the means of authenticating and verifying
the completeness and accuracy of messages, the
moment when the contract between the parties is
effective, the required level of security, etc.
Answer (B) is incorrect because the company may
intend to reduce inventory levels, but that intention is
unrelated to the timing of its first EDI messages.
Answer (C) is incorrect because the company may
want to demand or encourage all its customers and
suppliers to implement EDI capabilities, but that
request is independent of sending and receiving
messages.
Answer (D) is incorrect because it is not possible to
evaluate the effectiveness of EDI transmissions until
after they occur.

[247] Source: CIA 1193 III-46

[244] Source: CIA 1193 III-43
Answer (A) is correct. If the company acknowledges
messages initiated externally, the alleged sender
would have the opportunity to recognize that it had
not sent the message and could notify the company of
the potential forgery. Then corrective action can be
taken by the company.
Answer (B) is incorrect because permitting only
authorized employees to have access to transmission
facilities controls for unauthorized access to the
facilities but would not detect forged EDI messages.

Answer (C) is incorrect because delaying action on

orders until a second order is received for the same
goods defeats the purpose of using EDI, namely,
rapid communication followed by rapid response.
Answer (D) is incorrect because writing all incoming
messages to a write-once/read-many device is a
good practice, but it will not detect forgeries.

[245] Source: CIA 1196 III-59

Answer (A) is incorrect because dedicated phone
lines are not available to agents in the field.
Answer (B) is incorrect because call-back features
are used to authenticate the user but do not otherwise
protect the transmitted data.

Answer (A) is incorrect because the company and its

customers may obtain their EDI-related software
from the same vendor but still have software
incompatibility problems if they do not synchronize
their installation of updated versions.
Answer (B) is correct. EDI entails the exchange of
common business data converted into standard
message formats. Thus, two crucial requirements are
that the participants agree on transaction formats and
that translation software be developed to convert
messages into a form understandable by other
companies. Thus, if one company changes its
software, its trading partners must also do so.
Answer (C) is incorrect because, as business
requirements change, it may not be possible to use
the same software in the same ways indefinitely.
Answer (D) is incorrect because, even if the
company and its customers each write their own
versions, synchronization problems will arise from
updates.

[248] Source: CIA 1195 III-62

Answer (A) is incorrect because VANs normally
provide mailbox services, common communication
interfaces, and logs of transactions.
Answer (B) is incorrect because VANs normally
provide mailbox services, common communication
interfaces, and logs of transactions.

Answer (C) is incorrect because frequent changes of

user IDs and passwords are used to authenticate the
user but do not otherwise protect the transmitted
data.

Answer (C) is incorrect because VANs normally

provide mailbox services, common communication
interfaces, and logs of transactions.

Answer (D) is correct. Encryption of data is a

security procedure in which a program encodes data
prior to transmission and another program decodes
the data after transmission. Encoding is important
when confidential data that can be electronically
monitored are transmitted between geographically
separated locations.

Answer (D) is correct. Companies must purchase

their own software to translate their data to a national
standard protocol for EDI purposes, either ANSI
X.12 in the U.S. or EDIFACT in Europe and most of
the rest of the world. Once the data are in the
standard format, the VAN handles all aspects of the
communication. VANs are privately owned

telecommunications carriers that sell capacity to

outside users. Among other things, a VAN provides
a mailbox service permitting EDI messages to be
sent, sorted, and held until needed in the recipient's
computer system.

[249] Source: CIA 0596 III-59

Answer (D) is incorrect because the cycle time

cannot be reduced below the delivery time of 4 days
with implementation of EDI alone. More efficient
transportation would be required.

[252] Source: CIA 0596 III-64

Answer (A) is incorrect because using a third-party

service provider does not require encryption.

Answer (A) is incorrect because unauthorized access

and activity is a risk specific to EFT.

Answer (B) is incorrect because using a third-party

service provider does not require encryption.

Answer (B) is incorrect because inaccurate

transaction processing (including duplication) is a risk
specific to EFT.

Answer (C) is incorrect because use of

public-switched data networks is not a requirement
of EDI.
Answer (D) is correct. An auditor should review
trading partner agreements and contracts with
third-party service providers. These documents
should contain necessary clauses and appropriately
limit liabilities. Moreover, legal counsel should have
reviewed the agreements or contracts. An auditor
should also determine whether the third-party service
provider's operations and controls have been
independently reviewed (for example, by public
accountants).

[250] Source: CIA 1193 III-49

Answer (A) is correct. If the company gives the
supplier more information about use of the materials,
the supplier may be able to plan its production more
effectively. It could then reduce its inventory of the
materials and its inventory costs, thus permitting it to
charge a lower price.
Answer (B) is incorrect because the company could
demand that the supplier reduce the price of the
materials, but the supplier could then decline to
supply them.
Answer (C) is incorrect because other suppliers may
also charge a high price.
Answer (D) is incorrect because, if the special
materials are needed in the primary product line, it is
unlikely that the company would discontinue that line
before investigating alternatives, e.g., working with
the supplier to help the supplier manage its inventory.

Answer (C) is correct. EFT is a service provided by

financial institutions worldwide that is based on EDI
technology. EFT transaction costs are lower than for
manual systems because documents and human
intervention are eliminated from the transactions
process.
Answer (D) is incorrect because inadequate backup
and recovery capabilities is a risk specific to EFT.

[253] Source: CIA 1196 III-63

Answer (A) is incorrect because improper change
control procedures is a risk common to all
information technology environments. This risk is not
higher than the risk for other systems.
Answer (B) is correct. Unauthorized access to
money transfer activities or data is an inherent and
unique risk of EFT systems. An unauthorized person
may attempt to read, alter, or delete information in
data files or to enter authorized fund transfers. Hence,
in the financial services industry, protection of
confidential customer transactions is especially
important. Moreover, unauthorized transfers subject
a financial institution to a direct risk of serious loss.
Answer (C) is incorrect because insufficient online
edit checks is a risk common to all information
technology environments. This risk is not higher than
the risk for other systems.
Answer (D) is incorrect because inadequate backups
and disaster recovery procedures is a risk common
to all information technology environments. This risk
is not higher than the risk for other systems.

[254] Source: CMA 1289 5-11

[251] Source: CIA 1193 III-50
Answer (A) is incorrect because a cycle time of 21
days does not include reductions possible by using
EDI to eliminate mail time and supplier processing
time.
Answer (B) is incorrect because a cycle time of 18
days does not include reductions possible by using
EDI to eliminate supplier processing time.
Answer (C) is correct. The full implementation of an
EDI system will eliminate the manufacturer's
preparation time for purchase orders, the days in the
mail, and processing by the supplier. The only time
required will be the 4 days for physical delivery. An
EDI system allows for the computer-to-computer
exchange of transaction documents such as purchase
orders, invoices, and shipping documents. It
eliminates the printing and handling of paper by one
party and the input of data by the other.

Answer (A) is incorrect because an internal header

label is not a hardware control.
Answer (B) is incorrect because these are not
hardware controls.
Answer (C) is correct. Hardware controls include
parity checks, echo checks, dual read-write heads,
dual circuitry, diagnostic routines, boundary
protection, interlock, and a file protection ring.
Answer (D) is incorrect because an internal header
label is not a hardware control.

[255] Source: Publisher

Answer (A) is incorrect because a packet filtering
system examines each incoming IP packet.

Answer (B) is incorrect because Kerberos is

encryption and authentication software that uses DES
encryption techniques.
Answer (C) is correct. A proxy server maintains
copies of web pages to be accessed by specified
users. Outsiders are directed there, and more
important information is not available from this access
point.
Answer (D) is incorrect because an authentication
system verifies a user's identity and is often an
application provided by a firewall system, but it is not
a firewall system itself.

small companies to perform activities and provide

services previously only available from larger firms.
The use of expert systems has helped to improve the
quality of customer service in applications such as
maintenance and scheduling by automating them and
making them easy to perform.
Answer (C) is incorrect because expert systems do
best in automating lower-level clerical functions.
Answer (D) is incorrect because expert systems
concern problems with relatively few possible
outcomes that are all known in advance.

[259] Source: CIA 1194 III-41

[256] Source: Publisher
Answer (A) is incorrect because a firewall cannot
adequately protect a system against computer
viruses.
Answer (B) is correct. A firewall is a device that
separates two networks and prevents passage of
specific types of network traffic while maintaining a
connection between the networks. Generally, an
Internet firewall is designed to protect a system from
unauthenticated logins from outside users, although it
may provide several other features as well.
Answer (C) is incorrect because industrial spies need
not leak information through the firewall. A telephone
or floppy disk are much more common means of
sharing confidential information.
Answer (D) is incorrect because a firewall cannot
adequately protect against a Trojan horse (a
program, such as a game, that appears friendly but
that actually contains applications destructive to the
computer system) or any other program that can be
executed in the system by an internal user.

Answer (A) is incorrect because algorithms are

defined procedures used in typical computer
programs.
Answer (B) is incorrect because deterministic
procedures are procedures used in computer
programs that permit no uncertainty in outcomes.
Answer (C) is correct. Knowledge-based (expert)
systems contain a knowledge base for a limited
domain of human expertise and inference procedures
for the solution of problems. They use symbolic
processing based on heuristics rather than algorithms.
A heuristic procedure is an exploratory
problem-solving technique that uses self-education
methods, e.g., the evaluation of feedback, to improve
performance. These systems are often very
interactive and provide explanations of their
problem-solving behavior.
Answer (D) is incorrect because simulations are
computer programs that permit experimentation with
logical and mathematical models.

[260] Source: CIA 1193 III-56

[257] Source: CIA 0591 II-37
Answer (A) is correct. Artificial intelligence and its
subfield, expert systems, have been identified by the
AICPA Future Issues Committee as one of the major
issues the accounting profession will face in the future.
Expert systems attempt to permit a computer to think
and make decisions in a human way. An expert
system is an interactive system that asks a series of
questions and uses knowledge gained from a human
expert to analyze answers and come to a decision,
that is, to exercise judgment. They were originally
developed to make decisions in areas that did not
have enough human experts to make decisions. Some
of the earliest expert systems were used by doctors
to diagnose diseases.
Answer (B) is incorrect because expert systems do
not require outside consultants.
Answer (C) is incorrect because hardware does not
make judgment decisions.
Answer (D) is incorrect because automation of
routine tasks is not the purpose of expert systems.

[258] Source: CIA 1196 III-68

Answer (A) is incorrect because expert systems
codify and apply existing knowledge, but they do not
create knowledge that is lacking.
Answer (B) is correct. Expert systems allow even

Answer (A) is incorrect because traditional

programs, e.g., in COBOL, have sequential control
structures; expert systems do not.
Answer (B) is incorrect because traditional programs,
not expert systems, have distinct input/output
variables.

Answer (C) is correct. An expert system relies on a

computer's ability to make decisions in a human way.
There are six components to the expert system:
knowledge base, domain database, database
management system, inference engine, user interface,
and knowledge acquisition facility. The knowledge
base contains the rules used when making decisions.
Answer (D) is incorrect because traditional
programs, not expert systems, have passive data
elements.

[261] Source: CIA 1196 III-69

Answer (A) is incorrect because assigning airport
gates to arriving airline flights requires an expert
system that uses precise data for quick and consistent
decisions.
Answer (B) is incorrect because neural networks
provide the technology to undertake sophisticated
forecasting and analysis. They emulate the processing
patterns of the brain and therefore can learn from

experience.
Answer (C) is correct. Fuzzy logic is a superset of
conventional (Boolean) logic that has been extended
to handle the concept of partial truth. Because they
use nonspecific terms (membership functions)
characterized by well-defined imprecision, fuzzy logic
systems can create rules to address problems with
many solutions. Fuzzy logic can be used when values
are approximate or subject and data are incomplete
or ambiguous. These systems have been applied
successfully to applications such as ventilating
expressway tunnels, backing a tractor-trailer into a
parking space, reducing power usage in an air
conditioner, selecting companies for business
combinations, or detecting fraud in medical insurance
claims.
Answer (D) is incorrect because diagnosing problems
with computer hardware requires an expert system.

[262] Source: CMA Samp Q.4-10

Answer (A) is incorrect because completeness errors
will be detected. The sum will be different if such
errors occur.

Answer (B) is incorrect because transcription errors

will be detected. The sum will be different if such
errors occur.
Answer (C) is correct. Self-checking digits may be
used to detect incorrect identification numbers. The
digit is generated by applying an algorithm to the ID
number. During the input process, the check digit is
recomputed by applying the same algorithm to the
code actually entered. If the check digit is merely a
sum, transposition errors will not be detected
because the sum will be unaffected.
Answer (D) is incorrect because validity errors will
be detected. The sum will be different if such errors
occur.

[263] Source: CMA Samp Q4-11

Answer (A) is incorrect because dubious transactions
can be immediately identified and reported to the
auditor (rather than the user) for review and
investigation, without waiting for the scheduled audit.
Answer (B) is incorrect because embedded audit
modules and the like compensate for the loss of the
traditional paper audit trail.
Answer (C) is incorrect because dubious transactions
can be immediately identified and reported to the
auditor (rather than the user) for review and
investigation, without waiting for the scheduled audit.
Answer (D) is correct. The primary use of
generalized audit software (GAS) is to select and
summarize a client's records for additional testing.
These packages permit the auditor to audit through
the computer; to extract, compare, analyze, and
summarize data; and to generate output for use in the
audit. They allow the auditor to exploit the computer
to examine many more records than otherwise
possible with far greater speed and accuracy. Hence,
GAS facilitates analysis of all sources of potential
error. However, concurrent auditing techniques are
not included because they must be incorporated into
the client's systems. For example, embedded audit
data collection is a transaction selection approach

incorporated within the regular production programs

to routinely extract transactions meeting certain
criteria for further testing. In effect, it provides a
window through which the auditor can access the
process.

[264] Source: CPA 1195 F-11

Answer (A) is incorrect because the lease is a capital
lease if the lessee has the right to substantially all of
the remaining use of the property. Transfer by the
lessee of ownership risks is not characteristic of a
capital lease.
Answer (B) is correct. In a sale-leaseback
transaction, if the lease qualifies as a capital lease, the
gain or loss on the sale is normally deferred and
amortized by the seller-lessee in proportion to the
amortization of the leased asset. Retention of
substantially all the remaining use of the property is a
characteristic of a capital lease. However, the lease is
not a capital lease if it transfers substantially all the
risks of ownership.
Answer (C) is incorrect because the lease is a capital
lease if the lessee has the right to substantially all of
the remaining use of the property. Transfer by the
lessee of ownership risks is not characteristic of a
capital lease.
Answer (D) is incorrect because the lease is a capital
lease if the lessee has the right to substantially all of
the remaining use of the property. Transfer by the
lessee of ownership risks is not characteristic of a
capital lease.